Key Files
1. rhcc4fj0ev65
2. rhcc4fj0ev65.exe
|
|
ROGUE ANTI-SPYWARE REMOVAL RESEARCH
|
ANTIVIRUS XP 2008
Continued from Page 2
Now with that said let us proceed...
System Search: "0ev65"
Delete all "0ev65..." files found.
Example of a 0ev65 file:
rhcc4fj0ev65.exe
Go to:
Start>Run> (Type in) regedit
CLICK ON: Edit>Find> (Type in) rhcc
CLICK ON: Find Next
The first thing to come up (on Win98 is "Finished Searching through registry" -- If it's not infected).
On XP (infected or not) will be (000 ... REG_SZ ... rhcc)
My Computer\HKEY_USERS\.......\Search Assistant\....
This simply shows the keys you entered for the Search.
Click Continue or Hit the F3 Key (F3 Key is easier)
(same rule applies for the Registry ...There should be NO rhcc files "period".
But in your infected Registry there will be "well over" 1/2 a dozen.
NOTE --
DONOT DELETE ANY KEYS (or entries or FOLDERS) ABOVE THE INFECTED ITEM !!
This means if the infected entry is "IN" a folder Delete the infected entry NOT the Folder it is in!!
If it "is" an infected Folder (rhcc...) Delete that folder BUT NOT the Folder IT is in!!
This is pretty straight forward --
but BE CAREFUL -- THE REGISTRY IS UNFORGIVING !! (There is no UNDO button).
Delete All "rhcc" entries
RIGHT CLICK on the "highlighted" Entry
CHOICES: Modify - Modify Binary Data - Delete - Rename
CLICK ON: DELETE
Delete the "0ev65" item (entry or Key)
Delete the "AntivirXP" item (entry or Key)
Fix any Damage to "Display Properties"
(Now This is a Really Sweet Fix!!)
In Registry -- CLICK ON:
My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Policies\system
Inside the "system" Folder:
Name: (Default) Type: REG_SZ Data: (value not set)
Name: NoDispBackgroundPage Type: REG_DWORD Data: 0x00000001
Name: NoDispScrSavPage Type: REG_DWORD Data: 0x00000001
RIGHT CLICK ON: NoDispBackgroundPage "DELETE" entry
(No Display Background Page) (which "Removes" the "Desktop" Tab in "Display Properties")
RIGHT CLICK ON: NoDispScrSavPage "DELETE" entry
(No Display Screen Saver Page) (which "Removes" the "Screen Saver" Tab in "Display Properties")
By Deleting these Registry Entries the "Desktop" and "Screen Saver" Tabs will be immediately restored.
Also "at present" it appears that NO Spyware Remover will fix this problem, I personally downloaded
a program called "Virus_Effect_Remover" but I possibly had a bad download because it didn't Load.
For the final cleanup:
1. Re-Boot (Check for any sign of Spyware activity)
2. Don't go online YET -- (Install Anti-Malware Tools)
3. Recommendations: I Love "AVG Antivirus" and I have used "SuperAntiSpyware" for over a year...
BUT ------------
I am sad to say both fell "very short" against this "Antivirus XP 2008" and some other "Trojans".
After intense Research and searching the TWO Best that have worked for me are...
AVAST! ANTIVIRUS ---- (Cost = Free)
and
SpyHunter 3 ---- (Scanner Only) (Cost = Free)
These Tools did outstandingly and out performed my "old favorites"
(Can't become "Emotionally Attached" to Malware Tools -- they have to Re-Make the "GRADE
every 6 months or so).
They both get the Olympic Gold Metal in this competition.
I am watching SpyHunter like a hawk though -- It tried change my browser Home page a few times
but I got it to back off and it has a heavy presence at Boot up (Big Display that you have to Manually Close)
and it seemed to "Meddle" with AVGs Files and disrupt them.
But it's performance at finding Malware (Spyware Componets and Trojans) was outstanding.
It gave the correct "PATH" to every malware component (so that I could manually remove them) and
it gave almost NO false positives when I installed it on several different "Virgin Systems" (Freshly Formatted)
Units with Newly installed O/S never exposed to the outside world.
AVAST impressed me because it found some infected files in the System Restore on one customers Unit
when I forgot to turn off the System Restore.
And AVAST not only finds malware agents it REMOVES THEM.
So ounce you install AVAST and SpyHunter you should be good to go online
So that's it --- that should do it -- Any Questions --- You have my Phone Number, Email Address and Fax.
Yours Truly
Henry L. Tillman (ITEC)
Internet Technology Expert Consultant
Phn: (773) 886-2446
Fax: (773) 224-7958
Main Site: www.hltillman.com
E-mail: hltillman@hltillman.com
Back to Page 2
Back To
Home Page
|
|
|
