Just so you're all aware there is a new malware being spread out on the net. I got hit with it earlier today visiting what looked like a legitimate video site.

It's called "Antivirus XP 2008" and is attached to a download of a codec pack that you are told is needed to view a video or picture.

(It may also be attached in a message that you need an ActiveX update)

It actually plants a constant image on a blue desktop (you lose your desktop image, if you have one) and a constant pop-up generates, telling you that a virus has been detected and directs you to a very good replica of a microsoft page that wants $50 - $100 for the Antivirus XP 2008 cure (depending on the package you purchase). It is a POS and also has to be removed.

Luckily, I figured it out before buying, but it still took me 4 hours to clean my folders, files, and registries. I also had to create a new registry to get back my screensaver and desktop background option tabs.

Below are some basic instructions for manually removing this malware. Please read carefully and perform at your own risk!

First you need to stop the program from loading on startup. This is what you do to stop it:

Click "Start," then, "run"

Type: msconfig

Go to Startup tab

Uncheck lphc35dj0e1an <----- These number/letters may be different

Uncheck rhc75dj0e1an <------- but will be similar to each other. Usually two that are very similar. These were taken from my computer.

Click: apply

Stop XP Antivirus 2008 Processes:

Access Processes by pressing Cont+Alt+Delete simultaneously (1 time)

(All below may or may not be present - stop any found)

vav.exe

XPAntivirus.exe

XPAntivirusUpdate.exe

xpa.exe

xpa2008.exe

Click: OK

Restart computer

Then you need to delete the main files this program uses. Delete the following files.

C:\windows\system32\lphc35dj0e1an.exe <------ Again, your .exe may be different than these!

C:\program files\rhc75dj0e1an\rhc75dj0e1an.exe

Also, do not forget to do a file and folder search...

Find and Delete these XP Antivirus 2008:

(may or may not be present)

xpa.exe

vav.exe

xpa2008.exe

XPAntivirus.exe

XPAntivirusUpdate.exe

XP antivirus

XPAntivirus.lnk

Uninstall XPAntivirus.lnk

XPAntivirus on the Web.lnk

XPAntivirus.url

XP Antivirus 2008.lnk

Uninstall XP Antivirus 2008.lnk

This should remove the program from your system but you probably still have a warning message displayed as your wallpaper in Windows and the virus removed the ability to change the wallpaper or your desktop settings.

To restore ability to change your desktop settings and select a different wallpaper and screen saver do the following:

Click: Start->Run->type: regedit ->click "OK"

Open the following folders\subfolders in order:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\Policies\System

“System” being the last sub-folder.

create new entries:

1) a REG_DWORD entry called: NoDispBackgroundPage

2) a REG_DWORD entry called: NoDispScrSavPage

As long as their values are both set to 0, your tabs will be back.

Restart Computer

For more information on viruses including removing the latest one in this family called AntiVirus 2010, please visit this website.