CNN.com Daily Top 10 and CNN Alerts: Breaking News Removal Guide (Uninstall Instructions)

  • August 6, 2008

What is CNN.com Daily Top 10 and CNN Alerts: Breaking News?

Skip this and learn how to remove CNN.com Daily Top 10 and CNN Alerts: Breaking News!

If you use e-mail, then you know that SPAM has become an epidemic in recent years. The problem with SPAM these days is that the creators make the e-mails look so legitimate that often a user receiving the e-mail won't know it is actually SPAM until it is too late. This is shown with a new SPAM being sent with the subject of CNN.com Daily Top 10 or CNN Alerts: Breaking News. The CNN.com Daily Top 10 or CNN Alerts SPAM pretends to be a legitimate e-mail from CNN where they link to the Daily Top 10 stories or breaking news alerts. In reality, though, none of the components of this SPAM/Malware infection are related to CNN at all. Instead, when you click on any of these links, you will be taken to a site and be presented with a screen stating that your Flash player is the incorrect version and that your browser cannot display the site without you downloading the newer version first. It will then prompt you to download the get_flash_update.exe or adobe_flash.exe file, which are actually Trojans. The get_flash_update.exe and adobe_flash.exe files are detectable by most anti-malware companies as the following names:

 

Vendor
Detected Name
Vendor
Detected Name
McAfee BackDoor-DNM Avast Win32:Trojan-gen {Other}
Microsoft TrojanDropper:Win32/Nuwar AVG I-Worm/Nuwar.W
Panda Trj/Exchanger.T
BitDefender Trojan.Peed.JQP
Sophos Mal/TibsPak DrWeb Trojan.DownLoad.3252
Symantec Trojan.Erotpics F-Prot W32/Downldr2.DBQX
TrendMicro TROJ_RENOS.AFT Kaspersky

Trojan-Downloader.Win32.Agent.ytu

 

If the get_flash_update.exe or the adobe_flash.exe file is downloaded and installed on your computer, they will proceed to download further malware that are set to start on your computer automatically when you reboot. When the whole infection process is complete, you will notice a variety of changes have occurred. The first change you will notice is that your Windows desktop background has been changed to a warning stating that Spyware was detected on your computer. Next, your screen saver will be changed to use SysInternals BlueScreen Screen Saver, which when running, emulates your operating system crashing into a blue screen of death. Some of the messages that will appear on this blue screen are:

PAGE_FAULT_IN_NONPAGED_AREA
PANIC_STACK_SWITCH
MAXIMUM_WAIT_OBJECTS_EXCEEDED
NO_MORE_IRP_STACK_LOCATIONS
BAD_POOL_HEADER
IRQL_NOT_LESS_OR_EQUAL
KMODE_EXCEPTION_NOT_HANDLED
BOGUS_DRIVER
SYSINTERNALS_GREAT_SITE
UNEXPECTED_KERNEL_MODE_TRAP

Though the screen saver will make it appear that your computer has crashed, and even make it look like your computer is rebooting, in reality it still is only a screen saver. Simply press the space bar and you will go right back to your desktop. The malware will also disable your ability to change your desktop or screen saver by modifying the Windows Registry so that the tabs to change these settings are not visible. Last, but not least, the CNN Daily Top 10 malware will also download and install a rogue anti-spyware program onto your computer. Currently the rogue being installed is one called Antivirus XP 2008. This program will automatically run and scan your computer. When done, it will display a variety of false risks on your computer that cannot be removed unless you first purchase the software. Please do not buy this software, but rather use the guide below to remove all of the malware installed by this SPAM.

  • CNN Daily Top 10 Spam Email Message
  • Site from spam that prompts you to install a Trojan
  • Fake screen saver installed by the Trojan
  • Second example of screen saver screen
  • Installed rogue software
  • Desktop background changed to a security warning
  • Internet Explorer Hijacking
  • CNN Alerts: Breaking news SPAM e-mail
  • CNN Alerts page

This guide will walk you through removing the CNN.com Daily Top 10 and CNN Alerts malware pack .

CNN.com Daily Top 10 and CNN Alerts: Breaking News Removal Options

Self Help Guide

This guide contains advanced information, but has been written in such a way so that anyone can follow it. Please ensure your data is backed up before proceeding.

If you are uncomfortable making changes to your computer or following these steps, do not worry! Instead you can get free one-on-one help by asking in the forums.
  1. Print out these instructions as we will need to close every window that is open later in the fix.

  2. At this point you should download Malwarebytes Anti-Malware, or MBAM, to scan your computer for any any infections or adware that may be present. Please download Malwarebytes from the following location and save it to your desktop:

    Malwarebytes Anti-Malware Download Link (Download page will open in a new window)

  3. Once downloaded, close all programs and Windows on your computer, including this one.

  4. Double-click on the icon on your desktop named mb3-setup-1878.1878-3.0.6.1469.exe. This will start the installation of MBAM onto your computer.

  5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave Launch Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.

  6. MBAM will now start and you will be at the main screen as shown below.



    Malwarebytes Anti-Malware


    Please click on the Scan Now button to start the scan. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan.

  7. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.



    Malwarebytes Anti-Malware


  8. When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different than what is shown in the image below due to the guide being updated for newer versions of MBAM.


    MalwareBytes Scan Results


    You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

  9. You can now exit the MBAM program.

  10. Now that MBAM has removed the Malware, we need to restore some of your settings back to their defaults and clean up some extra items. The first thing we are going to do is delete the rogue anti-spyware icons left in your Start Menu. To do this click on the Start button and then right-click on each of the Antivirus XP 2008 icons and select the Remove from This List option. Once you have removed the two icons, please continue with the next step.

  11. Right-click on an empty portion of your desktop and left-click on the Properties menu option.

  12. You should now be in your display properties at the Theme tab. In the Theme: drop down menu, select the Windows XP theme. Once selected, click on the Apply button and then the OK button. This will reset your desktop colors and background back to the original Windows XP defaults.

  13. At this point you can customize your computer's display settings as you desire.

Your computer should now be free of the CNN.com Daily Top 10 and CNN Alerts: Breaking News program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.

View Associated CNN.com Daily Top 10 and CNN Alerts: Breaking News Files

Some of these entries are random: c:\Program Files\rhcnkrj0etfg c:\Program Files\rhcnkrj0etfg\database.dat c:\Program Files\rhcnkrj0etfg\license.txt c:\Program Files\rhcnkrj0etfg\MFC71.dll c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL c:\Program Files\rhcnkrj0etfg\msvcp71.dll c:\Program Files\rhcnkrj0etfg\msvcr71.dll c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local c:\Program Files\rhcnkrj0etfg\Uninstall.exe c:\WINDOWS\system32\blphcjkrj0etfg.scr c:\WINDOWS\system32\CbEvtSvc.exe c:\WINDOWS\system32\lphcjkrj0etfg.exe c:\WINDOWS\system32\phcjkrj0etfg.bmp c:\WINDOWS\system32\pphcjkrj0etfg.exe c:\WINDOWS\system32\drivers\54c70b2e.sys c:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Packages

View Associated CNN.com Daily Top 10 and CNN Alerts: Breaking News Registry Information

Some of these entries are random: HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen Saver HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnkrj0etfg HKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfg HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CBEVTSVC HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\54c70b2e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54c70b2e HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispBackgroundPage" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispScrSavPage" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "lphcjkrj0etfg" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus,Trojan,Spyware, and Malware Removal Logs forum.

If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you.

Login

Remember Me
Sign in anonymously