Lyonspugs and Comptekcs have provided the best solution. Simply follow each step. My machine is clean now. Thanks, this worked for me for my desktop display. I got the the tabs back on my properties display. I do have some other problems though. For some reason, I don't have the option to set my desktop. The only background option I have is the color. I think the "theme" tab has control of the background and I'd like to get rid of it and just select my own pictures for the background.
Do you know how to do this? Also, since I removed the antivirus, I can no longer print anything off the internet and I don't get any sound from anything on the internet. Does anyone know how to fix these problems? The Blue screen of death and restart windows is a screen saver, NOT real I recommend just pressing space bar and it vanishes back to ur desktop :-P I just woke up and saw that thinking same thing I realized what had happened Malware Bytes really does work.
Thanks a bunch! I agree with most of the frustration expressed with the spyware and virus vendors and their inability to track this stuff. There are a few basic files I found which constitute the files you need to look for on your hard drive. The registry should help you find the locations of these files. The are blphcl35j0elag. So to cut to the quick open your registry and from the top - the my computer icon - search for elag notice that the 2 files i pointed out here share elag in their name.
If all goes right you should find these files in registry keys that address wallpaper, screen savers etc. You remove the file names by modifying the keys that contain these files and erasing references to scr's bmp's jpg's and exe's.
After doing this close the registry and go into windows explorer. Go to the top of the C drive and search all files and folders for elag. You should bump into some of these in your windows, system32 and the prefetch area of windows. You can move these files into their own directory for safekeeping. I would go to that directory and rename the file to something else. So that is about it.
You should be able to restart your system and operate just fine. Oh one more thing. The designer of this virus likes to hide the desktop tabs and screensaver tabs in your desktop properties area. You may need to go to your registery and change the values of the keys that control these areas. This will restore the tabs in your desktop properties area allowing you to select new wallpaper, or at least get rid of theirs.
Wonder why Norton, Trendmicro, Windows Defender and host of ridiculous trojan scanners couldn't find this stuff. This particular rogue software Antivirus xp is way more sophisticated than that. Trust me I am still working on fixing it.
I tried going to "msconfig" and unchecked the two items "rhcnbfj0ecaa" in my case, and it still didn't remove it or stop it from starting.
My only problem now is Count how many files you send to the recycling bin and then check them off when you empty it. I copied it from another XP computer after I had done the cleanup, which was, as you know, quite a task. Took me two hours and a second computer to do the job. First of all, I went to a website link for watching TV shows online and it's splash screen came up claiming I had an infection, then popped up it's program screen asking if you want to install, I moused over the screen and never clicked on anything and it took off and installed itself!
Next I tried shutting it down by right-clicking the systray icon it threw there and wouldn't let me get to an exit selection. It also wouldn't let me shut it down in the Task Manager. Tried System Restore to go back and it would not allow you to click on any previous dates.
When I tried to Google the problem to find out how to fix it, surprise, surprise their site came up as the solution several times at the top of the Google Search results. I scroll down, to find a legitimate site that seems to know what the solution is click on it, and I'm redirected to their site!!! By this time I am more than angry and have to walk away from my laptop before I throw it!! At this point, although I tried disabling my network connection to stop this communcation with this site, I couldn't, it would disable, but then it would enable and connect again!!!
So, I had to pull the wireless card from my laptop and stopped the internet connection. Then I had problems booting into safe mode, numerous BSODs , had to boot from a Windows CD, but eventually Windows came up, I was able to find the suspected program under Program Files , and delete a few registry entries from instructions I got on the web and I was able to run Malwarebytes' Anti-Malware from my flash drive after downloading it from another computer.
Alas, I had my system back Needed to rant about this and I'm still posting and reporting every chance I get, cause enough is enough!!!!!! I fix network and computer problems for a living and pride myself on running a clean, efficient,optimized system of my own, so this has left me seething!!
Thank you to malwarebytes. I tried everything to get rid of it. Norton helped somewhat. After Norton I ran Malware.
Seems to have done the trick so far I totally agree. I got this virus a couple of weeks ago, and even though I have Norton anti-virus on my PC, it only managed to remove part of it, and loads of "traces" still remained in my Registry.
I found this Forum through a Google search from my PC at work, installed Malwarebytes, and the thing was fixed in minutes. Now everytime my computer goes idle it gives me all these errors and says windows is shutting down did you have this issue? I can't f3 out exit, hit enter to format or hit R to repair.
Can anyone tell me how to get my internet capabilities back? I got this virus a couple weeks ago and I think I'm rid of it. However, now I can't get any sound or print anything from the internet.
Any ideas on how to fix this? I can't get on the internet without it constantly taking me to fake anti-virus sites and when I go to my start menu, everything is gone, like my documents, my computer, control panel, nothing is in there. So I'm not even sure how to even download the Malware Bytes so I can scan my pc to get rid of it. EDIT: Ok Did the scan, and it found like infected files, so I quarentined them, rebooted, scanned my computer again, then it only found around 25 infected files, quarentined infected files, rebooted.
Everything is now working like a champ. This is the only way to go, I wouldn't even try messing with the manual removal or any of those that say disable this and do that, none of those worked for me, and will only have you jacking around with you pc and getting really mad at it. My Granddaughters computer was also infected with the Antivirus XP We thought it was removed, but like yours, it continues to restart. Did you have success in resolving this issue, and if so, what did you do?
I would certainly appreciated a response. If you have this virus it typically does not restart the computer. Rather, they created a screen saver that impresonates a blue screen then provides a video of the initial startup screen for XP. If you do, you have the Antivirus xp I couldn't agree more - however, be aware that any OEM software that you have, like Office and above requires activation. You may only activate this once and as such it can cause additional unwanted expense.
Just be aware of this and think carefully before taking this course of action. ALWAYS back your data up before doing this as the software is cheap compared to the heartache of lost photographs etc. Make sure that your data is Virus scanned on a separate machine before re-introducing it to the clinical new environment. Can you get Google up? If so, search for malwarebytes - you must be able to download it from somewhere.
The same applies for HijackThis. Both are invaluable tools for removing infections. I need help. I did a windows update express upload and noe i have this antivirus mess on my pc and i have windows defender that says i have a trojan downloader. It will scan the Windows files installed on your PC to make sure that they are Microsoft files. If they are not, SFC will replace the corrupted file. One problem with manufacturers, is that many of them now have a hidden partition on the hard disk which will allow you to do a "Full System Restore" back to how the machine left the factory.
What a wonderful world we live in. If any of the Windows files have been corrupted due to a 'malware' attack, this should fix the infected file s. Download MalwareBytes in the first instance, install and run it. That should solve most of the problems. The state of Delaware or the United Kingdom etc. Save your money. The joy of the net!!! There should be an international cybercrime unit but it all comes down to common sense I'm afraid. There is no such thing as a free lunch and offers that are too good to be true always lead to grief.
All that we can do as techs is to pass the word around as best we can. If you paid with a credit card, contact the Credit card company and file a fraud report, you probably wont get your money back but at least you help other people not get stung.
I wasn't so sure though there for awhile, but I rebooted, like you said, and it worked, Mucho Grassyass mi amigo! Task Manager says process malb-setup. So how do I run the program? I've run all the manual steps to remove program files, dirs and reg-key entries, but it must have matasticized since the last advice. Whereas the AntivirusPro process isn't running in the task bar, the system tray icon is still there yelling at me and IE can't download things or visit some web pages. Any help would be greatly appreciated.
Start your machine in Safe Mode with Networking, by pressing F8 before you get the Windows logo displayed on your screen. Make sure that Malware Bytes is on the desktop and you should then be able to run it from there. If you can, stop all non essential services Hide Microsoft Services - and get rid of everything there by unticking the boxes and remove everything from your startup tab. Reboot then and see if you can get MalwareBytes to work. When the system is up, just type explorer and press enter.
You now have a machine with the absolute minimum loaded. Failing that I'll have a hunt around for another cleaner and post a link here tomorrow. This may help your problem but I'll still look for another generic cleaner which may help. You can also take the drive out of the machine and scan it in another machine as a secondary drive or even better an external USB. What abbout safe mode command prompt?
You can start most things from there. If you have been too agressive with deleting important registry entries, you may well be up the proverbial stream.
If you have only moved files - take teh drive out and put it into another machine and move the files back. Just as an idea OK, safe mode with command prompt did the trick, was able to click on my icon and log on.
I may have left out a file or two, but these are the files I remember having moved to quarantine, then back again:. The problems persist: can't run various anti-malware programs; IE nonsense pages, can't display help forum pages and other IE problems; can't restore from a restore point, etc.
The full scan seems to hang after about 7 min. Ok, lots of files here and I don't have the time to look each one up. The easiest way is to just Google each filename. You will find out which are rogues and which are real Windows files.
Look it up on Google and make sure that you download it from Trend's web site. When you run it, make sure that in O20 you only have your AV product starting.
Make sure that all the other entries are valid files. If they are not, put a click in the box to the left and when you have gone through the whole list, click on the Fix button at the bottom. Go into Control Panel, open you internet options and select the Advanced Tab. Click on the Reset button at the bottom. Click on OK when it has completed. Start your Malwarebytes scan again and let it run. If there are loads of Temp IE files, it does take quite some time.
It should be quicker now. When you have removed the infections, reboot and check out the damage that has been done or is the system usable? At this stage it may we worth trying a Repair installation form your OS install disk if things are not behaving themselves.
When i got this virus i thought darn Office Office Exchange Server. Not an IT pro? Sign in. United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Asked by:. Archived Forums. Sign in to vote. Friday, August 1, AM. Hi, This is the Operating System issue rather than Exchange. Monday, August 4, AM. The easy way to remove Antivirus XP and repair system windows XP ,is to stop the program from loading!
Go to click Start,Run Type msconfig, go to start up tab,uncheck lphc35dj0e1an, also uncheck rhc75dj0e1an, click apply, then ok,restart computer. Then you need to restore you computer to an earlier date! To restore your computer:Click start, control panel, performance and maintainance category view , under see also,left side of page,click System Restore, Read and Follow instructions!
Sunday, August 10, PM. I was one of the unfortunate to receive this fun little bundle of! I couldn't figure out how to remove it, so I deleted the folder labeled rhc75dj0e1an that was installed in the program files folder, thinking this would solve my problem. Win I do a full scan, it will run for about 15 to 20 minutes, then My screen will go blank, and a bogus looking blue screen of death will pop up, then windows will restart, another bsod will pop up and windows will resrt again.
The cycle of the blue screen and restarts does not stop unless I shut the computer down completely. When it does restart, I get an error saying its missing a vbs file. Help me, please? Have I botched up the removal process? I just re-formatted my system about a week ago, so there are no restore points setup. What do I need to do to fix this? Monday, August 11, PM.
Tuesday, August 12, PM. Thursday, August 14, PM. Lyonspugs Your method of disabling the virus on startup did stop it from starting up, but the restore point is only referencing todays date and the yellow box on the center of the screen is still there and the color of the screen is a darker blue, can you let me know if I missed something, also the link Thanks for any advice you can give!
Friday, August 15, AM. Perform a search by clicking Start, Search and run a search on all files and folders for your hard drive.
Saturday, August 16, PM. Thanks, Dawn. Sunday, August 17, AM. What really galls me is how many anti virus programs both free and commercial that just aren't dealing with this particular antivirus and it's close variants. Its been out for a while now. Spybot leaves some "residue" from this virus.
The best tool for cleaning it up is Malware Bytes Anti Malware. Sunday, August 17, PM. I tried to do this, however, when I tried to boot it in Safe Mode, the mouse stopped working, the wireless mouse, so I even tried plugging a USB mouse in too; has Antivirus XP managed to cripple my mouse as well?
The mouse won't work in normal mode now either. Monday, August 18, AM. Monday, August 18, PM. This virus invaded my computer last night and has now crippled my computer totally. It just keeps shutting down. I cannot login in safe-mode or any other mode, for that matter. I have copied some removal tools to a CD, but cannot run the CD because I cannot login on my computer. Any suggestions for getting the CD to run?
My last resort is going to be a full recovery, but I was hoping to avoid that. Thanks in advance. Tuesday, August 19, AM. As listed earlier by Lyonspugs: great advice! Step 1: "Go to click Start,Run Type msconfig, go to start up tab, uncheck lphc35dj0e1an, also uncheck rhc75dj0e1an, click apply, then ok,restart computer. XP Antivirus may recreate itself after reboot, continue to run in the background of your system without your knowledge and display fake warning messages to drive you to purchase the full version of XP Antivirus XP Antivirus 's activities may generate a system slowdown.
If you are concerned that malware or PC threats similar to XP Antivirus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service. Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats.
Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. There is nothing like this! I haven't tried MS's Autoruns, maybe I will do that next weekend to see how it works. Valerie, do you have any anti-virus program installed?
When i used Windows, i had Norton running on the background. But even then, i had some stuff coming through anyway. Well, i don't have a problem now, i don't use windows. But good luck! Hi, thanks for the info. Yes, I run e-Trust AV, and it's up to date. I run AdAware, but not nearly often enough.
This fake AV changed my background picture, sends multiple "virus alert warnings" and seems to be a PIA to remove. Guess I'll start taking my own advice and do backups more often. I've been finding 3. I couldn't get online awhile ago, so I thought what the heck, I'll just go to safe mode and run some maintenance. I don't do that very often. But I ran most of my programs, including Spybot came up clean and when I got back to normal mode, I could get on the Internet.
I'm don't know if there's any connection with my running maintenance and being able to connect afterwords. I just had a major problem with this virus. It disabled Administrative functions so I couldn't run regedit or delete tasks.
I tried going into the safe mode as Administrator but I couldn't find it to delete.
0コメント