We want to alert the BU family members and visitors that the Anti virus XP 2008 is back; it affected us last weekend.  Thanks to Malwarebytes’ Anti-Malware. We were able to safely remove Anti virus XP 2008 without loosing any files.

“Antivirus XP 2008 is back, unfortunately. It’s not an anti virus app, but a cleverly disguised rogue security application that tries to get you to buy the non-existent “security” it’s selling. Advertised using the common tricks of Trojans and faux security alerts, this nasty piece of malware can take over your desktop settings to mimic safe mode, display fake virus detections, and opens a faux Internet Explorer window stating that Google has detected a malware infection.

Yeah, Google.

Apparently, though, the virus is now being spread in more insidious ways, and numerous people who claim safe browsing habits and up-to-date security definitions are being infected–including two of my friends.

In helping them remove it, I discovered an excellent post on the CNET Forums that explained a detailed and accurate method of removal. I’ve retyped it below with more detail in case you’re not able to get to the forums. It’s not particularly complicated, but if you’re not comfortable with advanced settings, I’d recommend proceeding cautiously or get a friend to help.

A warning before we begin: do not boot your computer into safe mode. Leave it running as you normally would. I tried restarting into safe mode, and the malware was prepared for that–its folders and files became undetectable.

First, in the Start menu, click on Run. If you can’t find the Run option, hit WIN+R. (That’s the key with the Windows icon on it.)

Type in msconfig, and go to the Startup tab. You’re looking for two files. One begins with the string of letters “lph,” and the second begins with “rhc”. The examples provided are longer strings, “lphc35dj0e1an” and “rhc75dj0e1an”, but after the first three letters, the strings are known to change on different computers. Uncheck the boxes next to both of them, then click on Apply and OK or Close at the bottom of the window.

Restart your computer normally. You’ll notice that the background hasn’t changed. To restore your desktop settings, you’ll need to go to Start > Run again, or Win+R. This time, type in Gpedit.msc. On the left nav, look for User Configuration near the middle. Navigate through Administrative Templates, then Control Panel, and finally Display. When you click on display, you’ll see a list of options open in the central pane. Right click on “Remove Display in Control Panel,” and click “Properties.” Then choose “Disabled.”

Repeat those same steps for the following attributes: Hide Desktop, Prevent changing wallpaper, Hide Appearance and Themes, Hide Settings, and Hide Screen Saver. Change all to “Disabled,” then hit Apply, OK, and restart your computer.

You will still see the Antivirus XP 2008 desktop “theme”, but now you can change it. Anywhere on your desktop, right-click and select properties. The first tab that opens should allow you to change your theme. If you also suffer from massive icons, use the last tab on the right, Settings. In the middle of that tab’s window you’ll see a Screen Resolution option, most likely set to 800×600. Move the slider to the left to choose a more aesthetically appealing resolution.

Source: downloads.com – cNet, by Seth Rosenblatt.