Security firm Sophos warned on Thursday that e-mails being circulated on the Web that purport to offer a free iPhone game instead are carrying a Trojan horse that can take control of infected Windows machines.

The e-mails have subject lines like “Virtual iPhone games!” and “Apple: The most popular game!” The attachment is called “Penguin.Panic.zip,” which refers to the iPhone game of the same name.

The Trojan has been identified as Troj/Agent-HNY, Sophos said.

Sophos has not yet seen versions that run on Mac OS X, the Apple iPhone, or other mobile devices.

Antivirus XP 2008′s Web site looks legit, but caveat emptor.

Yeah, Google.

Apparently, though, the virus is now being spread in more insidious ways, and numerous people who claim safe browsing habits and up-to-date security definitions are being infected–including two of my friends.

In helping them remove it, I discovered an excellent post on the CNET Forums that explained a detailed and accurate method of removal. I’ve retyped it below with more detail in case you’re not able to get to the forums. It’s not particularly complicated, but if you’re not comfortable with advanced settings, I’d recommend proceeding cautiously or get a friend to help.

The scan window from Antivirus XP 2008 also looks legit. It’s also not.

A warning before we begin: do not boot your computer into safe mode. Leave it running as you normally would. I tried restarting into safe mode, and the malware was prepared for that–its folders and files became undetectable.

First, in the Start menu, click on Run. If you can’t find the Run option, hit WIN+R. (That’s the key with the Windows icon on it.)

Type in msconfig, and go to the Startup tab. You’re looking for two files. One begins with the string of letters “lph,” and the second begins with “rhc”. The examples provided are longer strings, “lphc35dj0e1an” and “rhc75dj0e1an”, but after the first three letters, the strings are known to change on different computers. Uncheck the boxes next to both of them, then click on Apply and OK or Close at the bottom of the window.

The scan window from an older version of Antivirus XP 2008.

Restart your computer normally. You’ll notice that the background hasn’t changed. To restore your desktop settings, you’ll need to go to Start > Run again, or Win+R. This time, type in Gpedit.msc. On the left nav, look for User Configuration near the middle. Navigate through Administrative Templates, then Control Panel, and finally Display. When you click on display, you’ll see a list of options open in the central pane. Right click on “Remove Display in Control Panel,” and click “Properties.” Then choose “Disabled.”

Repeat those same steps for the following attributes: Hide Desktop, Prevent changing wallpaper, Hide Appearance and Themes, Hide Settings, and Hide Screen Saver. Change all to “Disabled,” then hit Apply, OK, and restart your computer.

You will still see the Antivirus XP 2008 desktop “theme”, but now you can change it. Anywhere on your desktop, right-click and select properties. The first tab that opens should allow you to change your theme. If you also suffer from massive icons, use the last tab on the right, Settings. In the middle of that tab’s window you’ll see a Screen Resolution option, most likely set to 800×600. Move the slider to the left to choose a more aesthetically appealing resolution.

Source