Removal of Antivirus XP 2008

Monday, September 01, 2008    

clip_image001

This mail pretends to come from Microsoft, but it's not. There are many different links being used for the download. Microsoft don't send out EMails asking you to download files from random, non-Microsoft websites.

clip_image002

If you click the link and install the file, then it downloads/installs the rogue security software Antivirus XP 2008 and its related files.A fake antivirus program appear on your  desktop.

clip_image003

By the time you see this, its probably too late.  This threat also  known to send the user fake infected alerts to provoke the victim into buying the product.  It also utilizes the Sysinterals fake Blue Screen of Death Screen Saver to scare the victim.

AntivirusXP 2008, also known as also known as XP Antivirus 2008, Antivirus 2008 XP or AntiVirXP08, is a rogue anti-spyware program that performs fake system scans and displays warning messages to lure you to purchase AntivirusXP 2008's full version. AntivirusXP 2008 is usually downloaded and installed via a trojan called Zlob found on a media codecs that are downloaded from adult websites. AntivirusXP 2008 prompts users with warning messages and popups that state that you are infected with spyware in an attempt to get you to buy AntivirusXP 2008's commercial version. Another attempt used by AntivirusXP 2008 is to perform system scans that show false positives. AntivirusXP 2008 is not a legitimate spyware removal tool. AntivirusXP 2008 is clone of Xp Antivirus, XPAntivirus2008 and Antivirus 2008

Symptoms of Antivirus XP 2008

Pop up balloon warning messages claiming that your PC is infected.

  • "Critical System Error",
  • "Your computer is infected",
  • Hijacked homepage to obscure webpage.
  • Flashing icons appear on your system tray (Near of your system clock).

Manual XP Antivirus 2008 Removal Instructions:

clip_image004

1.Unregister XP Antivirus 2008 DLL Files:

shlwapi.dll
wininet.dll

How to Unregister DLL in Windows XP or Vista

Here's how to do it:

  1. From Start –> Run, type "cmd" then click on Open.
  2. clip_image005
  3. Type "regsvr32 /u filename.dll" where "filename" is the name of the file that you like to unregister.
    clip_image006

Please keep in mind that this involves system modification and can be highly risky. It's always recommended to keep a system backup handy, in case things go wrong
2.Stop XP Antivirus 2008 Processes:
XPAntivirus.exe
XPAntivirusUpdate.exe
xpa.exe
xpa2008.exe

How to Stop a Process in Windows XP or Vista

. Here's how you do it:

  1. Press "Alt+Ctrl+Delete", then click on "Task Manager". You can also launch the Task Manager instantly if you press Ctrl + Shift + ESC simultaneously. This is much easier than accessing it from Ctrl + Alt + Delete or the taskbar. It works for both Windows XP or Windows Vista.
  2. Select the process that you want to stop, then click on "End Process".
  3. clip_image007

It's advised not to stop a system process. Stopping a system process can cause the computer to hang or freeze up.

3.Find and Delete these XP Antivirus 2008:

xpa.exe
xpa2008.exe
XPAntivirus.exe
XPAntivirusUpdate.exe
shlwapi.dll
wininet.dll
XP antivirus
XPAntivirus.lnk
Uninstall XPAntivirus.lnk
XPAntivirus on the Web.lnk
XPAntivirus.url
XP Antivirus 2008.lnk
Uninstall XP Antivirus 2008.lnk

How to find and delete a file in Windows XP or Vista?

  1. From Start –> Search, then click on "For Files and Folders…"
  2. From "What do you want to search for?" list on the left, click on "All files and folders"
    clip_image008
  3. Type the filenames on the search box, and choose the "Local Hard Drives" (normally, it's C: drive)
    clip_image009
  4. Click on "Search". That's it!

4.Remove XP Antivirus 2008 Registry Values:
remove this entry from registry

HKEY_USERS\Software\XP antivirus

Here is how to do it

  1. In Windows XP, from Start, and then click on Run.
  2. Type "regedit", then click on OK.
    clip_image010
  3. Now it opens the Registry Editor.
    clip_image011
  4. You can easily navigate through the subkey if you know what you are looking for. Or, you can press "Ctrl + F" to locate the subkey that contains the value you want to edit. (F3 to Find Next)
    clip_image012

5. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Locate and delete virus1 using right click
Error! Filename not specified.
6. Next Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Locate & delete SMvirus1 using right click
Error! Filename not specified.
7. Now go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1cdj0e12r
del key Virus1 using right click
Error! Filename not specified.
8. Now
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Locate 'AntivirXP08' on right side and delete it.
Now there is only one step left which can be performed only when you log in to windows next time.
9.Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1cdj0e12r
del key Virus1
10. Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
And delete the key Antivirus XP 2008

Tools Needed for this fix:(software’s)

 
Copyright 2008 IToxy