There is a virus on my PC. Superficially, it has changed my desktop background to "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer.".

It has also made it so that I can not change my desktop background, and screensaver. It has changed my screensaver so it appears to be the loading screen of Windows XP Professional (I have Home!) and then tricks me into believing I have the BSOD. However, as it is just a screensaver, I can just click and get off it.

But that's not all. Along with it, it has also brought a wave of constant popups, asking me to download fake antivirus software. It also makes Mozilla crash everytime I try and use it. Thank you very much if you have taken the time to read this.

get process explorer:
http://www.filehippo.com/download_p...
close any programs running in the foreground and background. Then open process explorer and eliminate any virus processes. If you don't know how take a screenshot:
http://www.wikihow.com/Take-a-Scree...

and post it here

now after that is done go here:
http://www.kellys-korner-xp.com/xp_...
go to line 285 and rightclick on "Restore All Display Tabs" and "save as" and save it to desktop then double click it on the desktop and "OK"
having done this procceed to changing your wallpaper and scr saver.

from there proceed to removing the virus/malware

Thanks DarkSonic you are great! But can you tell me how to get rid of it completely instead of just changing the wallpaper? Do I just do a Mcafee scan?
Thanks,
DARTHWALRUS

__
I AM THE WALRUS!

Go to C:\Program Files\rhcc8sj0e14n and delete the whole folder that should work because I've got it :(

This is a nasty little program that makes you think you need anti-spyware and
can lead you to install the real virus. I believe this post is referring to
the 'Antivirus XP 2008' scam. You'll actually pay for a virus to to get
installed on your computer and you wouldn't know it.

If you remember seeing 'Antivirus XP 2008' when you were surfing the web
when this happened or any other time this is definately the solution.

Otherwise these are still good steps to take:

REMOVE THE FILES FROM YOUR HARD-DRIVE:
-Right-Click on My Computer and select Search...
-click All files and folders
-search for *.bmp (all or part of file name)
-Find the one that matches your background
-Note the name of the .bmp file - mine was called phccekj0e3cn.bmp (copy and
paste into notepad or something as you weill need this later, or write it
down as your computer can reboot)
-Search your drives for the last 3 characters noted in previous step. in my
case i searched on *3cn
-This search resulted in 4 files for me.
-Go to your task manager, look under the processes tab, and find the process
that matches the name of one of the files you are trying to delete (the .exe
file)
-end the process - mine was called lphccekj0e3cn.exe
-delete all files found in your search

REMOVE REGISTRY ENTRIES: (not as important since the files are no longer
there but still good idea)
-Start -> Run
-regedit
-Edit -> Find
-I searched on *3cn (the last 3 characters) but this returned some valid
registry entries. I suggest you either carefully delete all entries that look
they are related. I found 5 or 6 valid entries, but they were obvious to me
to not be related.
-typically they will have the full name like "lphccekj0e3cn" In fact you
could probably search on whatever the .exe name was (minus the .exe
extension) and you can surely delete all those entries.

FIX REGISTRY ENTRIES:
-this is what i missed in the previous post. The first time this thing runs
it changes entries in your registry to hide the 'Desktop' and/or 'Screen
Saver' tabs
-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.