Antivirus XP 2008 has been scamming many people off late. It installs on your pc shows false scanning showing that you have plenty of viruses and to remove them you will have to purchase the Antivirus XP 2008. Seeing this many people have already shelled out there hard earned money for this fake software. Besides this it also slows down your pc making it impossible to work. Well following are some of shots of this virus.

to remove the spyware (update) another option are this one: MaleWareBytes antivirus


Well if you have downloaded it from some website, here is the screen shot its website.


Browser Hijack by Antivirus XP 2008



REMOVAL PROCEDURE

1. Open task manager(Ctrl+Alt+Del) & kill the following processes by using right click in the following order(the exact names of the files will differ but they will be 12 character long. Also note the names of the files before deleting as at all places the variation of name will be there accordingly. Because of variation I will be using Virus1 for the first one and Virus2 for the second one)

• rhc1cdj0e12r.exe
• pphc5cdj0e12r.exe

2. Now open C:\windows\system32(Assuming you have windows installed in C drive) and trace Virus2 and delete it.


3. Next open c:\program files and find the folder named Virus1. Delete the entire folder.


4. Next delete all traces of Antivirus XP 2008 from desktop and start menu(shortcuts)

5. Empty recycle bin

The following steps require registry editing so follow them carefully. Improper editing could lead to system crash.

6. Go start menu->run-> type 'regedit' and press enter. Regsitry Editor will open up.

7. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Locate and delete virus1 using right click

8. Next Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Locate & delete SMvirus1 using right click

9. Now go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1cdj0e12r
del key Virus1 using right click

10. Now
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Locate 'AntivirXP08' on right side and delete it.

Now there is only one step left which can be performed only when you log in to windows next time.

11.Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1cdj0e12r
del key Virus1

12 Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
And delete the key Antivirus XP 2008

13 Now if your themes, appearance and settings are missing you can download small tool from here

Now your system is clean from this fake antivirus.

For any comments, questions or suggestions, please do comment in the comment section or click the contact me button above.

Do you know what SpyHeals is?

DESCRIPTION

SpyHeals is a newer version of SpyHeal which is a rogue anti-spyware program that is usually downloaded and installed through a Trojan infection. SpyHeals, once installed, performs system scans that display fake results of parasites that it found on your computer.

SpyHeals is a major threat to the security of your computer. By having any type of rogue anti-spyware program installed you run a great risk of opening up your computer to remote users or hackers. You may not know that you have SpyHeals until you start getting annoying popups or alert messages. It is up to you to take action to remove SpyHeals before it causes damage to your system files.

In non-techie terms: SpyHeals, just like it’s clone SpyHeal, is a complete waste of money. Hackers create programs like SpyHeals to extort money from you by use of illicit tactics. Do not ever purchase, download or install SpyHeals.

Have you been infected with SpyHeals or SpyHeal? Did SpyHeals start scanning your computer without your permission?

SpyHeals Automatic Removal Instructions

This automatic removal method is for non-techie computer users. If you’re too lazy to learn about spyware removal or how to access sensitive files in your computer, then this is the method for you.
Before you start: Print or bookmark these instructions because you’ll have to reboot into Safe Mode. Also back up your computer in case you make a mistake.

1. Download and save SmitFraudFix to your desktop.
2. Restart your computer in Safe Mode (how to do safe mode). Once the
   desktop appears, double click on the SmitfraudFix.exe on your desktop.
3. After the credits screen, you’ll see a menu. Select the option number 2, which is ‘Clean (safe mode recommended)’, and then
   press Enter to delete infect files.
4. SmitFraudFix will begin cleaning your computer and take a series of cleanup processes. When the process is over, it will automatically begin the Disk Cleanup program.
5. Once the Disk Cleanup program is complete, you will be prompted with the message ‘Registry cleaning - Do you want to clean the registry’. Answer Y (Yes) and hit Enter. Reboot your computer.
6. SmitFraudFix will now check if wininet.dll is infected. SmitFraudFix will ask you whether to replace the infected file (if there’s any) ‘Replace infected
   file?’ Answer by typing Y (Yes) and hit Enter.
7. Reboot your computer to complete the cleaning process.
8. After reboot, a Notepad screen may appear containing a log of all the files
   removed from your computer. If it doesn’t appear, a file will be created called
   rapport.txt in the root of your drive, (Local Disk C:).
9. Restart your computer in Safe Mode (how to do safe mode).
10. Go to C:\Windows\Temp, click Edit, click Select All, press DELETE, and then
    click Yes to confirm that you want all the items to go to the Recycle Bin.
11. Go to C:\Documents and Settings\[LISTED USER]\Local Settings\Temp, click Edit, click Select All, press DELETE, and then click Yes to confirm that
    you want all the items to go to the Recycle Bin.
12. Reboot your computer back to normal mode. Go to Windows Update and download all critical updates.

SpyHeals Manual Removal Instructions

This manual removal method is for techie computer users. SpyHeals manual removal may be difficult and time consuming to remove. There’s no guarantee that SpyHeals will be removed completely. So read the SpyHeals removal steps carefully and good luck.
Before you start: Close all programs and Internet browsers. Also back up your computer in case you make a mistake and your computer stops working.

1. Uninstall SpyHeals Program
   Click on Start > Settings > Control Panel > Double-click on Add/Remove Programs. Search for and uninstall SpyHeals if found.
2. To stop SpyHeals processes (view process removal steps)
   Go to Start > Run > type taskmgr. The click the Processes tab and you’ll see a list of running processes.
   Search and stop these SpyHeals processes:
   SpyHeals.exe
   For each unwanted process, right-click on it and then select “End task”.
3. To Unregister SpyHeals DLLs (view DLL removal steps)
   Search and unregister these SpyHeals DLLs:
   redir.dll

   To locate the SpyHeals DLL path, go to Start > Search > All Files or Folders. Type SpyHeals and in the Look in: select either My Computer or Local Hard Drives. Click the Search button.
   Once you have the SpyHeals DLL path, go to Start and then click on Run. In the Run command box, type cmd, and then click on OK.
   To locate the exact DLL path, type cd in order to change the current directory. To display the contents of the directory, use the dir command. To remove the DLL file type regsvr32 /u FILENAME.dll (FILENAME is the name of the file that you want to unregister).

4. To unregister SpyHeals registry keys (view registry keys removal steps)
   Go to Start > Run > type regedit > press OK.
   Edit the value (on the right pane) by right-clicking on it and selecting the Modify option. Select the Delete option.
   Search and delete these SpyHeals registry keys:

   HKEY_CLASSES_ROOTclsid{f3642b57-3ea8-4eea-a643-9de138381a57}inprocserver32
   HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun SpyHeals
   HKEY_CLASSES_ROOTclsid{f3642b57-3ea8-4eea-a643-9de138381a57}inprocserver32 threadingmodel
   HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun SpyHeals
   HKEY_CLASSES_ROOTclsid{f3642b57-3ea8-4eea-a643-9de138381a57}
   HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{f3642b57-3ea8-4eea-a643-9de138381a57}
   

5. If your homepage has been changed, go to Start > Control Panel > Internet Options > click on the General > click Use Default under Home Page. Add the your desired default homepage, then click Apply > click OK. Open a new web browser to check that you have your desired default homepage.
6. Remove SpyHeals Directories.
   To find SpyHeals directories, go to Start > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder.
   Search and delete the following SpyHeals directories:
   C:\ProgramFiles\SpyHeals
   C:\ProgramFiles\Spy Heals
   C:\ProgramFiles\SpyHeal
   C:\ProgramFiles\Spy Heal

   Right-click on the SpyHeals folder and select Delete.
   A message will appear saying ‘Are you sure you want to remove the folder SpyHeals and move all its contents to the Recycle Bin?’, click Yes.
   Another message will appear saying ‘Renaming, moving or deleting SpyHeals could make some programs not work. Are you sure you want to do this?’, click Yes.

7. To remove SpyHeals icons on your Desktop, drag and drop them to the Recycle Bin.

You’ve completed the SpyHeals manual removal instructions!
I hope this article has helped you solve your SpyHeals problems. If you want to contribute to this article, post your comment below.

Disclaimer: This article is for educational purposes. By using this information you agree to be bound by the disclaimer. There’s no guarantee that SpyHeals will be completely removed from your computer. Seek professional help if your computer continues to experience problems.

Remember someone asked me about how to extend Windows 2008 evaluation. This is important as we do not want to reinstall all the hardworked configuration, especially we are doing some R&D or testing.

By default, Windows 2008 will allow you to evaluation for 60 days, and use the following command to evaluate up to 180 days! Thats cool - all the research for sure be able to finish within 180 days - unless you want to use it for production :).

To do it?

1. Click Start, run -> CMD.
2. Type slmgr.vbs -dli, and ENTER to check the current evaluation period.
3. Type slmgr.vbs –rearm to reset the evaluation period and then press ENTER.
4. Restart the computer.

Thats it. Want to know more? Microsoft release one KB article about it:

http://support.microsoft.com/kb/948472

When you are working with managed code applications, you may need to store information used by an application as key/value pairs in the application's Web.config file. Storing application settings in this way ensures that the stored values can be accessed from anywhere within the application. If you store application settings at the server or site level, multiple applications could access and use the same settings. With this in mind, you can view and work with key/value pairs for applications by completing the following steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage.

2. Access the Application Settings page by double-clicking the Application Settings feature.

3. In the main pane, you'll see a list of the currently defined key/value pairs. Be sure to note whether the entry type is listed as local or inherited. Local entries are configured at the level you are working with. Inherited entries are configured at a higher level of the configuration hierarchy.

4. Use the following techniques to work with application settings:

• Add a setting Click Add. In the Add Application Setting dialog box, type the name and value for the application setting, and then click OK.

• Edit a setting Click the setting you want to modify, and then click Edit. In the Edit Application Setting dialog box, type the desired name and value for the application setting, and then click OK.

• Remove a setting Click the setting you want to remove, and then click Remove. When prompted to confirm the action, click Yes.

E-mail services are an important part of most Internet, intranet, and extranet server operations. Often, you'll find that applications installed on a server generate e-mail messages that need to be delivered. For this purpose, IIS includes the Simple Mail Transfer Protocol (SMTP) feature so that IIS can deliver e-mail messages for Web applications that use the System.Net.Mail API. The configuration restricts the sending of messages that are generated by remote users, which include the Internet Guest account and any other named user on the Web server. The configuration also restricts relaying of e-mail through SMTP.

SMTP is just one of several components that make up a typical e-mail system. Windows Server 2008 includes the optional SMTP Server feature to provide a more robust solution. However, if you want to receive e-mail and store it on the server so that users and applications can retrieve it, you need to install a full-featured messaging server in the enterprise, such as Microsoft Exchange Server 2007.

You can use the SMTP E-mail feature in two key ways. You can use this feature to deliver e-mail messages generated by applications to a specific SMTP server running on the local system or a remote server. Or you can use this feature to drop e-mail directly into the pickup directory for later processing by an application or for direct processing by an SMTP server running on the local system. Because SMTP servers monitor their pickup directories continuously for new messages, any message placed in this directory is picked up and transferred to a queue directory for further processing and delivery.

E-mail messages have To, Cc, Bcc, and From fields to determine how the message should be handled. To, Cc, and Bcc fields are used to determine where the message should be delivered. The From field indicates the origin of the message. E-mail addresses, such as williams@tech.microsoft.com, have three components:

• An e-mail account, such as Williams

• An at symbol (@), which separates the account name from the domain name

• An e-mail domain, such as tech.microsoft.com

The key component that determines how the server handles messages is the e-mail or service domain. Service domains can be either local or remote. A local service domain is a Domain Name System (DNS) domain that's serviced locally by the server. A remote service domain is a DNS domain that's serviced by another server or mail gateway.

You can deliver e-mail to a locally hosted or remote SMTP server by completing the following steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then display the SMTP E-Mail page by double-clicking the SMTP E-Mail feature.

2. On the SMTP E-Mail page, shown in the E-Mail Address text box, type the address you want to use as the default address from which e-mail messages are sent.

3. Select the Deliver E-Mail To SMTP Server option.

4. In the SMTP Server text box, type the fully qualified domain name of the SMTP server, such as mailer5.adatum.com. Or select the Use Localhost check box to set the name of the SMTP server to localhost, allowing System.Net.Mail to send e-mail directly to the SMTP server on the local computer.

5. In the Port text box, type the TCP port number to use to connect to the SMTP server. The standard TCP port for SMTP is 25, so this is the default and recommended setting.

6. The Authentication Settings options allow you to specify the authentication mode and credentials. If your SMTP server does not require authentication, choose Not Required. Otherwise, choose one of the following options:

• Windows Choose this to use the application identity for connecting to the SMTP server.

• Specify Credentials Choose this to specify a user name and password for connecting to the SMTP server. Credentials are sent as clear text across the network. To specify credentials, click Set. Type the user name, type and then confirm the user password, and then click OK.

7. In the Actions pane, click Apply to save your settings.

You can deliver e-mail to a pickup directory by completing the following steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then display the SMTP E-Mail page by double-clicking the SMTP E-Mail feature.

2. On the SMTP E-Mail page, in the E-Mail Address text box, type the address you want to use as the default address from which e-mail messages are sent.

3. Select the Store E-Mail In Pickup Directory option, and then click Browse.

4. Use the Browse For Folder dialog box to specify the location of the pickup directory, and then click OK.

5. In the Actions pane, click Apply to save your settings.

Source of Information : Microsoft Press Internet Information Services IIS.7.0 Administrators Pocket Consultant

In the default configuration, IIS manages session state for ASP.NET in much the same way as it manages session state for ASP. Beyond the basic settings, however, you have many more options. For ASP.NET pages, you use the Enable Session State setting of the Pages And Controls feature as the master control to turn on or off session state management or to configure IIS to use a read-only session state. You use the Session State feature to fine tune how session state management is used.

By default, IIS maintains session state in process as does ASP. Each ASP.NET application configured on your server can have its own session state settings. When you've activated the ASP.NET State Service and configured it to start automatically, you can use out-of-process session state management for ASP.NET. Out-of-process state management ensures that session state information is preserved when an application's worker process is recycled. You can configure out-of-process state management to use a State Server or a Microsoft SQL Server database. Before you configure a SQL Server for session state, you must run the InstallSqlState.sql script on the server. By default, this script is stored in %SystemRoot%\Microsoft.NET\Framework\FrameworkVersion, where FrameworkVersion is the version of the .NET Framework you are using, such as V2.0.50727.

You turn on or off session state management or use a read-only session state by following these steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then display the Pages And Controls page by double-clicking the Pages And Controls feature.

2. On the Pages And Controls page, the Enable Session State text box shows the current session state. As necessary, change this setting to False to disable session state maintenance, True to enable session state maintenance, or ReadOnly to use a read-only session state.

3. In the Actions pane, click Apply to save your settings.


Once you've enabled a ReadWrite or ReadOnly session state, you can use the settings of the Session State feature to optimize the session state configuration. Follow these steps:

1. In IIS Manager, navigate to the level of the configuration hierarchy you want to manage, and then display the Session State page by double-clicking the Session State feature.

2. On the Session State Mode Settings frame in the main pane, use the following options to set the session state mode:

• Not Enabled Select this option to disable session state.

• In Process Select this option to store session state data for a managed-code application in the worker process where the application runs. This is the default setting.

• Custom Select this option to configure IIS to use a custom provider to handle session state for ASP.NET applications.

• State Server Select this option to enable the ASP.NET State Service and store session state data outside the worker process where the application runs. The ASP.NET State Service stores the session state in an internal database by default or in a database of your choosing. You must start the service and configure it for automatic startup.

• SQL Server Select this option to configure IIS to use a SQL Server database to store session state data instead of storing it in the worker process where the application runs. The ASP.NET State Service stores the session state in the SQL Server database you designate. You must start the service and configure it for automatic startup.

3. With the State Server or SQL Server option, the Connection String text box sets the connection string that is used to connect to the state server or SQL Server. If you click the related selection drop-down list, you can choose a previously created connection string to use. If you click the related Create button, you create the required connection string by using the Create Connection String dialog box.

4. With the State Server or SQL Server option enabled, the related Time-Out text box sets the time, in seconds, that the connection will be maintained. The default for a state server is 10 seconds. The default for a server running SQL Server is 30 seconds.

5. With the SQL Server option enabled, you can select the Enable Custom Database check box to enable a custom SQL Server database for storing session state data.

6. On the Cookie Settings pane, in the Mode drop-down list, select the desired item to specify how cookies are used to store session state data. The items are:

• Auto Detect IIS uses cookies if the browser supports cookies and cookie support is enabled. Otherwise, IIS doesn't use cookies.

• Use Cookies Allows IIS to track the session state by using cookies. IIS passes the session state in cookies for all requests between a client browser and the Web server. Because cookies do not require redirection, cookies allow you to track session state more efficiently than any of the methods that do not use cookies. Using cookies also has several other advantages. Cookies allow users to bookmark Web pages, and they ensure that state is retained if a user leaves one site to visit another and then returns to the original site.

• Use Device Profile IIS uses cookies if the device profile supports cookies regardless of whether cookie support is enabled or disabled. The only time that IIS doesn't use cookies is when the device profile indicates that the browser doesn't support cookies.

• Use URI IIS inserts the session ID as a query string in the Uniform Resource Identifier (URI) request, and then the URI is redirected to the originally requested URL. Because the changed URI request is used for the duration of the session, no cookie is necessary.

7. Keep the following in mind when you are specifying how cookies are used to store session state data:

• When you use the Auto-Detect cookie, Use Device Profile, or Use URI modes, the Regenerate Expired Session ID check box is selected automatically. This ensures that IIS rejects and reissues session IDs that do not have active sessions. You should require that expired session IDs be regenerated because this ensures that IIS expires and regenerates tokens, which gives a potential attacker less time to capture a cookie and gain access to server content. If you want to disable session ID regeneration, as may be necessary when initially testing a new deployment in a development environment, clear this check box. Be sure to re-enable this feature later to enhance server security.

• When you use the Auto-Detect cookie, Use Cookies, or Use Device Profile modes, the entry in the Time-Out (In Minutes) text box sets the period of time that IIS maintains a session object after the last request associated with the object is made. The default time-out is 20 minutes. For a high-usage application in which you expect users to move quickly from page to page, you might want to set a fairly low time-out value, such as 5 or 10 minutes. On the other hand, if it's critical that the user's session is maintained to complete a transaction, you might want to set a long time-out value, such as 60 minutes.

• When you use the Auto-Detect cookie, Use Cookies, or Use Device Profile modes, the Name text box sets a name for the cookie. The default is ASP.NET_SessionId. To enhance security, you may want to change this value to a name that isn't as readily identifiable as the session ID.

• The Use Hosting Identity For Impersonation option enables Windows authentication for remote connections using the host process identity. Typically, this is the setting you want to use to ensure that IIS can read and write session state data.

8. In the Actions pane, click Apply to save your settings.

Source of Information : Microsoft Press Internet Information Services IIS.7.0 Administrators Pocket Consultant