How To Remove MSNBC Breaking News - (Uninstall Guide)
Article by George Norman
On 13 Nov 2009
I find that unsolicited email messages (spam) are bad all on their own. Why would I ever want to receive emails about topics that don’t interest me? But it seems the guys behind spam messages took this into consideration and they thought that if the spam claims to originate from a genuine, legitimate source like MSNBC, then you would pay attention. So they rolled out a spam campaign called MSNBC – Breaking News. The fact that MSNBC – Breaking News is spam is not the worse part; what’s worse than the fact that it is spam is that it leads to malware spreading sites.

If the user clicks one of the links included in the spam message, he will be directed to a malware spreading site that looks like the official MSNBC site. On that webpage the user is informed that a codec/Flash update is needed to view the videos presented on the site. The user is invited to download the codec/Flash update – which is nothing but a Trojan. That Trojan will download and install additional malware on the system; like for example rogue antivirus program Antivirus XP 2008. The Trojan will also make the user believe the computer has crashed by displaying a fake Blue Screen of Death (this is nothing but a screensaver that imitates the BSOD – a screensaver that you cannot change).

Advertising

As a rule of thumb, delete any spam messages you get. If you did not do that and you viewed the MSNBC – Breaking News message, clicked one of the links and downloaded the Trojan onto your computer, follow the instructions presented below to remove it.



Automatic removal guide


Manual removal guide

Stop and remove the processes:


c:/Program Files/rhcnkrj0etfg/Uninstall.exe
c:/Program Files/rhcnkrj0etfg/rhcnkrj0etfg.exe
c:/WINDOWS/system32/lphcjkrj0etfg.exe
c:/WINDOWS/system32/pphcjkrj0etfg.exe
c:/WINDOWS/system32/CbEvtSvc.exe


Access the Windows Registry Editor and delete the following registry keys:

HKEY_CURRENT_USER/Software/Sysinternals/Bluescreen Screen Saver
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/rhc5cvj0er53
HKEY_LOCAL_MACHINE/SOFTWARE/rhc5cvj0er53
HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/CbEvtSvc
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/CbEvtSvc
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System "NoDispBackgroundPage"
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System "NoDispScrSavPage"
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run "lphc1cvj0er53"
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run "SMrhc5cvj0er53"


Locate and delete the following files:

c:/Program Files/rhc5cvj0er53
c:/Program Files/rhc5cvj0er53/database.dat
c:/Program Files/rhc5cvj0er53/license.txt
c:/Program Files/rhc5cvj0er53/MFC71.dll
c:/Program Files/rhc5cvj0er53/MFC71ENU.DLL
c:/Program Files/rhc5cvj0er53/msvcp71.dll
c:/Program Files/rhc5cvj0er53/msvcr71.dll
c:/Program Files/rhc5cvj0er53/rhc5cvj0er53.exe
c:/Program Files/rhc5cvj0er53/rhc5cvj0er53.exe.local
c:/Program Files/rhc5cvj0er53/Uninstall.exe
c:/WINDOWS/system32/blphc1cvj0er53.scr
c:/WINDOWS/system32/CbEvtSvc.exe
c:/WINDOWS/system32/lphc1cvj0er53.exe
c:/WINDOWS/system32/phc1cvj0er53.bmp
c:/WINDOWS/system32/pphc1cvj0er53.exe
c:/Documents and Settings/All Users/Desktop/Antivirus XP 2008.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Antivirus XP 2008
c:/Documents and Settings/All Users/Start Menu/Programs/Antivirus XP 2008.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Antivirus XP 2008/Antivirus XP 2008.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Antivirus XP 2008/How to Register Antivirus XP 2008.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Antivirus XP 2008/License Agreement.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Antivirus XP 2008/Register Antivirus XP 2008.lnk
c:/Documents and Settings/All Users/Start Menu/Programs/Antivirus XP 2008/Uninstall.lnk
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/Autorun
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/Autorun/HKCU
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/Autorun/HKCU/RunOnce
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/Autorun/HKLM
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/Autorun/HKLM/RunOnce
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/Autorun/StartMenuAllUsers
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/Autorun/StartMenuCurrentUser
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/BrowserObjects
c:/Documents and Settings/LocalService/Application Data/rhc5cvj0er53/Quarantine/Packages


Disable the following DLL libraries:

c:/Program Files/rhcnkrj0etfg/msvcr71.dll
c:/Program Files/rhcnkrj0etfg/msvcp71.dll
c:/Program Files/rhcnkrj0etfg/MFC71.dll
c:/Program Files/rhcnkrj0etfg/MFC71ENU.DLL


Tags:
About the author: George Norman
.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular Removal Guide
By George Norman on 19 Feb 2010
If you did not manually install XP Micro Antivirus and the software just showed up on your computer one day, it means that a Trojan
By George Norman on 19 Feb 2010
Software Antivirus, unlike what the name may suggest, is not a security software solution nor is it an antivirus program. Software Antivirus is nothing more
By George Norman on 19 Feb 2010
The irony here is that the name WiniFighter would lead you to believe this is a security software application that will keep malware from the
By George Norman on 19 Feb 2010
PC Security 2009, a rogue antispyware program, is usually distributed by malware that installs the rogue on your system without your consent. The rogue’s installer
By George Norman on 18 Feb 2010
The people with malicious intent that put out the Internet Security 2010 rogue have rolled out another fake security software application, mainly Security
By George Norman on 18 Feb 2010
Personal Anti Malware, a rogue security software application, is usually distributed by Trojans. A Trojan manages to compromise your system, then installs the rogue without
Advertising
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!

HTML Linking Code