Some people who have received the CNN daily top ten email spam have unknowingly downloaded the trojan get_flash_update.exe file. If you are among these people, your anti malware software may identify the threat as Win32:Trojan-gen (Avast); Trojan.Erotpics (Symantec); TrojanDropper:Win32/Nuwar (Microsoft); BackDoor-DNM (McAfee) and I-Worm/Nuwar.W (AVG).

If the get_flash_update.exe file is downloaded and installed on your computer, it will proceed to download further malware that are set to start on your computer automatically when you reboot. When the whole infection process is complete, you will notice a variety of changes have occurred. The first change you will notice is that your Windows desktop background has been changed to a warning stating that Spyware was detected on your computer. Next, your screen saver will be changed to use SysInternals BlueScreen Screen Saver, which when running, emulates your operating system crashing into a blue screen of death.

Some of the messages that will appear on this blue screen are:

PAGE_FAULT_IN_NONPAGED_AREA
PANIC_STACK_SWITCH
MAXIMUM_WAIT_OBJECTS_EXCEEDED
NO_MORE_IRP_STACK_LOCATIONS
BAD_POOL_HEADER
IRQL_NOT_LESS_OR_EQUAL
KMODE_EXCEPTION_NOT_HANDLED
BOGUS_DRIVER
SYSINTERNALS_GREAT_SITE
UNEXPECTED_KERNEL_MODE_TRAP

Though the screen saver will make it appear that your computer has crashed, and even make it look like your computer is rebooting, in reality it still is only a screen saver. Simply press the space bar and you will go right back to your desktop. The malware will also disable your ability to change your desktop or screen saver by modifying the Windows Registry so that the tabs to change these settings are not visible. Last, but not least, the CNN Daily Top 10 malware will also download and install a rogue anti-spyware program onto your computer. Currently the rogue being installed is one called Antivirus XP 2008. This program will automatically run and scan your computer. When done, it will display a variety of false risks on your computer that cannot be removed unless you first purchase the software. Please do not buy this software, but rather use the guide below to remove all of the malware installed by this SPAM.

CNN Daily Top 10 Spam Email Message
For more screen shots of this infection click on the image above.
There are a total of 7 images you can view.This guide will walk you through removing the CNN.com Daily Top 10 malware pack .

Tools Needed for this fix:

• Malwarebytes’ Anti-Malware

For full instructions go to http://www.bleepingcomputer.com/malware-removal/remove-cnn-daily-top-10

Symptoms that may be in a HijackThis Log:

Some of these entries are random:

O4 – HKLM\..\Run: [lphcjkrj0etfg] C:\WINDOWS\system32\lphcjkrj0etfg.exe
O4 – HKLM\..\Run: [SMrhcnkrj0etfg] C:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
O23 – Service: CbEvtSvc – Unknown owner – C:\WINDOWS\System32\CbEvtSvc.exe

Associated CNN.com Daily Top 10 Files:

Some of these entries are random:

c:\Program Files\rhcnkrj0etfg
c:\Program Files\rhcnkrj0etfg\database.dat
c:\Program Files\rhcnkrj0etfg\license.txt
c:\Program Files\rhcnkrj0etfg\MFC71.dll
c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
c:\Program Files\rhcnkrj0etfg\msvcp71.dll
c:\Program Files\rhcnkrj0etfg\msvcr71.dll
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local
c:\Program Files\rhcnkrj0etfg\Uninstall.exe
c:\WINDOWS\system32\blphcjkrj0etfg.scr
c:\WINDOWS\system32\CbEvtSvc.exe
c:\WINDOWS\system32\lphcjkrj0etfg.exe
c:\WINDOWS\system32\phcjkrj0etfg.bmp
c:\WINDOWS\system32\pphcjkrj0etfg.exe
c:\WINDOWS\system32\drivers\54c70b2e.sys
c:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects
c:\Documents and Settings\LocalService\Application Data\rhcnkrj0etfg\Quarantine\Packages

Associated CNN.com Daily Top 10 Windows Registry Information:

Some of these entries are random:

HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen Saver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\54c70b2e
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54c70b2e
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “NoDispBackgroundPage”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “NoDispScrSavPage”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “lphcjkrj0etfg”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “SMrhcnkrj0etfg”