Key Files
1. rhcc4fj0ev65
2. rhcc4fj0ev65.exe
|
|
ROGUE ANTI-SPYWARE REMOVAL RESEARCH
|
ANTIVIRUS XP 2008
Continued from Page 1
Target: rhcc4fj0ev65
Altho the "Core File Name" has been "randomly generated" once created the name "sequence" is used consistantly throughout the system.
One of the First things you may want to try is "System Restore".
Start>All Programs>Accessories>System Tools>System Restore>
CLICK ON: Restore my computer to an earlier time
CLICK ON: Date (on Calendar "BEFORE" your PC got infected)
Follow Prompts -- and if it works --
YOU GOT OFF VERY VERY EASY!!!
Most likely it will not work -- This software attacks the Hidden "System Volume Information"file
and corrupts the "System Restore" function and places it's infected files in the System Restore Volume
because most Antivirus Software cannot remove or clean the System Restore Folder.
See the Microsoft Knowledge Base article,
"Antivirus Tools Cannot Clean Infected Files in the Restore Folder," Article ID: Q263455.
You can also try to impliment "System Restore" in "Safe Mode" and if it works GREAT!!
But "most likely" not only will this not work but also "MSCONFIG" and REGEDIT will be blocked
and in some cases "Display Properties" will be altered "Removing" the "Desktop" and "Screen Saver" Tabs
leaving only the "Themes", "Appearance" and "Settings" Tabs.
This is done so that the program can "Hijack" your "Desktop" background and replace it with a big sign
that says your system is infected with Spyware and the "Tab Hijacking "BLOCKS" you from changing
the Background to anything else.
To save time you can try "System Restore" in "Safe Mode" and if that doesn't work --
TURN OFF SYSTEM RESTORE !!!
This will effectively wipeout the SYSTEM RESTORE FOLDER along with the infected files hidden in it.
Later a FRESH Restore Folder can be created after the system is CLEAN (simply by turning SR back on).
GO TO "SAFE MODE":
(On Reboot "after a few seconds" Hit F8 -- Choose "Safe Mode").
Reveal all hidden Files:
Start>My Computer>Tools>Folder Options>View>
CHECK: Show Hidden Files and Folders UNCHECK: Hide Extentions for known file types
**********************************************************************
Before we proceed any further... (Data Backup WARNING!!!)
you must (or should have already a) back up all important Data on your system
(Doc files, *.rtf, *.pdf, *.jpg, or what ever files and/or folders are important to you)
You should have a "BACKUP RESTORE CD" (and all necessary DRIVERS) and Copies of (on CD or DVD) any Applicatons that you want put back on your system.
It is YOUR responsiblity to "BACKUP YOUR DATA" and we are NOT responsible for any Data Loss!!
You should also backup your "REGISTRY" (Type in Yahoo or Google "How to backup the Registry")
Unfortunately a sizeable number of people DONOT have their Data backed up nor do they have a "System Restore CD".
If you are in that situation and/or if you are "uncomfortable" Deleting Files and Registry Entries Tech Support is
available from online experts who use an "Analysis Tool" called "Hijack This".
They will guide you step by step through the more difficult processes.
Go to the excellent "SPYWARE WARRIOR" Website CLICK HERE.
SPYWARE WARRIOR is a HIGHLY Respected Website/Group and a leading force in the Online Tech Community.
**********************************************************************
Now with that said let us proceed...
(Recommended Skill Level: Power User or higher)
System Search: "rhcc" (Donot use Quotation Marks " " in your Search).
Start>Search>All Files and Folders>More Advanced Options>
CHECK: Search hidden files and folders
(Scroll up to) All or part of file name:
(Type in) rhcc
Delete all "rhcc..." files found.
*********************************************
NOTE
There are NO I repeat NO "rhcc..." files in a "Healthy" Windows 98, XP, or Vista system "period".
To Check -- Go To ANY "NON-INFECTED" Windows PC and do a "Search" for (Type in) rhcc (and be sure to include "Hidden" and "System Files") and your Search Results will turn up "No items match your search".
Call any friend or relative and have them do a "Search" for (Type in) rhcc and they will come up with the same result.
("No items match your search").
Example of an rhcc file:
rhcc4fj0ev65.exe
*********************************************
Now with that said let us proceed...
System Search: "0ev65"
CLICK HERE to GoTo Page 3 ...
|
