Here is another nasty virus I came across

It's called the Zlob, Rogue or Antivirus XP 2008



How it started:

User wanted to get a new anti-virus program so they decided to down load a free one called Antivirus XP 2008. We'll it wasn't free and it turned out to be a virus that acted like an anti virus program but did just the opposite.



At first it would claim to have found all these viruses on your PC. When you tried to clean them, a pop up window came up saying you had to pay $49.95 or was it $39.95 (can't remember now) in order to clean off the viruses. After a while it got worse and it even put up a picture as their wall paper that looked like a website page asking you to click on something, but it was just a wall paper picture. As they rebooted the PC a few times, it then attached it self to the boot sector. After about 2 or 3 reboots, all they were getting was the "Blue Screen of Death" (BSOD) with a stop code of 0x0000008e. Here is what it looked like: here.



Once you get to the BSOD you could mess around with the boot files but it's way too risky and I won't even get into the details since you could lose all your data if you do something wrong. The other way is by removing the infected hard drive (HD) and installing it on a PC as a slave drive. Make sure that you have a good and fully working anti virus program installed. You will have to change your jumper settings on the HD or both. Another way is get yourself a kit that lets you attach an external HD to your system through your USB or parallel port. Again way too much info here to help with. You just have to do your research on how you would like to tackle it. If you don't have anything important on your HD, formatting and starting over would be your easiest solution.



Step 1: Once you get your HD booting as a slave drive on another system, run your anti virus program to clean the infected drive. If you have a file on the infected drive called C:\hiberfil.sys, delete it. Once it's clean you can reinstall it into your original system. Don't forget to change your jumpers back if you had to move them.


Step 2: It should boot into windows again. It's best to go into safe mode first (hitting the F8 key during boot up and pick safe mode). Once in windows click on "Start", "control panel" and then "Add and remove programs". Uninstall a program called "antivirxp08".


Step 3: Go into task manager by hitting your Ctrl, Alt and Delete key at the same time. Once in the task manager click on the tab called "Processes" and end the task called lphccg9j0cg6j and smrhc9g9j0eg6j and if you have any other files that look similar to those 2 files.


Step 4: Follow the steps on this website:


The antivirxp08.exe program will create random file and directory names, I listed a few below to give you an idea what to look for. Most files were under a directory called C:\program files\rhc9g9j0eg6j and C:\windows\system32:







One last step: Get a good known anti virus program....if it's free it's no good.


