XP Antivirus

The consequences of XP antivirus can be described by this message, which with minor alterations appear on Yahoo! Answers daily:

On my new laptop, I was on youtube when all these windows started popping up, telling me that I had a malicious spyware virus. So, I downloaded the virus scanner that windows recommended, and ran it twice. Then it said my computer needed to be restarted for it to take effect. So, I restarted it, and now since then there are no icons on my desktop when i turn on my computer, and there is no start button, no tool bar or anything! It won't even let me click Alt+Ctrl+Del

It is a desperate cry for help by lots of computer users worldwide.

XP antivirus is an example of the new generation of malware that is so smart that easily fools even advanced PC users and Internet surfers.

• XP anti virus doesn't install itself - it is downloaded and installed by user deliberately;
• It doesn't stop having messed up Windows settings, but fools the user into purchasing new software allegedly recommended by Microsoft Windows;
• It uses Windows-like colors, icons, logos, acts like a legit Windows application, integrates with Windows Security Center messages in the form of tooltips, notification area baloons and call-outs. It sits in tray area totally imitating Windows Help Center behavior.

The new XP antivirus 2008, that hit the World Wide Web computers in March, is a major update to its predecessor. By calling it "major update" I mean that XP anti virus became more violent, more resilient, more immune to removal attempts, more "intelligent"; now it's recovering itself after being removed via Add and Remove Programs option in Windows Control Panel.

XP antivirus was aggresively promoted by spamming blogs and forums - which clearly indicated it's not an application you'd want to pay for. It's impossible to imagine avast! or AVG getting web exposure using black hat methods like brutal spamming.

Currently XP antivirus is constantly changing its domains, so there are many sites where it sells itself. Sadly, the "sales pages" of this rogue security software look quite professional - and buyers fall for graphics and promises of "secure web surfing".

This year's XP antivirus is more colourful, too, and features same interface as many legitimate antispyware software tools. It's totally understandable why even senior computer users install this rogue antivirus blindly believing to be protected and secure, while in reality they leave the gates of their computer wide open for a new flood of malware to come in and take control of the PC.

XP antivirus 2008 behaves differently on different computers depending on at what stage of installation it's been caught, but generally the appearance of XP antivirus pop-ups can end in:

• desktop icons and folders messed up or disappeared;
• Start button and taskbar disappeared;
• user's settings corrupted;
• desktop background wallpaper changed;
• annoying screensaver you've never seen;
• disabled Task Manager;
• Windows Clock appearance changed;
• Windows unable to boot;
• Internet Explorer not working.

XP Antivirus may degrade the desktop color scheme to 8 bit instead of 32 bit pattern. This malware also displays fake Blue Screen Of Death (commonly known as BSOD) using Sysinternals software. Additionally, the desktop may look as if Windows were restarting.

It is important to add to the above said that XP antivirus 2008 is targeted at all Windows versions, not just XP. So users of Windows 2000 or 98 cannot feel them unreachable for this malware.

Now, as you've learnt a bit about XP antivirus, it's time to catch it and wipe out from the hard drive. Look below for instructions on how to get rid of XP antivirus both manually or with the help of special removal tools.

Removing XP antivirus can be a tedious task if you blindly count on the power of conventional antivirus software. It is reported that the following antivirus and antispyware programs never detect XP antivirus files:

• Norton (any year's version);
• McAfee (Plus, Enterprise, etc. versions);
• Protector Plus 2008
• Lavasoft Ad-Aware 2007
• SpyBot Search & Destroy 1.5x

As you see, a solid protection by any of this security suites is not an obstacle on the way of XP antivirus to your PC. Partially this can be accounted for the nature of this malware which is not a virus by its nature.

Before following the steps, unregister 2 DLL files placed in your system by XP antivirus:

• shlwapi.dll
• wininet.dll

How to unregister DLL files? That's easy.

Go to Start-->Run

Type in the box "cmd" without quotes and hit Enter.

A black dos-like window will open. Type in the following commands:

1. regsvr32 /u shlwapi.dll (hit enter);
2. regsvr32 /u wininet.dll (again, hit enter).

Below is a screenshot to help you.

After you've successully unregistered 2 DLL libraries belonging to XP antivirus, it's time to get the pest completely wiped out.

The first step to remove XP antivirus is same as for any other program - via Control Panel, Add and Remove Programs.

However, this will remove only some files, so DO NOT restart Windows after you've completed this step.

Second step involves removal of Registry entries.

Click Start-->Run, type in regedit and hit Enter.

The Windows Registry Editor will open. Find the following key in the left pane:

HKEY_USERS\Software\XP antivirus

Right-click on it, select Delete. (Be careful to remove this key only; do not touch others or you risk making your system unbootable or malfunctioning!)

Third step will require the use of Task Manager. You'll have to end two processes related to XP antivirus 2008.

Go to the Processes tab in Task Manager, find and end the following processes:

* XPAntivirus.exe

* XPAntivirusUpdate.exe

 * vav.exe

 * xpa.exe

 * xpa2008.exe

 (Don't worry if some files are missing in your Task Manager; different variations of XP antivirus can be using not all of the above files).

Fourth step: remove the following folder:

C:\Documents and Settings\All Users\Start Menu\Programs\XP antivirus\

Do not be concerned if the folder is not there. If it doesn't exist, simply move on to the next step.

Step five is a bit time-consuming because you'll have to remove a dozen of files related to XP antivirus. You can locate them via Search option in Windows Explorer, or you can find the folder in C:\Program Files\XPAntivirus and try to remove its contents. However, not all of the files will be there, so the use of Search is required anyway.

Here's a list of XP antivirus files that must be deleted:

* xpa.exe

* xpa2008.exe

* XPAntivirus.exe

* XPAntivirusUpdate.exe

* XP antivirus

* XPAntivirus.lnk

* Uninstall XPAntivirus.lnk

* XPAntivirus on the Web.lnk

 * XPAntivirus.url

 * XP Antivirus 2008.lnk

 * Uninstall XP Antivirus 2008.lnk 

If you feel uncomfortable locating XP antivirus files and registry entries or are just afraid of making harm to your computer, there are several tools that can help to get rid of XP antivirus completely.

Malwarebyte's offers a tool that will remove XP antivirus and lots of its clones and imitators, as well as a bunch of other rogue security software programs.

The free version of Malwarebyte's Anti-malware lacks real-time protection, but it is a fully functional scanner to detect and remove malicious pests.

Or, there's another free tool to remove XP antivirus 2008 and similar rogue software. Rogue Remover will get rid of many fake antivirus and antispyware programs.

If you took some time to search the Web for guides on "how to remove fake XP antivirus", you might have noted that most recommended guides recommend SpyHunter as an ultimate automatic remover of this malware.

There seems to be quite an aggressive marketing going on for this antispyware, which in turn makes me conclude that some day we may face yet another rogue security program attacking our computers. Well, that's just a guess.

However, I can't find another explanation as to why reputable forums are so pleased to recommend SpyHunter to the victims of XP antivirus and its various imitations.

Is SpyHunter that good at removing malware?

Adware Report once tested SpyHunter only to find out the program had poor performance, even poorer detection rates, and absolutely mediocre malware removal capabilities. A couple of years passed by, but I've never seen SpyHunter 3 included in any antispyware tests. There's quite a bunch of anti spyware products these days, sure, but I can easily name a dozen or two of most popular, reputable, trusted programs widely used by millions of PC owners worldwide. But, honestly, never before did I hear about SpyHunter's outstanding antispyware performance.

Promotional tactics used to advertise SpyHunter 3 are rather unethical and remind of flashing pop-ups, annoying "online scanners" and banners. Among 12 feedback replies at antivirus.about.com regarding SpyHunter, there's not a single positive opinion expressed.

Webuser.co.ukrated SpyHunter 2 stars out of 5 - less than most average-performing counterparts.

Would you like to pay $30 for, err, dubious software, risking to lose your money while getting nothing in return? I guess I know the answer.

There's not a single reason to use the software you never heard about, especially since there are few, yet reliable programs proven to remove instances of XP antivirus infection and protect computers from reoccurence.

There are reports that SpyHunter tends to display fake infections in its scan results, or marks safe files as infected to scare the user with "dangerous threats found in the system" and urge to pay for the license. This is a shady marketing trick, in the least, but it has nothing to do with enhanced trojan viruses detection or spyware removal.

It appears that the case with Antivirus XP 2008 is a bit different from XP Antivirus 2008. Though very similar in names, the former uses different file-naming patterns, adding random figures. To indentify if your PC is infected with Antivirus XP 2008, load up the Windows Search and type in the following query:

lphc*.exe

or

rhc*.exe

where * plays the role of a wildcard, helping to search all filenames with the exact beginning.

If you discover at least ONE file that matches the query above, it is a 99,99% sign that your PC is contaminated with a variation of Antivirus XP. The removal procedure for it will be slightly different, but unless there are enough reported cases of infection, I won't be creating a separate hubpage for it to describe the removal steps.

Antivirus 2009 is part of the big XP antivirus family.

There's a little trick that allows to remove Antivirus 2009 (also known as AV 2009 or Micro AV 2009). a-squared anti-malware is needed to perform the removal process (you can download it above).

1. When a-squared anti-malware is installed and updated, restart Windows.

2. Open Task Manager. Under the Processes tab, find Explorer.exe service and stop it by clicking on End Process button.

3. The desktop should disappear. No icons, no taskbar should be visible. a-squared anti-malware window is the only thing you can see.

4. Run the Scan. Depending on the size of the hard drive, the operation can take about an hour to complete. Be patient. a-squared anti-malware will display names of detected infections in real-time. Antivirus 2009 will be removed among other pests.

5. When the scan is finished, press ALT-CTRL-DEL, choose Shutdown/Restart.