September 2008

Album Cover: The Future

"Love's the only engine of survival."
Leonard Cohen / The Future

Fun With Antivirus XP 2008

September 27, 2008 7:04 PM

For the most part, my copy of McAfee does little more than take up resources on my computer. When I run Ad-Aware, I catch a few harmless cookies, but nothing major. Today, though, I was presented with a handful for which neither seemed to be a match.

After reading about Paul Newman's death (R.I.P. Paul) earlier today, I decided to head on over to The Pirate Bay to see if I could find a copy of Butch Cassidy and the Sundance Kid in 720p to download. When I arrived at the search results, I was surprised to see that rather than the typical Firefox-outwitting pop-up ads, I was presented with an actual PDF file attempting to launch on my computer. Now that's a first!

As soon as I saw the chrome of Adobe Acrobat painting itself before my eyes, I knew I was in trouble, and immediately hit CTRL-SHIFT-ESC to try and kill the process. I closed what I could, but unfortunately for me, the damage had been done. The advantage of hindsight has now led me to believe that the page somehow triggered the launching of a malicious PDF file, which was able to exploit my version of Adobe Acrobat (version 8) in such a way that it unleashed the Antivirus XP 2008 application on my computer.

Although the malware went to work on my computer in a matter of seconds, it took much, much longer to rid my computer of it. Unfortunately for me, McAfee paid about as much attention to it as Clay Aiken would to Carrie Underwood if she couldn't sing. Ad-Aware 2008 actually located the affected files and pretended I could do something about them, but after I attempted to remove them and logged out and back in to my account, it was blatantly obvious it had had no effect whatsoever.

Antivirus XP 2008 is interesting in that it attempts to get you to accept a "license agreement" whenever you log in to your Windows account. I personally didn't see what the application does beyond that agreement, because I didn't accept it, but there are some details over at Symantec's website. The part I did see, though, is that it replaces your desktop background with an image of a generic antivirus dialog attempting to trick you into thinking you have viruses on your computer. It also changes some of your local computer policies so that you are unable to change the desktop background or your screensaver.

After reading some content over at Bleeping Computer, I decided to download Malwarebytes' Anti-Malware and see if it could take care of the problem. That was a terrible mistake, because not only did the tool not remove the malware, but it was extremely buggy and kept throwing up the types of error dialogs I'd expect from alpha software, if that. When that didn't work, I decided to give Spybot - Search & Destroy a try. I've always heard good things about it, but never gave it a try previously since I've always had such good experiences with Ad-Aware. Despite all the good things I'd heard, Spybot - Search & Destroy was a bust as well, even if not as badly as Malwarebytes' Anti-Malware.

At that point, I knew I was going to have to take things into my own hands. As they say, when you want something done right, do it yourself. I noticed that someone over in the CNET Computer Help Forums had posted some manual steps for removing Antivirus XP 2008 from a computer. For the most part, they got me where I needed to be, but there were a few differences in my experience, so I figured I'd post my modified steps here, in case it ever proves useful for anyone else.

Without further ado, here's the rundown on what I needed to do to rid my poor computer of the malware mess that is Antivirus XP 2008:

  1. Go to Start, Run and type "msconfig" and hit Enter.
  2. In the dialog, choose the Startup tab and uncheck the "lphc35dj0e1an" entry in the list. The aforementioned forum post recommended unchecking "rhc75dj0e1an," too, but I didn't find this in my list.
  3. Save the settings and restart the computer.
  4. Once the computer restarts, browse to the C:\Windows\System32 folder and delete the file lphc35dj0e1an.exe. The aforementioned forum post recommended deleting the entire folder located at C:\Program Files\rhc75dj0e1an, but I did not find this on my computer.
  5. The aforementioned forum post also recommended running GPedit.msc from Start, Run, but because I'm running Windows XP Home on my home computer, this is not an option. Rather than wading around in the registry to undo all of the display options that Antivirus XP 2008 had disabled, I did a little searching and stumbled upon an article that recommended using Doug's Windows XP Security Console as a graphical alternative to tweaking the registry. After having installed the application, I can now highly recommend it, too.
  6. From Doug's Windows XP Security Console, choose the Display Options tab and uncheck the "Disable the Desktop tab" and "Disable the Screensaver tab" options. Then hit Apply and then Exit.

After following the above steps myself, I was able to then go to the Display dialog for my desktop and return the desktop background to its previous state. I was also able to return the screensaver to its previous state. Funnily (or frustratingly, depending on your state of mind) enough, it was only at this point that McAfee caught wind of the malware and automatically removed it. I was notified of the following locations, in case they prove useful to anyone without access to an automatic cleanup utility like McAfee:

  • C:\Windows\system32\phc3j2j0e7dg.bmp
  • C:\Windows\System32\blphc3j2j0e7dg.scr
  • C:\System Volume Information\_restore{25A61011-48AC-4E32-BE28-95F28BF34C5F}\RP7\A0000077.scr

Hopefully for your sake, you're not reading this post because you've had a run-in with Antivirus XP 2008, but if you are, hopefully it's been at least somewhat helpful for you.

Computers | Post Comments | View Comments (2) | Permalink

Seven Years Later

September 11, 2008 9:36 AM

American Flag

Miscellaneous | Post Comments | View Comments (1) | Permalink

I'm Beginning to Think I Could Be a Newspaper Reporter

September 11, 2008 9:34 AM

This guy gets paid to write:

Sean Locklear, Maurice Morris and Bobby Engram were the only two players who didn't practice at well.

I usually try to give writers the benefit of the doubt, but there is so much wrong with that one rather short sentence that you've gotta start to wonder...

Elsewhere | Post Comments | View Comments (2) | Permalink

Showing Up on Seattlest

September 08, 2008 12:45 AM

About a week ago my friend Mike messaged me on Google Talk with a link to an article at Seattlest, a blog I read regularly. Upon reaching the article, I immediately recognized my own photo included at the top.

While catching up on the Seattlest web feed tonight, I also noticed that they used another one of my photos in an article about the Seahawks posted back toward the beginning of August.

I regularly add photos I've taken to the Seattlest Flickr pool, so it's pretty cool to see that some of them have been recognized and utilized on what is a pretty cool local blog.

Personal | Post Comments | View Comments (3) | Permalink

Bumbershoot 2008

September 07, 2008 10:08 PM

Beck at Bumbershoot 2008

My buddy Mike and I made our annual trip to Bumbershoot last weekend. This year was our third year in a row, but unfortunately for us, the third time was not a charm.

We showed up at around noon, and I ended up having the same thing for lunch that I had last year: bratwurst with sauerkraut. I also had a small cup of what tasted like Minute Maid lemonade that cost around $3. The lunch was good, though.

Unfortunately, and somewhat inexplicably, they decided to forego on one of the sound stages they had the previous two years (and likely many years before that) so that they could put in a vert ramp for skateboarding. The only problem with this decision is that the professional skateboarders they hired only performed for two half hours the entire day, and while it was entertaining to watch, the rest of the time resulted in far fewer options in terms of musical acts to enjoy.

Mike and I walked the grounds of the Seattle Center quite a bit more than we did in previous years, mostly because we were killing time between acts and hoping to find something interesting to look at, listen to, whatever. We managed to stumble upon Flatstock, which was pretty cool because there were all kinds of concert posters on display and for sale. However, there really wasn't all that much else to see outside of the few musical acts playing at any given time.

Even the musical acts left a little to be desired this year. We listened to Grynch perform as we ate our lunch, and while he was entertaining, his raps didn't quite live up to some of the beats he was rapping to, which were pretty impressive.

After Grynch, we ended up walking around and killing a lot of time before we finally ended up in Memorial Stadium, which is where all the main acts play, a little after 6 o'clock. We caught Band of Horses, whom I'd never heard of, first, and they put on a pretty good show. Their sound was really good, which I probably wouldn't have even noticed had it not been for the set that followed.

The headlining act for the night, and the main reason Mike and I decided to choose Saturday for our annual Bumbershoot experience, was Beck. I had seen him before in a much smaller venue when he was touring for Sea Change, but I knew this set would likely be much more upbeat given his new release, Modern Guilt.

The main reason I now can comment on the decent sound of Band of Horses' set is because the sound of Beck's was anything but. His microphone was cutting out throughout the first handful of songs and every now and then a high-pitched feedback would burst through the speakers. Other than the drums and bass, the rest of the band sounded like nothing but noise. Luckily, there was a brief interlude of about three songs in which the entire band was at the front of the stage, wearing headsets and playing all kinds of sounds on what Beck referred to as 808s, after which the sound problems had been mostly taken care of and we were able to actually enjoy the music.

The combination of the sound issues and the sparseness of musical acts to listen to throughout the day made for a less than memorable Bumbershoot this year. I had a good time catching up with my buddy Mike, though, and I'm sure we'll give it another shot next year. We'll probably just be a little more careful about the day and lineup we choose.

Red Beck courtesy of Flickr user mash187.

Music | Post Comments | View Comments (1) | Permalink