Antivirus XP 2008

I’ve been noticing e-mails going to my spam box that are titled, “CNN.com Daily Top 10″ which kind of confused me at first since I read most news websites and blogs through Google Reader. I opened the e-mail and noticed that all of the news links go to a ck-deautomobile.de domain. I figured it was a new method of phishing or installing some sort of malware and disregarded it.

Not too long after I noticed it, I get a phone call from someone saying that a pop-up just popped up saying they have 547 viruses. Knowing their computer habits, I seriously doubted that. When I showed up to check things out, there was an icon in the system tray for Antivirus XP 2008. It also changed the desktop background to display a message that “Spyware has been detected on your system!” while disabling the option in the display settings to change your desktop and screensaver.

After going around on the internet, I found a forum on CNET’s site that listed how to get rid of it. Since a lot of the threads on that forum showed a few different ways to remove it, I decided that I’ll post the method that allowed me to remove it. Here it goes.

First, we’ll need to remove it from start up and delete the folders it originates in. Click on the “Start Menu” and choose “Run…”. Type in “msconfig” and hit enter. This should bring up the System Configuration Utility. Go to the Startup tab and uncheck the box for lphc35dj0e1an and rhc75dj0e1an. Click Apply and then Okay. It may ask you to restart your computer, click Ok.

Once your computer reboots, we have to get rid of the files that are causing all of this trouble. Delete the file “C:\windows\system32\lphc35dj0e1an.exe” and delete the folder and all of it’s contents in “C:\program files\rhc75dj0e1an”.

That should take care of the problem with the pop-up in the system tray and the program doing anything malicious. The next thing we need to do is restore your access to the Display Settings. Click on your Start Menu and click on Run… and go type in “gpedit.msc” to open up the Group Policy editor.

Under “User Configuration” expand Administrative Templates then Control Panel then click on Display. You’ll need to go into the properties and choose “disable” for the following:

• Remove Display in Control Panel
• Hide Desktop tab
• Prevent changing wallpaper
• Hide Appearance and Themes tab
• Hide Settings tab
• Hide Screen Saver tab

Once you’ve disabled all of those, you should be able to change your wallpaper.

Also, here’s the link to the forum that had some helpful hints.