$PARASITEID = '100943'; ?>
Do you know what the CNN.com Daily Top 10 email is?
The CNN.com Daily Top 10 email downloads the Trojan-Downloader.Agent.EL Infection onto your computer. We have discovered that a spam email message titled "CNN.com Daily Top 10" is circulating over the internet and ultimately downloading a Trojan Downloader file.
In non-techie terms: Spammers commonly use catchy subject lines and spend a great deal of time making the fake email look legitimate. In the case of the CNN.com Daily Top 10 email message it looks like it came directly from CNN.com expect the senders domain address does not coincide. If this email is opened and a link is clicked it will redirect you to a malicious website that offers a viewing of a video. If you attempt to play the video on this site it will prompt you with a message that asks you to update the Flash Player in order to play it. The Flash Player download that it provides drops the get_flash_update.exe file. If the get_flash_update.exe file is executed it will then download the Trojan-Downloader.Agent.EL infection.
Trojan-Downloader.Agent.EL is known to download other malicious files or programs onto any infected machine. It is essential that you remove this Trojan Downloader as soon as possible to avoid damage to your system.
Aliases: CNN.com Daily Top 10, Trojan-Downloader.Agent.EL.
Trojan-Downloader.Agent.EL Automatic Removal Instructions
Trojan-Downloader.Agent.EL Manual Removal Instructions
This manual removal method is for techie computer users. Trojan-Downloader.Agent.EL manual removal may be difficult and time consuming to remove. There's no guarantee that Trojan-Downloader.Agent.EL will be removed completely. So read the Trojan-Downloader.Agent.EL removal steps carefully and good luck.
Before you start: Close all programs and Internet browsers. Also back up your computer in case you make a mistake and your computer stops working.
- Uninstall Trojan-Downloader.Agent.EL Program
Click on Start > Settings > Control Panel > Double-click on Add/Remove Programs. Search for and uninstall Trojan-Downloader.Agent.EL if found. - To stop Trojan-Downloader.Agent.EL processes (view process removal steps)
Go to Start > Run > type taskmgr. The click the Processes tab and you'll see a list of running processes.
Search and stop these Trojan-Downloader.Agent.EL processes:
get_flash_update.exe
Uninstall.exe
lphcjkrj0etfg.exe
CbEvtSvc.exe
pphcjkrj0etfg.exe
For each unwanted process, right-click on it and then select "End task". - To Unregister Trojan-Downloader.Agent.ELDLLs (view DLL removal steps)
Search and unregister these Trojan-Downloader.Agent.ELDLLs:
MFC71.dll
MFC71ENU.dll
msvcr71.dll
msvcp71.dll
To locate the Trojan-Downloader.Agent.ELDLL path, go to Start > Search > All Files or Folders. Type Trojan-Downloader.Agent.ELand in the Look in: select either My Computer or Local Hard Drives. Click the Search button.
Once you have the Trojan-Downloader.Agent.ELDLL path, go to Start and then click on Run. In the Run command box, type cmd, and then click on OK.
To locate the exact DLL path, type cd in order to change the current directory. To display the contents of the directory, use the dir command. To remove the DLL file type regsvr32 /u FILENAME.dll (FILENAME is the name of the file that you want to unregister). - Find and delete each of the following files located in each directory:
C:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
C:\Program Files\rhcnkrj0etfg\MFC71.dll
C:\WINDOWS\system32\sysrest32.exe
C:\Program Files\rhcnkrj0etfg\Uninstall.exe
C:\Program Files\rhcnkrj0etfg\msvcp71.dll
C:\Program Files\rhcnkrj0etfg\msvcr71.dll
C:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
C:\WINDOWS\system32\blphcjkrj0etfg.scr
C:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local
C:\Program Files\rhcnkrj0etfg\database.dat
C:\Program Files\rhcnkrj0etfg\license.txt
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\lphcjkrj0etfg.exe
C:\Program Files\rhcnkrj0etfg
C:\WINDOWS\system32\phcjkrj0etfg.bmp
C:\WINDOWS\system32\drivers\54c70b2e.sys
C:\WINDOWS\system32\pphcjkrj0etfg.exe
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser
C:\WINDOWS\dli32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Packages
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
C:\WINDOWS\system32\gnjsjc.dll
C:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects - To unregister Trojan-Downloader.Agent.EL registry keys (view registry keys removal steps)
Go to Start > Run > type regedit > press OK.
Edit the value (on the right pane) by right-clicking on it and selecting the Modify option. Select the Delete option.
Search and delete these Trojan-Downloader.Agent.EL registry keys: - If your homepage has been changed, go to Start > Control Panel > Internet Options > click on the General > click Use Default under Home Page. Add the your desired default homepage, then click Apply > click OK. Open a new web browser to check that you have your desired default homepage.
- To remove Trojan-Downloader.Agent.EL icons on your Desktop, drag and drop them to the Recycle Bin.
You've completed the Trojan-Downloader.Agent.EL manual removal instructions!
I hope this article has helped you solve your Trojan-Downloader.Agent.EL problems. If you want to contribute to this article, post your comment below.
Disclaimer: This article is for educational purposes. By using this information you agree to be bound by the disclaimer. There's no guarantee that Trojan-Downloader.Agent.EL will be completely removed from your computer. Seek professional help if your computer continues to experience problems.
CNN is of course not affiliated with the threat. It doesn't operate the website in question and the messages are being sent from randomized email accounts, likely on infected machines. But keep this in mind if you see any emails from CNN this week, whether or not you subscribe to any of its mailing lists.