XP Antivirus

XP Antivirus 2008

XP Antivirus in Action

The consequences of XP antivirus can be described by this message, which with minor alterations appear on Yahoo! Answers daily:

On my new laptop, I was on youtube when all these windows started popping up, telling me that I had a malicious spyware virus. So, I downloaded the virus scanner that windows recommended, and ran it twice. Then it said my computer needed to be restarted for it to take effect. So, I restarted it, and now since then there are no icons on my desktop when i turn on my computer, and there is no start button, no tool bar or anything! It won't even let me click Alt+Ctrl+Del

It is a desperate cry for help by lots of computer users worldwide.

XP antivirus is an example of the new generation of malware that is so smart that easily fools even advanced PC users and Internet surfers.

  • XP anti virus doesn't install itself - it is downloaded and installed by user deliberately;
  • It doesn't stop having messed up Windows settings, but fools the user into purchasing new software allegedly recommended by Microsoft Windows;
  • It uses Windows-like colors, icons, logos, acts like a legit Windows application, integrates with Windows Security Center messages in the form of tooltips, notification area baloons and call-outs. It sits in tray area totally imitating Windows Help Center behavior.

XP Antivirus: Update 2008

The new XP antivirus 2008, that hit the World Wide Web computers in March, is a major update to its predecessor. By calling it "major update" I mean that XP anti virus became more violent, more resilient, more immune to removal attempts, more "intelligent"; now it's recovering itself after being removed via Add and Remove Programs option in Windows Control Panel.

XP antivirus was aggresively promoted by spamming blogs and forums - which clearly indicated it's not an application you'd want to pay for. It's impossible to imagine avast! or AVG getting web exposure using black hat methods like brutal spamming.

Currently XP antivirus is constantly changing its domains, so there are many sites where it sells itself. Sadly, the "sales pages" of this rogue security software look quite professional - and buyers fall for graphics and promises of "secure web surfing".

This year's XP antivirus is more colourful, too, and features same interface as many legitimate antispyware software tools. It's totally understandable why even senior computer users install this rogue antivirus blindly believing to be protected and secure, while in reality they leave the gates of their computer wide open for a new flood of malware to come in and take control of the PC.

XP antivirus 2008 behaves differently on different computers depending on at what stage of installation it's been caught, but generally the appearance of XP antivirus pop-ups can end in:

  • desktop icons and folders messed up or disappeared;
  • Start button and taskbar disappeared;
  • user's settings corrupted;
  • desktop background wallpaper changed;
  • annoying screensaver you've never seen;
  • disabled Task Manager;
  • Windows Clock appearance changed;
  • Windows unable to boot;
  • Internet Explorer not working.

XP Antivirus may degrade the desktop color scheme to 8 bit instead of 32 bit pattern. This malware also displays fake Blue Screen Of Death (commonly known as BSOD) using Sysinternals software. Additionally, the desktop may look as if Windows were restarting.

It is important to add to the above said that XP antivirus 2008 is targeted at all Windows versions, not just XP. So users of Windows 2000 or 98 cannot feel them unreachable for this malware.

Now, as you've learnt a bit about XP antivirus, it's time to catch it and wipe out from the hard drive. Look below for instructions on how to get rid of XP antivirus both manually or with the help of special removal tools.

XP Antivirus Manual Removal Procedure

Removing XP antivirus can be a tedious task if you blindly count on the power of conventional antivirus software. It is reported that the following antivirus and antispyware programs never detect XP antivirus files:

  • Norton (any year's version);
  • McAfee (Plus, Enterprise, etc. versions);
  • Protector Plus 2008
  • Lavasoft Ad-Aware 2007
  • SpyBot Search & Destroy 1.5x

As you see, a solid protection by any of this security suites is not an obstacle on the way of XP antivirus to your PC. Partially this can be accounted for the nature of this malware which is not a virus by its nature.

Before following the steps, unregister 2 DLL files placed in your system by XP antivirus:

  • shlwapi.dll
  • wininet.dll

How to unregister DLL files? That's easy.

Go to Start-->Run

Type in the box "cmd" without quotes and hit Enter.

A black dos-like window will open. Type in the following commands:

  1. regsvr32 /u shlwapi.dll (hit enter);
  2. regsvr32 /u wininet.dll (again, hit enter).

Below is a screenshot to help you.

Removing XP antivirus DLL's

Unregister XP antivirus DLL-files
Unregister XP antivirus DLL-files

5 Steps to Remove XP Antivirus

After you've successully unregistered 2 DLL libraries belonging to XP antivirus, it's time to get the pest completely wiped out.

The first step to remove XP antivirus is same as for any other program - via Control Panel, Add and Remove Programs.

However, this will remove only some files, so DO NOT restart Windows after you've completed this step.

Second step involves removal of Registry entries.

Click Start-->Run, type in regedit and hit Enter.

The Windows Registry Editor will open. Find the following key in the left pane:

HKEY_USERS\Software\XP antivirus

Right-click on it, select Delete. (Be careful to remove this key only; do not touch others or you risk making your system unbootable or malfunctioning!)

Third step will require the use of Task Manager. You'll have to end two processes related to XP antivirus 2008.

Go to the Processes tab in Task Manager, find and end the following processes:

* XPAntivirus.exe

* XPAntivirusUpdate.exe

 * vav.exe

 * xpa.exe

 * xpa2008.exe

 (Don't worry if some files are missing in your Task Manager; different variations of XP antivirus can be using not all of the above files).

Fourth step: remove the following folder:

C:\Documents and Settings\All Users\Start Menu\Programs\XP antivirus\

Do not be concerned if the folder is not there. If it doesn't exist, simply move on to the next step.

Step five is a bit time-consuming because you'll have to remove a dozen of files related to XP antivirus. You can locate them via Search option in Windows Explorer, or you can find the folder in C:\Program Files\XPAntivirus and try to remove its contents. However, not all of the files will be there, so the use of Search is required anyway.

Here's a list of XP antivirus files that must be deleted:

* xpa.exe

* xpa2008.exe

* XPAntivirus.exe

* XPAntivirusUpdate.exe

* XP antivirus

* XPAntivirus.lnk

* Uninstall XPAntivirus.lnk

* XPAntivirus on the Web.lnk

 * XPAntivirus.url

 * XP Antivirus 2008.lnk

 * Uninstall XP Antivirus 2008.lnk 

Automatic Removal of Windows XP Antivirus 2008

If you feel uncomfortable locating XP antivirus files and registry entries or are just afraid of making harm to your computer, there are several tools that can help to get rid of XP antivirus completely.

Malwarebyte's offers a tool that will remove XP antivirus and lots of its clones and imitators, as well as a bunch of other rogue security software programs.

The free version of Malwarebyte's Anti-malware lacks real-time protection, but it is a fully functional scanner to detect and remove malicious pests.

Or, there's another free tool to remove XP antivirus 2008 and similar rogue software. Rogue Remover will get rid of many fake antivirus and antispyware programs.

A few Words about SpyHunter 3

If you took some time to search the Web for guides on "how to remove fake XP antivirus", you might have noted that most recommended guides recommend SpyHunter as an ultimate automatic remover of this malware.

There seems to be quite an aggressive marketing going on for this antispyware, which in turn makes me conclude that some day we may face yet another rogue security program attacking our computers. Well, that's just a guess.

However, I can't find another explanation as to why reputable forums are so pleased to recommend SpyHunter to the victims of XP antivirus and its various imitations.

Is SpyHunter that good at removing malware?

Adware Report once tested SpyHunter only to find out the program had poor performance, even poorer detection rates, and absolutely mediocre malware removal capabilities. A couple of years passed by, but I've never seen SpyHunter 3 included in any antispyware tests. There's quite a bunch of anti spyware products these days, sure, but I can easily name a dozen or two of most popular, reputable, trusted programs widely used by millions of PC owners worldwide. But, honestly, never before did I hear about SpyHunter's outstanding antispyware performance.

Promotional tactics used to advertise SpyHunter 3 are rather unethical and remind of flashing pop-ups, annoying "online scanners" and banners. Among 12 feedback replies at antivirus.about.com regarding SpyHunter, there's not a single positive opinion expressed.

Webuser.co.ukrated SpyHunter 2 stars out of 5 - less than most average-performing counterparts.

Would you like to pay $30 for, err, dubious software, risking to lose your money while getting nothing in return? I guess I know the answer.

There's not a single reason to use the software you never heard about, especially since there are few, yet reliable programs proven to remove instances of XP antivirus infection and protect computers from reoccurence.

There are reports that SpyHunter tends to display fake infections in its scan results, or marks safe files as infected to scare the user with "dangerous threats found in the system" and urge to pay for the license. This is a shady marketing trick, in the least, but it has nothing to do with enhanced trojan viruses detection or spyware removal.

Antivirus XP 2008 Mutation

It appears that the case with Antivirus XP 2008 is a bit different from XP Antivirus 2008. Though very similar in names, the former uses different file-naming patterns, adding random figures. To indentify if your PC is infected with Antivirus XP 2008, load up the Windows Search and type in the following query:

lphc*.exe

or

rhc*.exe

where * plays the role of a wildcard, helping to search all filenames with the exact beginning.

If you discover at least ONE file that matches the query above, it is a 99,99% sign that your PC is contaminated with a variation of Antivirus XP. The removal procedure for it will be slightly different, but unless there are enough reported cases of infection, I won't be creating a separate hubpage for it to describe the removal steps.

EMSISOFT a-squared Anti-Malware
EMSISOFT a-squared Anti-Malware

Update: Antivirus 2009

Antivirus 2009 is part of the big XP antivirus family.

There's a little trick that allows to remove Antivirus 2009 (also known as AV 2009 or Micro AV 2009). a-squared anti-malware is needed to perform the removal process (you can download it above).

1. When a-squared anti-malware is installed and updated, restart Windows.

2. Open Task Manager. Under the Processes tab, find Explorer.exe service and stop it by clicking on End Process button.

3. The desktop should disappear. No icons, no taskbar should be visible. a-squared anti-malware window is the only thing you can see.

4. Run the Scan. Depending on the size of the hard drive, the operation can take about an hour to complete. Be patient. a-squared anti-malware will display names of detected infections in real-time. Antivirus 2009 will be removed among other pests.

5. When the scan is finished, press ALT-CTRL-DEL, choose Shutdown/Restart.

More by this Author


Comments 291 comments

gepeTooRs 7 months ago

There is noticeably a bundle to know about this. I assume you made certain good factors in features also.


Jenifer 4 years ago

Microsoft anti-virus is not that much good to use ,So I use comodo Anti-virus

http://www.comodo.com/products/comodo-products.php...


charlemont profile image

charlemont 4 years ago from Lithuania Author

Hi Kat, I assume you're able to get into Windows Safe Mode.

http://www.eazyantispyware.com/blog/how-to-boot-in...

If you're successful at that, just open up Microsoft Configuration Utility and disable suspicious entries under Startup tab. By 'suspicious' I mean either entries with digits in the name, or those containing 'av', 'antivirus', or similar patterns. For example, av.exe is definitely suspicious.

http://www.eazyantispyware.com/blog/how-to-disable...

If you disable malicious entries, you'll be able to log on normally after restart without any pop-ups interfering.

I don't think you have to pay to get rid of this malware.

Send me an email at:

http://charlemont.hubpages.com/contact

and I'll help you to sort it out.


Kat Wickle 4 years ago

I'm not very good with computers, so sorry if my question has a really obvious answer. I decided to use malwarebytes because I'm worried I'll mess up my computer even worse, but I can download it because of XP Antivirus. The pop ups get in the way at first, and now I can't even use a browser (I'm using my iPod for this) TO download it. It's been about 6 days since XP Antivirus started popping up everywhere. My highschool blocks the site to download it as well, so I can't use a flash drive. Should I just pay to het it fixed or attempt to fix it manually?

Thanks so much!


Server Antivirus 4 years ago

Thank you for this article, it was a very interesting read and definitely picked up a few ideas and short cuts!


Rina - Anti Virus Clean 6 years ago

Hi I'm publishing a small web blog about anti virus removal and I'm just searching the net for a few information on anti virus programs. Hopefully I can also work with a few of these for my article.


charlemont profile image

charlemont 6 years ago from Lithuania Author

darlene, you can delete the System Restore entries and any virus hiding there will be removed. Under System Restore tab in System Properties (right-click on My Computer, select Properties) highlight your system drive where Windows is installed. Click Settings button and put a check mark next to "Turn off System Restore on All Drives". Or use "Turn off System Restore on all drives" option.

These are steps for Windows XP, but I believe they're similar for Vista as well.


darlene 6 years ago

i paid to have this antivirus taken off my pewter and its back again, i think its in my system restore, i wonder if there is a way to get it off now?


mrcbinc 6 years ago

run unhackme as what you have is a boot log virus that no antivirus will touch but umhackme and malwarebytes will clean it all out and you will be fine. take care where you surf microsoft service provider mrcbinc@hotmail.com


sweety4you profile image

sweety4you 6 years ago

nice information...


Cindy 6 years ago

I've tried these steps but, I think they just upgraded their virus cause none of these are working. I can't get ANY window to open (task manager, add remove programs, run. etc.). Any new suggestions? I caught this before and removed it but those tricks are no longer working.


charlemont profile image

charlemont 6 years ago from Lithuania Author

XP Engine doesn't seem to be a Windows folder. It might be part of some software.


Peter 6 years ago

Hi for the 2nd step:

Second step involves removal of Registry entries.

I have a folder called XP Engine.

Is that the same thing or no?


Anna 6 years ago

even if you only see the xp antivirus 2008 (or any other versions of it) you are already infected even if you don't click on any of the links or pop-ups. my advice would be to download malware anti-virus and run a full scan... it does a great job cleaning up your computer


laura 6 years ago

got the pop up and installed norton it quarantined the file in sept and haven't had any problem. norton does work to detect this issue!


samironwebtrack profile image

samironwebtrack 7 years ago

excellent information, it will very helpfully for me...thanks


charlemont profile image

charlemont 7 years ago from Lithuania Author

Nola, AVG is antivirus so I guess you can keep it. Max Secure tackles a different area of malware. If both programs co-reside peacefully, there's no reason to uninstall any.


Nola 7 years ago

Can you advise me.

I have purchased Max Secure Spyware & Registry Cleaner.

I also have AVG8 free version.

Do I need to keep avg as a virus scanner or does Max Secure take its place??


Keith 7 years ago

My Dad's computer is locked out from the Task Manager... The malware wins.


Susan Mayer 7 years ago

Left a message at your hubpage w/ my new gmail account. My usual e-mail is still not working.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Susan, leave me a message here:

http://hubpages.com/email/user/charlemont

I need your email to send you instructions.


Susan Mayer 7 years ago

Sorry, how do I create the logs you would like to see?


charlemont profile image

charlemont 7 years ago from Lithuania Author

Susan Mayer, to tell you the truth, I expected that NO online scanner would work for you. I'm happy that Bit Defender and a-squared managed to remove lots of pests. Now I'll ask you to create some logs of your system to see what's left malicious.


Susan Mayer 7 years ago

Bit Defender ran and eliminated 29 files but said I was still infected. McAfee had an error in the download of Active X. F-Secure said "application cannot be executed. The file fsonlinescanner.exe is infected." ESET online scanner gave a similar message. Kaspersky said "scan failed to start". Panda said "Active Scan 2.0 update error". Ewido said "Avg-1st-stf-85-322 exe is infected". A-squared Smart scan found 89 files and they were quarentined and deleted. An A-squarted Deep scan found no errors. Still getting System Security pop-ups and can't run e-mail. Have to got to work - talk to you later.


Susan Mayer 7 years ago

Thank you. I'm running them one at a time but it's taking awhile to download each one. The first one - trendmicro housecall - gave me an error that it had problems transfering data from the internet and it got into an infinite loop. Am downloading BitDefender at the moment.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Susan Mayer, can you run any online virus scanner from this list?

http://hubpages.com/technology/Top-Free-Online-Vir

If not, then contact me via Hubpages (on top of the page under my pic), I will look into the issue.


Susan Mayer 7 years ago

I've got problems. I can access the internet but mail is now gone. Keep getting popups telling me I'm infected w/ all sorts of things and I need to buy their software to remove it. Bought McAfee Total Protecton but I can't execute a "run" - get error "Application cannot be executed. File setupxv[1].exe is infected". Tried downloading Malwarebyte's software but still can't execute a "run". Tried running your instructions but can't execute a "cmd". Any ideas?


charlemont profile image

charlemont 7 years ago from Lithuania Author

Ty, contact me via email.


Ty 7 years ago

save me Charlemont! i have an advertisement in my icon tray spamming me with the message "warning security report" bla bla and it keeps changing my wallpaper to the same message, i can't use any administrative stuff, i cant even use ctrl+alt+del it keeps coming up "Task Manager has been disabled by your administrator... i'm the only person that uses this computer and im supposed to be set as admin. i tried the removal steps but removing the registry things didn't work, it came up "Schlwapi.dll was loaded, but the DllUnregisterServer entry was not found This file can not be registered" same with the wininet.dll (i never installed or downloaded XP Antivirus Pro as i already have a full Norton 360 account, any help would be much apreciated. Ty


adi 7 years ago

good


idahosharky 7 years ago

Got most of the work done, I deleted the two DLLs above ( shlwapi.dll and wininet.dll) and now i can not boot up even in safe mode. I get an error : Lass.exe unable to locate component. this application has failed to start because SHLWAPI.dll was not found. reinstalling...

Can you share some insight to get up and running again, Thanks Sharky


Abhishek87 profile image

Abhishek87 7 years ago from India

Wrong link to the hub, here's the right one : http://hubpages.com/technology/-Beginners-Guide-to...


ssaugause 7 years ago

i went and install the free malware but it turned out not to be free at all


FrgttnYr9 7 years ago from oshkosh, wisconsin

A lot of information in this article, i like that. I live with a computer tech, and he told me all about anti viruses, and they aren't always a good thing. But this gave me more information about the subject. thank you


sabrina 7 years ago

Hey charlemont,

This is sabrina. How are you? I sent you email regarding an infection in my computer. The virus is called adware.valient rel. I want to sent you the hijack this log so that you can send me feedback regarding that.

Please reply me through emails .

Are you still in this forum?

Just in case if you see this plz respond to the email I sent you. the virus is replicating.

Sincerely,

sabrina


Miranda_Laney profile image

Miranda_Laney 7 years ago from Kansas

I've been infected with versions of this twice. I recommend Malwarebytes as a malware and spyware remover. It works along with antivirus software and is very effective. Thanks for the great article. It was very informative.


ohdearann 7 years ago

Thanks Charlemont for the help, its very much appreciated =>


ohdearann 7 years ago

Hi Charlemont,

I really appreciate your trying to help out everyone, can u please help me too? I really am not a techie, and ive been afflicted with this horrible xp virus thing, so i decided to run malwarebytes on safe mode, its running okay now. but its says the task manager is disabled. is this a bad thing? please shed some light. your help will be greatly appreciated.


Erick Smart 7 years ago

Thanks for the hub on this one. I feel that I am a really tech savvy person since I have been working intensly with computers for about 18 years but even this one almost got me. It did seem like a legimate message from XP. Luckily I ran my own software first and it told me otherwise.


Cris A profile image

Cris A 7 years ago from Manila, Philippines

I got to bookmark this! Thanks for sharing! I'm off to joining your fan club - do you accept technophobes? LOL


Anthony 7 years ago

I would say get yourself a Mac, problem sloved....I hate PC to the bone...


Pankaj 7 years ago

Great Article, nicely presented..Thanks for sharing..


Belinda Hodge profile image

Belinda Hodge 7 years ago from Brisbane Australia

Hi Charlemont

Thank you for this great info. Our computer workshop has been bombarded in the last month or two with clients PCs infected with this malware. I printed this Hub for my partner and he said to thank you for the great information you put together. My fear in researching this topic has been as you stated, that if you search for information on these viruses you can end up with pop ups by just landing on the wrong website. I've also seen emails claiming to be AVG encouraging users to update their software with download links in the emails. These are fake of course, they are really from this XP Antivirus mob. Thanks again for putting this information together.


ZPH 7 years ago

Hi Charlemont,

Great site, but unfortunately I think the XP Antivirus 2009 folks are getting more sophisticated. I have a laptop here which has been through the following:

I went into MSConfig and configured it to boot in diagnostic mode, which disables almost everything. I also tried going in Safe Mode. Most of what follows I have done from both environments (mostly in Safe Mode).

I am not able to run the setup for SuperAntiSpyware. It "encountered a problem and needs to close."

The mbam-setup program runs as a process for about 15 minutes, then just disappears from Task Manager. I never get any dialog boxes and it doesn't install.

I have downloaded and run a2cmd.exe, and run it with a plethora of switches to do deep scan, scan archives, heuristics... pretty much the works. It got rid of a bunch of stuff, but...

I still can't install MalWareBytes or SuperAntiSpyware. I can't update Symantec AV (not that it would do me a lot of good anyway). I can't visit certain web sites that have to do with anti-malware.

Does this laptop still have the malware, or just "leftovers"?

Any ideas on how to proceed? It seems this malware is developing to the point where re-imaging the hard drive will be the preferred, and perhaps only, solution.

Thanks for the site, though! It has helped in the past.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Hi Jeck,

try this one:

1. Go to Start--Run, type in MSCONFIG and hit enter.

2. Go to Startup tab and uncheck all services. Don't worry, you will be able to start them later on.

3. Restart and load Malwarebyte's, update it and perform full scan.

4. When finished, remove the detected items and restart, then run the scanner again.

5. Now repeat the step with malwarebyte's and put checkmarks back in the startup tab.


Jeck 7 years ago

I went and downloaded the malwarebytes program to handle this issue, however, the virus wont allow to even boot up to handle it. What do I do from here?


gdi profile image

gdi 7 years ago from Italy - Albania - Turkey

nice work :)


sukkran profile image

sukkran 7 years ago from TRICHY, TAMIL NADU, INDIA.

as Far as i am concerned, it is a very useful article. nice work.

sukkran


catalonia profile image

catalonia 7 years ago from Barcelona Spain

I tend to agree on this: This is an important hub to many users. Great information!


RavynSteel profile image

RavynSteel 7 years ago from North Wales

Fantastic hub, I'll remember this step-by-step removal guide next time my partner falls for one of those annoying pop-ups!


    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working