This is cache of http://www.bleepingcomputer.com/malware-removal/remove-cnn-daily-top-10. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
CNN.com Daily Top 10 Removal Guide (Uninstall Instructions)
2008-08-06 13:18:20 by Grinler in Spyware and Malware Removal Guides
 

CNN.com Daily Top 10 Removal Guide (Uninstall Instructions)

Posted by Grinler on Wed, 06 Aug 2008 13:18:20 EDT · Views: 46

 

What this programs does:

If you use e-mail, then you know that SPAM has become an epidemic in recent years. The problem with SPAM these days is that the creators make the e-mails look so legitimate that often a user receiving the e-mail won't know it is actually SPAM until it is too late. This is shown with a new SPAM being sent with the subject of CNN.com Daily Top 10. The CNN.com Daily Top 10 SPAM pretends to be a legitimate e-mail from CNN where they link to the Daily Top 10 stories. In reality, though, none of the components of this SPAM/Malware infection are related to CNN at all. Instead, when you click on any of these links, you will be taken to a site and be presented with a screen stating that your Flash player is the incorrect version and that your browser cannot display the site without you downloading the newer version first. It will then prompt you to download the get_flash_update.exe file, which is actually a Trojan. The get_flash_update.exe is detectable by most anti-malware companies as the following names:

 

Vendor
Detected Name
Vendor
Detected Name
McAfee BackDoor-DNM Avast Win32:Trojan-gen {Other}
Microsoft TrojanDropper:Win32/Nuwar AVG I-Worm/Nuwar.W
Panda Trj/Exchanger.T
 BitDefender Trojan.Peed.JQP
Sophos Mal/TibsPak DrWeb Trojan.DownLoad.3252
Symantec Trojan.Erotpics F-Prot W32/Downldr2.DBQX
TrendMicro TROJ_RENOS.AFT Kaspersky

Trojan-Downloader.Win32.Agent.ytu

 

If the get_flash_update.exe file is downloaded and installed on your computer, it will proceed to download further malware that are set to start on your computer automatically when you reboot. When the whole infection process is complete, you will notice a variety of changes have occurred. The first change you will notice is that your Windows desktop background has been changed to a warning stating that Spyware was detected on your computer. Next, your screen saver will be changed to use SysInternals BlueScreen Screen Saver, which when running, emulates your operating system crashing into a blue screen of death. Some of the messages that will appear on this blue screen are:

PAGE_FAULT_IN_NONPAGED_AREA
PANIC_STACK_SWITCH
MAXIMUM_WAIT_OBJECTS_EXCEEDED
NO_MORE_IRP_STACK_LOCATIONS
BAD_POOL_HEADER
IRQL_NOT_LESS_OR_EQUAL
KMODE_EXCEPTION_NOT_HANDLED
BOGUS_DRIVER
SYSINTERNALS_GREAT_SITE
UNEXPECTED_KERNEL_MODE_TRAP

Though the screen saver will make it appear that your computer has crashed, and even make it look like your computer is rebooting, in reality it still is only a screen saver. Simply press the space bar and you will go right back to your desktop. The malware will also disable your ability to change your desktop or screen saver by modifying the Windows Registry so that the tabs to change these settings are not visible. Last, but not least, the CNN Daily Top 10 malware will also download and install a rogue anti-spyware program onto your computer. Currently the rogue being installed is one called Antivirus XP 2008. This program will automatically run and scan your computer. When done, it will display a variety of false risks on your computer that cannot be removed unless you first purchase the software. Please do not buy this software, but rather use the guide below to remove all of the malware installed by this SPAM.

This guide will walk you through removing the CNN.com Daily Top 10 malware pack .

 

Threat Classification:

 

Add/Remove Programs control panel entry:

AntivirXP08

 

Tools Needed for this fix:

 

Symptoms that may be in a HijackThis Log:

Some of these entries are random:

O4 - HKLM\..\Run: [lphcjkrj0etfg] C:\WINDOWS\system32\lphcjkrj0etfg.exe
O4 - HKLM\..\Run: [SMrhcnkrj0etfg] C:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe

 

Guide Updates:

08/06/08 - Initial guide creation.

 

 

Automated Removal Instructions for CNN.com Daily Top 10 using Malwarebytes' Anti-Malware:

 

  1. Print out these instructions as we will need to close every window that is open later in the fix.

  2. Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

    Malwarebytes' Anti-Malware Download Link


  3. Once downloaded, close all programs and Windows on your computer, including this one.

  4. Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.

  5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.

  6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.


    MalwareBytes Anti-Malware Screen

  7. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for CNN.com Daily Top 10 related files.

  8. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.


    MalwareBytes Anti-Malware Scanning Screen

  9. When the scan is finished a message box will appear as shown in the image below.


    MalwareBytes Anti-Malware Scan Finished Screen

    You should click on the OK button to close the message box and continue with the CNN.com Daily Top Ten removal process.

  10. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

  11. A screen displaying all the malware that the program found will be shown as seen in the image below.


    MalwareBytes Scan Results


    You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.

  12. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.

  13. You can now exit the MBAM program.

  14. Now that MBAM has removed the Malware, we need to restore some of your settings back to their defaults and clean up some extra items. The first thing we are going to do is delete the rogue anti-spyware icons left in your Start Menu. To do this click on the Start button and then right-click on each of the Antivirus XP 2008 icons and select the Remove from This List option. Once you have removed the two icons, please continue with the next step.

  15. Right-click on an empty portion of your desktop and left-click on the Properties menu option.

  16. You should now be in your display properties at the Theme tab. In the Theme: drop down menu, select the Windows XP theme. Once selected, click on the Apply button and then the OK button. This will reset your desktop colors and background back to the original Windows XP defaults.

  17. At this point you can customize your computer's display settings as you desire.

Your computer should now be free of the CNN.com Daily Top Ten program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

 

 

Associated CNN.com Daily Top 10 Files:

Some of these entries are random:

c:\Program Files\rhcnkrj0etfg
c:\Program Files\rhcnkrj0etfg\database.dat
c:\Program Files\rhcnkrj0etfg\license.txt
c:\Program Files\rhcnkrj0etfg\MFC71.dll
c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
c:\Program Files\rhcnkrj0etfg\msvcp71.dll
c:\Program Files\rhcnkrj0etfg\msvcr71.dll
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local
c:\Program Files\rhcnkrj0etfg\Uninstall.exe
c:\WINDOWS\system32\blphcjkrj0etfg.scr
c:\WINDOWS\system32\CbEvtSvc.exe
c:\WINDOWS\system32\lphcjkrj0etfg.exe
c:\WINDOWS\system32\phcjkrj0etfg.bmp
c:\WINDOWS\system32\pphcjkrj0etfg.exe
c:\WINDOWS\system32\drivers\54c70b2e.sys
c:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Packages

 

Associated CNN.com Daily Top 10 Windows Registry Information:

Some of these entries are random:

HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen Saver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\54c70b2e
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54c70b2e
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispBackgroundPage"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispScrSavPage"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "lphcjkrj0etfg"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"

 

 
Tags: daily top, malware, anti-malware companies, anti-malware, rogue, rogue anti-spyware program, cnn daily top, cnn, log
 
 
 
 
 


SPONSORED LINKS
Your Ad Here

BROWSE CATEGORIES Expand / MinimizeClose Widget
RELATED VIDEO
Expand / Minimize