- Backups (4)
- Desktops (2)
- Exchange (4)
- General Hardware (5)
- Google (2)
- Intel (1)
- Internet (5)
- Laptops (1)
- Memory (1)
- Microsoft (7)
- Nerdism (1)
- Networking (3)
- Rant (5)
- Security (6)
- Servers (1)
- Storage (3)
- Technical Questions (1)
- Uncategorized (2)
- 15. October 2008: Tech Talk site update
- 1. October 2008: HP Acquires LeftHand Networks
- 26. September 2008: Google Chrome - The Power Users Guide
- 10. September 2008: Cabling - Know when to walk away
- 2. September 2008: Google Chrome all set to launch
- 30. August 2008: IE8 and it's backwards incompatibility???
- 30. August 2008: Comcast gets slapped, then locks down bandwidth usage
- 27. August 2008: Customize/Create Outlook Web Access 2007 Themes
- 27. August 2008: Applying Managed Folder Mailbox Policies via LDAP Filters
- 27. August 2008: Exchange 2007 SP1 ActiveSync issues
lphcerpj0ec7t.exe has taken over my computer
We received a few calls today from a client stating there was a window on their screen claiming they had Spyware and we needed to load a Spyware removal tool or Anti-Virus software. Well, that is the first clue you have been taken for a ride, on the Spyware/Malware roller coaster. Upon investigation, we noticed that the message was not in fact a window, but rather a background image. Very tricky, sort of. We found the image on the PC, lphcerpj0ec7t.bmp, and it was every where. We then proceeded into the registry and sure enough it was there as well.
After checking every location it was located without actually touching it, we decided to Google the item and we found nothing. So now it was reverse engineer time. Without sending you through engineering 101, here are some steps to follow to remove this item. The sad part is that Symantec, McAfee, AdAware, Spybot S&D and a few others could not find it or fix it. More on that later.
Steps to remove said crap on one’s PC:
1 - Boot the PC into safe mode
2 - Open Regedit and do a quick backup to your hard drive and then do a find on lphcerp
3 - Every single instance you find of the item (.bmp, .exe, .scr and so on), replace the item with a valid file
Example - replace lphcerpj0ec7t.bmp with bliss.bmp (as long as bliss.bmp is located in your System32 folder)
Example - replace lphcerpj0ec7t.scr with blank.scr
4 - Once you have cleaned these files out of your registry, reboot and go back into safe mode
5 - Now do a search on your local drive for lphcerp and delete every single instance (shift - delete)
6 - Once this is complete, reboot your PC and log into Windows normally
7 - Verify that your desktop looks correct now and that you can right-click on your desktop and make a change to your desktop background and your screen saver.
We decided to copy this little beast and load it on our laptop that was running BitDefender and then launch it. Without ever letting us down, BitDefender not only stopped the file, but it deleted it right away. We love you BitDefender. Just as an FYI, we are running BitDefender Total Security 2008 and we have never run into any issues.
posted by: Myke Reinhold
Leave a Reply
You must be logged in to post a comment.