ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel
  • »
  • Technology»
  • Internet & the Web»
  • Viruses, Spyware & Internet Security

XP Antivirus

Updated on December 16, 2011

XP Antivirus 2008

XP Antivirus in Action

The consequences of XP antivirus can be described by this message, which with minor alterations appear on Yahoo! Answers daily:

On my new laptop, I was on youtube when all these windows started popping up, telling me that I had a malicious spyware virus. So, I downloaded the virus scanner that windows recommended, and ran it twice. Then it said my computer needed to be restarted for it to take effect. So, I restarted it, and now since then there are no icons on my desktop when i turn on my computer, and there is no start button, no tool bar or anything! It won't even let me click Alt+Ctrl+Del

It is a desperate cry for help by lots of computer users worldwide.

XP antivirus is an example of the new generation of malware that is so smart that easily fools even advanced PC users and Internet surfers.

  • XP anti virus doesn't install itself - it is downloaded and installed by user deliberately;
  • It doesn't stop having messed up Windows settings, but fools the user into purchasing new software allegedly recommended by Microsoft Windows;
  • It uses Windows-like colors, icons, logos, acts like a legit Windows application, integrates with Windows Security Center messages in the form of tooltips, notification area baloons and call-outs. It sits in tray area totally imitating Windows Help Center behavior.

XP Antivirus: Update 2008

The new XP antivirus 2008, that hit the World Wide Web computers in March, is a major update to its predecessor. By calling it "major update" I mean that XP anti virus became more violent, more resilient, more immune to removal attempts, more "intelligent"; now it's recovering itself after being removed via Add and Remove Programs option in Windows Control Panel.

XP antivirus was aggresively promoted by spamming blogs and forums - which clearly indicated it's not an application you'd want to pay for. It's impossible to imagine avast! or AVG getting web exposure using black hat methods like brutal spamming.

Currently XP antivirus is constantly changing its domains, so there are many sites where it sells itself. Sadly, the "sales pages" of this rogue security software look quite professional - and buyers fall for graphics and promises of "secure web surfing".

This year's XP antivirus is more colourful, too, and features same interface as many legitimate antispyware software tools. It's totally understandable why even senior computer users install this rogue antivirus blindly believing to be protected and secure, while in reality they leave the gates of their computer wide open for a new flood of malware to come in and take control of the PC.

XP antivirus 2008 behaves differently on different computers depending on at what stage of installation it's been caught, but generally the appearance of XP antivirus pop-ups can end in:

  • desktop icons and folders messed up or disappeared;
  • Start button and taskbar disappeared;
  • user's settings corrupted;
  • desktop background wallpaper changed;
  • annoying screensaver you've never seen;
  • disabled Task Manager;
  • Windows Clock appearance changed;
  • Windows unable to boot;
  • Internet Explorer not working.

XP Antivirus may degrade the desktop color scheme to 8 bit instead of 32 bit pattern. This malware also displays fake Blue Screen Of Death (commonly known as BSOD) using Sysinternals software. Additionally, the desktop may look as if Windows were restarting.

It is important to add to the above said that XP antivirus 2008 is targeted at all Windows versions, not just XP. So users of Windows 2000 or 98 cannot feel them unreachable for this malware.

Now, as you've learnt a bit about XP antivirus, it's time to catch it and wipe out from the hard drive. Look below for instructions on how to get rid of XP antivirus both manually or with the help of special removal tools.

XP Antivirus Manual Removal Procedure

Removing XP antivirus can be a tedious task if you blindly count on the power of conventional antivirus software. It is reported that the following antivirus and antispyware programs never detect XP antivirus files:

  • Norton (any year's version);
  • McAfee (Plus, Enterprise, etc. versions);
  • Protector Plus 2008
  • Lavasoft Ad-Aware 2007
  • SpyBot Search & Destroy 1.5x

As you see, a solid protection by any of this security suites is not an obstacle on the way of XP antivirus to your PC. Partially this can be accounted for the nature of this malware which is not a virus by its nature.

Before following the steps, unregister 2 DLL files placed in your system by XP antivirus:

  • shlwapi.dll
  • wininet.dll

How to unregister DLL files? That's easy.

Go to Start-->Run

Type in the box "cmd" without quotes and hit Enter.

A black dos-like window will open. Type in the following commands:

  1. regsvr32 /u shlwapi.dll (hit enter);
  2. regsvr32 /u wininet.dll (again, hit enter).

Below is a screenshot to help you.

Removing XP antivirus DLL's

Unregister XP antivirus DLL-files
Unregister XP antivirus DLL-files

5 Steps to Remove XP Antivirus

After you've successully unregistered 2 DLL libraries belonging to XP antivirus, it's time to get the pest completely wiped out.

The first step to remove XP antivirus is same as for any other program - via Control Panel, Add and Remove Programs.

However, this will remove only some files, so DO NOT restart Windows after you've completed this step.

Second step involves removal of Registry entries.

Click Start-->Run, type in regedit and hit Enter.

The Windows Registry Editor will open. Find the following key in the left pane:

HKEY_USERS\Software\XP antivirus

Right-click on it, select Delete. (Be careful to remove this key only; do not touch others or you risk making your system unbootable or malfunctioning!)

Third step will require the use of Task Manager. You'll have to end two processes related to XP antivirus 2008.

Go to the Processes tab in Task Manager, find and end the following processes:

* XPAntivirus.exe

* XPAntivirusUpdate.exe

 * vav.exe

 * xpa.exe

 * xpa2008.exe

 (Don't worry if some files are missing in your Task Manager; different variations of XP antivirus can be using not all of the above files).

Fourth step: remove the following folder:

C:\Documents and Settings\All Users\Start Menu\Programs\XP antivirus\

Do not be concerned if the folder is not there. If it doesn't exist, simply move on to the next step.

Step five is a bit time-consuming because you'll have to remove a dozen of files related to XP antivirus. You can locate them via Search option in Windows Explorer, or you can find the folder in C:\Program Files\XPAntivirus and try to remove its contents. However, not all of the files will be there, so the use of Search is required anyway.

Here's a list of XP antivirus files that must be deleted:

* xpa.exe

* xpa2008.exe

* XPAntivirus.exe

* XPAntivirusUpdate.exe

* XP antivirus

* XPAntivirus.lnk

* Uninstall XPAntivirus.lnk

* XPAntivirus on the Web.lnk

 * XPAntivirus.url

 * XP Antivirus 2008.lnk

 * Uninstall XP Antivirus 2008.lnk 

Automatic Removal of Windows XP Antivirus 2008

If you feel uncomfortable locating XP antivirus files and registry entries or are just afraid of making harm to your computer, there are several tools that can help to get rid of XP antivirus completely.

Malwarebyte's offers a tool that will remove XP antivirus and lots of its clones and imitators, as well as a bunch of other rogue security software programs.

The free version of Malwarebyte's Anti-malware lacks real-time protection, but it is a fully functional scanner to detect and remove malicious pests.

Or, there's another free tool to remove XP antivirus 2008 and similar rogue software. Rogue Remover will get rid of many fake antivirus and antispyware programs.

A few Words about SpyHunter 3

If you took some time to search the Web for guides on "how to remove fake XP antivirus", you might have noted that most recommended guides recommend SpyHunter as an ultimate automatic remover of this malware.

There seems to be quite an aggressive marketing going on for this antispyware, which in turn makes me conclude that some day we may face yet another rogue security program attacking our computers. Well, that's just a guess.

However, I can't find another explanation as to why reputable forums are so pleased to recommend SpyHunter to the victims of XP antivirus and its various imitations.

Is SpyHunter that good at removing malware?

Adware Report once tested SpyHunter only to find out the program had poor performance, even poorer detection rates, and absolutely mediocre malware removal capabilities. A couple of years passed by, but I've never seen SpyHunter 3 included in any antispyware tests. There's quite a bunch of anti spyware products these days, sure, but I can easily name a dozen or two of most popular, reputable, trusted programs widely used by millions of PC owners worldwide. But, honestly, never before did I hear about SpyHunter's outstanding antispyware performance.

Promotional tactics used to advertise SpyHunter 3 are rather unethical and remind of flashing pop-ups, annoying "online scanners" and banners. Among 12 feedback replies at antivirus.about.com regarding SpyHunter, there's not a single positive opinion expressed.

Webuser.co.ukrated SpyHunter 2 stars out of 5 - less than most average-performing counterparts.

Would you like to pay $30 for, err, dubious software, risking to lose your money while getting nothing in return? I guess I know the answer.

There's not a single reason to use the software you never heard about, especially since there are few, yet reliable programs proven to remove instances of XP antivirus infection and protect computers from reoccurence.

There are reports that SpyHunter tends to display fake infections in its scan results, or marks safe files as infected to scare the user with "dangerous threats found in the system" and urge to pay for the license. This is a shady marketing trick, in the least, but it has nothing to do with enhanced trojan viruses detection or spyware removal.

Antivirus XP 2008 Mutation

It appears that the case with Antivirus XP 2008 is a bit different from XP Antivirus 2008. Though very similar in names, the former uses different file-naming patterns, adding random figures. To indentify if your PC is infected with Antivirus XP 2008, load up the Windows Search and type in the following query:

lphc*.exe

or

rhc*.exe

where * plays the role of a wildcard, helping to search all filenames with the exact beginning.

If you discover at least ONE file that matches the query above, it is a 99,99% sign that your PC is contaminated with a variation of Antivirus XP. The removal procedure for it will be slightly different, but unless there are enough reported cases of infection, I won't be creating a separate hubpage for it to describe the removal steps.

EMSISOFT a-squared Anti-Malware
EMSISOFT a-squared Anti-Malware

Update: Antivirus 2009

Antivirus 2009 is part of the big XP antivirus family.

There's a little trick that allows to remove Antivirus 2009 (also known as AV 2009 or Micro AV 2009). a-squared anti-malware is needed to perform the removal process (you can download it above).

1. When a-squared anti-malware is installed and updated, restart Windows.

2. Open Task Manager. Under the Processes tab, find Explorer.exe service and stop it by clicking on End Process button.

3. The desktop should disappear. No icons, no taskbar should be visible. a-squared anti-malware window is the only thing you can see.

4. Run the Scan. Depending on the size of the hard drive, the operation can take about an hour to complete. Be patient. a-squared anti-malware will display names of detected infections in real-time. Antivirus 2009 will be removed among other pests.

5. When the scan is finished, press ALT-CTRL-DEL, choose Shutdown/Restart.

Comments

    0 of 8192 characters used
    Post Comment

    • profile image

      gepeTooRs 18 months ago

      There is noticeably a bundle to know about this. I assume you made certain good factors in features also.

    • profile image

      Jenifer 5 years ago

      Microsoft anti-virus is not that much good to use ,So I use comodo Anti-virus

      http://www.comodo.com/products/comodo-products.php...

    • charlemont profile image
      Author

      charlemont 5 years ago from Lithuania

      Hi Kat, I assume you're able to get into Windows Safe Mode.

      http://www.eazyantispyware.com/blog/how-to-boot-in...

      If you're successful at that, just open up Microsoft Configuration Utility and disable suspicious entries under Startup tab. By 'suspicious' I mean either entries with digits in the name, or those containing 'av', 'antivirus', or similar patterns. For example, av.exe is definitely suspicious.

      http://www.eazyantispyware.com/blog/how-to-disable...

      If you disable malicious entries, you'll be able to log on normally after restart without any pop-ups interfering.

      I don't think you have to pay to get rid of this malware.

      Send me an email at:

      http://charlemont.hubpages.com/contact

      and I'll help you to sort it out.

    • profile image

      Kat Wickle 5 years ago

      I'm not very good with computers, so sorry if my question has a really obvious answer. I decided to use malwarebytes because I'm worried I'll mess up my computer even worse, but I can download it because of XP Antivirus. The pop ups get in the way at first, and now I can't even use a browser (I'm using my iPod for this) TO download it. It's been about 6 days since XP Antivirus started popping up everywhere. My highschool blocks the site to download it as well, so I can't use a flash drive. Should I just pay to het it fixed or attempt to fix it manually?

      Thanks so much!

    • profile image

      Server Antivirus 5 years ago

      Thank you for this article, it was a very interesting read and definitely picked up a few ideas and short cuts!

    • profile image

      Rina - Anti Virus Clean 7 years ago

      Hi I'm publishing a small web blog about anti virus removal and I'm just searching the net for a few information on anti virus programs. Hopefully I can also work with a few of these for my article.

    • charlemont profile image
      Author

      charlemont 7 years ago from Lithuania

      darlene, you can delete the System Restore entries and any virus hiding there will be removed. Under System Restore tab in System Properties (right-click on My Computer, select Properties) highlight your system drive where Windows is installed. Click Settings button and put a check mark next to "Turn off System Restore on All Drives". Or use "Turn off System Restore on all drives" option.

      These are steps for Windows XP, but I believe they're similar for Vista as well.

    • profile image

      darlene 7 years ago

      i paid to have this antivirus taken off my pewter and its back again, i think its in my system restore, i wonder if there is a way to get it off now?

    • profile image

      mrcbinc 7 years ago

      run unhackme as what you have is a boot log virus that no antivirus will touch but umhackme and malwarebytes will clean it all out and you will be fine. take care where you surf microsoft service provider mrcbinc@hotmail.com

    • sweety4you profile image

      sweety4you 7 years ago

      nice information...

    • profile image

      Cindy 7 years ago

      I've tried these steps but, I think they just upgraded their virus cause none of these are working. I can't get ANY window to open (task manager, add remove programs, run. etc.). Any new suggestions? I caught this before and removed it but those tricks are no longer working.

    • charlemont profile image
      Author

      charlemont 7 years ago from Lithuania

      XP Engine doesn't seem to be a Windows folder. It might be part of some software.

    • profile image

      Peter 7 years ago

      Hi for the 2nd step:

      Second step involves removal of Registry entries.

      I have a folder called XP Engine.

      Is that the same thing or no?

    • profile image

      Anna 7 years ago

      even if you only see the xp antivirus 2008 (or any other versions of it) you are already infected even if you don't click on any of the links or pop-ups. my advice would be to download malware anti-virus and run a full scan... it does a great job cleaning up your computer

    • profile image

      laura 7 years ago

      got the pop up and installed norton it quarantined the file in sept and haven't had any problem. norton does work to detect this issue!

    • samironwebtrack profile image

      samironwebtrack 7 years ago

      excellent information, it will very helpfully for me...thanks

    • charlemont profile image
      Author

      charlemont 8 years ago from Lithuania

      Nola, AVG is antivirus so I guess you can keep it. Max Secure tackles a different area of malware. If both programs co-reside peacefully, there's no reason to uninstall any.

    • profile image

      Nola 8 years ago

      Can you advise me.

      I have purchased Max Secure Spyware & Registry Cleaner.

      I also have AVG8 free version.

      Do I need to keep avg as a virus scanner or does Max Secure take its place??

    • profile image

      Keith 8 years ago

      My Dad's computer is locked out from the Task Manager... The malware wins.

    • profile image

      Susan Mayer 8 years ago

      Left a message at your hubpage w/ my new gmail account. My usual e-mail is still not working.

    • charlemont profile image
      Author

      charlemont 8 years ago from Lithuania

      Susan, leave me a message here:

      http://hubpages.com/email/user/charlemont

      I need your email to send you instructions.

    • profile image

      Susan Mayer 8 years ago

      Sorry, how do I create the logs you would like to see?

    • charlemont profile image
      Author

      charlemont 8 years ago from Lithuania

      Susan Mayer, to tell you the truth, I expected that NO online scanner would work for you. I'm happy that Bit Defender and a-squared managed to remove lots of pests. Now I'll ask you to create some logs of your system to see what's left malicious.

    • profile image

      Susan Mayer 8 years ago

      Bit Defender ran and eliminated 29 files but said I was still infected. McAfee had an error in the download of Active X. F-Secure said "application cannot be executed. The file fsonlinescanner.exe is infected." ESET online scanner gave a similar message. Kaspersky said "scan failed to start". Panda said "Active Scan 2.0 update error". Ewido said "Avg-1st-stf-85-322 exe is infected". A-squared Smart scan found 89 files and they were quarentined and deleted. An A-squarted Deep scan found no errors. Still getting System Security pop-ups and can't run e-mail. Have to got to work - talk to you later.

    • profile image

      Susan Mayer 8 years ago

      Thank you. I'm running them one at a time but it's taking awhile to download each one. The first one - trendmicro housecall - gave me an error that it had problems transfering data from the internet and it got into an infinite loop. Am downloading BitDefender at the moment.

    • charlemont profile image
      Author

      charlemont 8 years ago from Lithuania

      Susan Mayer, can you run any online virus scanner from this list?

      https://hubpages.com/technology/Top-Free-Online-Vi

      If not, then contact me via Hubpages (on top of the page under my pic), I will look into the issue.

    • profile image

      Susan Mayer 8 years ago

      I've got problems. I can access the internet but mail is now gone. Keep getting popups telling me I'm infected w/ all sorts of things and I need to buy their software to remove it. Bought McAfee Total Protecton but I can't execute a "run" - get error "Application cannot be executed. File setupxv[1].exe is infected". Tried downloading Malwarebyte's software but still can't execute a "run". Tried running your instructions but can't execute a "cmd". Any ideas?

    • charlemont profile image
      Author

      charlemont 8 years ago from Lithuania

      Ty, contact me via email.

    • profile image

      Ty 8 years ago

      save me Charlemont! i have an advertisement in my icon tray spamming me with the message "warning security report" bla bla and it keeps changing my wallpaper to the same message, i can't use any administrative stuff, i cant even use ctrl+alt+del it keeps coming up "Task Manager has been disabled by your administrator... i'm the only person that uses this computer and im supposed to be set as admin. i tried the removal steps but removing the registry things didn't work, it came up "Schlwapi.dll was loaded, but the DllUnregisterServer entry was not found This file can not be registered" same with the wininet.dll (i never installed or downloaded XP Antivirus Pro as i already have a full Norton 360 account, any help would be much apreciated. Ty

    • profile image

      adi 8 years ago

      good

    • profile image

      idahosharky 8 years ago

      Got most of the work done, I deleted the two DLLs above ( shlwapi.dll and wininet.dll) and now i can not boot up even in safe mode. I get an error : Lass.exe unable to locate component. this application has failed to start because SHLWAPI.dll was not found. reinstalling...

      Can you share some insight to get up and running again, Thanks Sharky

    • Abhishek87 profile image

      Abhishek87 8 years ago from India

      Wrong link to the hub, here's the right one : https://hubpages.com/technology/-Beginners-Guide-t...

    • profile image

      ssaugause 8 years ago

      i went and install the free malware but it turned out not to be free at all

    • profile image

      FrgttnYr9 8 years ago from oshkosh, wisconsin

      A lot of information in this article, i like that. I live with a computer tech, and he told me all about anti viruses, and they aren't always a good thing. But this gave me more information about the subject. thank you

    • profile image

      sabrina 8 years ago

      Hey charlemont,

      This is sabrina. How are you? I sent you email regarding an infection in my computer. The virus is called adware.valient rel. I want to sent you the hijack this log so that you can send me feedback regarding that.

      Please reply me through emails .

      Are you still in this forum?

      Just in case if you see this plz respond to the email I sent you. the virus is replicating.

      Sincerely,

      sabrina

    • Miranda_Laney profile image

      Miranda_Laney 8 years ago from Kansas

      I've been infected with versions of this twice. I recommend Malwarebytes as a malware and spyware remover. It works along with antivirus software and is very effective. Thanks for the great article. It was very informative.

    • profile image

      ohdearann 8 years ago

      Thanks Charlemont for the help, its very much appreciated =>

    • profile image

      ohdearann 8 years ago

      Hi Charlemont,

      I really appreciate your trying to help out everyone, can u please help me too? I really am not a techie, and ive been afflicted with this horrible xp virus thing, so i decided to run malwarebytes on safe mode, its running okay now. but its says the task manager is disabled. is this a bad thing? please shed some light. your help will be greatly appreciated.

    • profile image

      Erick Smart 8 years ago

      Thanks for the hub on this one. I feel that I am a really tech savvy person since I have been working intensly with computers for about 18 years but even this one almost got me. It did seem like a legimate message from XP. Luckily I ran my own software first and it told me otherwise.

    • Cris A profile image

      Cris A 8 years ago from Manila, Philippines

      I got to bookmark this! Thanks for sharing! I'm off to joining your fan club - do you accept technophobes? LOL

    • profile image

      Anthony 8 years ago

      I would say get yourself a Mac, problem sloved....I hate PC to the bone...

    • profile image

      Pankaj 8 years ago

      Great Article, nicely presented..Thanks for sharing..

    • Belinda Hodge profile image

      Belinda Hodge 8 years ago from Brisbane Australia

      Hi Charlemont

      Thank you for this great info. Our computer workshop has been bombarded in the last month or two with clients PCs infected with this malware. I printed this Hub for my partner and he said to thank you for the great information you put together. My fear in researching this topic has been as you stated, that if you search for information on these viruses you can end up with pop ups by just landing on the wrong website. I've also seen emails claiming to be AVG encouraging users to update their software with download links in the emails. These are fake of course, they are really from this XP Antivirus mob. Thanks again for putting this information together.

    • profile image

      ZPH 8 years ago

      Hi Charlemont,

      Great site, but unfortunately I think the XP Antivirus 2009 folks are getting more sophisticated. I have a laptop here which has been through the following:

      I went into MSConfig and configured it to boot in diagnostic mode, which disables almost everything. I also tried going in Safe Mode. Most of what follows I have done from both environments (mostly in Safe Mode).

      I am not able to run the setup for SuperAntiSpyware. It "encountered a problem and needs to close."

      The mbam-setup program runs as a process for about 15 minutes, then just disappears from Task Manager. I never get any dialog boxes and it doesn't install.

      I have downloaded and run a2cmd.exe, and run it with a plethora of switches to do deep scan, scan archives, heuristics... pretty much the works. It got rid of a bunch of stuff, but...

      I still can't install MalWareBytes or SuperAntiSpyware. I can't update Symantec AV (not that it would do me a lot of good anyway). I can't visit certain web sites that have to do with anti-malware.

      Does this laptop still have the malware, or just "leftovers"?

      Any ideas on how to proceed? It seems this malware is developing to the point where re-imaging the hard drive will be the preferred, and perhaps only, solution.

      Thanks for the site, though! It has helped in the past.

    • charlemont profile image
      Author

      charlemont 8 years ago from Lithuania

      Hi Jeck,

      try this one:

      1. Go to Start--Run, type in MSCONFIG and hit enter.

      2. Go to Startup tab and uncheck all services. Don't worry, you will be able to start them later on.

      3. Restart and load Malwarebyte's, update it and perform full scan.

      4. When finished, remove the detected items and restart, then run the scanner again.

      5. Now repeat the step with malwarebyte's and put checkmarks back in the startup tab.

    • profile image

      Jeck 8 years ago

      I went and downloaded the malwarebytes program to handle this issue, however, the virus wont allow to even boot up to handle it. What do I do from here?

    • gdi profile image

      gdi 8 years ago from Italy - Albania - Turkey

      nice work :)

    • sukkran profile image

      Mohideen Basha 8 years ago from TRICHY, TAMIL NADU, INDIA.

      as Far as i am concerned, it is a very useful article. nice work.

      sukkran

    • catalonia profile image

      catalonia 8 years ago from Barcelona Spain

      I tend to agree on this: This is an important hub to many users. Great information!

    • RavynSteel profile image

      RavynSteel 8 years ago from North Wales

      Fantastic hub, I'll remember this step-by-step removal guide next time my partner falls for one of those annoying pop-ups!

    • charlemont profile image
      Author

      charlemont 8 years ago from Lithuania

      hi momoftwo526, when you logon try to type in the command prompt teh following:

      shutdown -a

      then hit enter.

      Next command you need is MSCONFIG

      In the open editor, go to Startup and uncheck everything suspicious, esp. paths and filenames with mixture of letters and symbols. Say, gdidwkndjpk is an example of the startup entry would look very strange to me.

      This cannot guarantee your system will stop showing BSOD, but worth trying.

    • profile image

      momoftwo526 8 years ago

      My daughter unfortunately fell prey to this XP Antivirus software and downloaded it to my PC. Since then, I have not been able to use the PC at all. I have tried many of the steps mention here, but I cannot get very far as I get an error message that starts with "A problem has been detected and windows has been shut down to prevent damage to your computer." It ends with "Beginning dump of physical memory, physical memory dump complete. Contact your systems administrator tor technical support group for further assistance". It tells me to remove the software, but the system doesn't stay up long enough for me to remove anything!

      Any help would be appreciated.! Note: I cannot download any software since I cannot get to the internet on the pc.

    • profile image

      sherlynavia 8 years ago from United States

      This is an incredibly useful resource.

    • mikewitt profile image

      mikewitt 8 years ago from Davenport, Iowa

      Nastiest virus I have ever gotten. I used Malwarebyte's and after the third time of things freezing up it finally ran and cleaned it all out. I don't have any linguring things so far. Boy, when you run a business from home and something like that cripples you for a couple days, well, it ain't fun :-).

      Thanks for the hub,

      Mike Witt

    • charlemont profile image
      Author

      charlemont 8 years ago from Lithuania

      T Bright, congrats on good software!

    • T Bright profile image

      T Bright 8 years ago

      That come on everytime I cut on my computer. One day it finally got pushed and I ended up almost having to call the "computer doctor" to get it fixed. I finally had it restored back to a previous date, took that thing off, and got my Anti-Virus software from AVG.

    • candigirltnt profile image

      candigirltnt 9 years ago from Trinidad and Tobago

      It's like you read my mind.I had this problem a few weeks ago and I was wondering why I hadn't heared any talk about it before. Thanks so much.

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

      Hi steph,

      could you give names of those 2 suspicious folders and where they are placed? Is it C:\Program Files\ ?

      CA AntiVirus (esp. latest version) is a good program, but their antispyware is weak. Pest Patrol never made testing imressive enough.

    • grumpyjacksa profile image

      grumpyjacksa 9 years ago from south africa

      thanx ! as a full time IM, i really need to know that.

    • profile image

      Steph 9 years ago

      Help??

      Over the past week I got infected with AntiVirus XP 2008. I found two 'folders' which look suspicious but there's no files in them. I don't know where these suspicious files are and I'm not the computer-savy type who knows how to fish through my computer and find the right folders and files to delete.

      My AntiVirus (called "CA") can't fix this, and the CA AntiSpyware does find one Trojan that it just can't get off my computer. So, I just downloaded "Malwarebytes" anti-malware and am doing the scan as we speak. My computer background is default blue, my computer runs slower, and programs freeze up constantly.

      What's a really dumb computer person to do?

    • profile image

      Liz 9 years ago

      There are so many good ones coming out. Its faily cheap to use as well.

    • profiler profile image

      profiler 9 years ago from Currently in this universe

      I use Kaspersky and never had problems. But before that I got some nasty trojans. Those were really hard to get rid of. Never heard of this one. Thanksn for the info!

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

      Hi Bonnie, thanks for stopping by.

      Thumbs up to Czech programmers who created AVG antivirus!

      Preventing XP antivirus infection is by far the best way to stay safe. It's pity you had to reinstall Windows several times.

    • Bonnie Ramsey profile image

      Bonnie Ramsey 9 years ago from United States

      My husband got these popups. He doesn't know anything about these things so he asked me. I told him NOT to click the icon. I have been a user of Norton for many years and have been very pleased with it. That is, until this! I also tried the removal suggestions you listed and had the same problem of not being able to find a file in the add or remove programs as well as not finding the files in the registry. I finally had to totally reinstall windows xp to his computer. I put the norton back on as well. A couple of days later, same problem with same results when trying to remove. I reinstalled windows xp again and repeated the process. Same thing a couple of days later. Finally, I reinstalled windows xp and downloaded the free version of AVG and it has not been a problem since. That was in May. I have since purchased the paid version of AVG and have not had any problems since. I have found that I really like it after all. As for norton, I am very disappointed because I have sworn by it for many years. Hopefully they will catch up soon! In the meantime, we are happy with our AVG.

      Thanks for writing this hub and helping others become aware of this threat! Guess I should have thought to do this myself but I was just glad it was over! lol

      Bonnie

    • profile image

      Dave 9 years ago

      This is sometimes a nasty software to remove. I use combofix first, and then Malwarebytes which normally removes the majority of this malware. Sometimes I have to go into Windows ans System32 folders to manually remove some bad files, but I do not recommend this unless you know what you are doing.

    • jmessina10 profile image

      jmessina10 9 years ago from Queens - New York

      Every one is better off staying away from Windows OS all together. Microsoft is one BIG monopoly trying to take over the computer industry. Everyone is better off installing an Linux OS. It's free and so are the applications. See my Hub about Linux at: https://hubpages.com/misc/PC_Linux

      Great article!!!

    • kiran20096 profile image

      kiran20096 9 years ago

      Thats fantastic

    • Ande Moore profile image

      Ande Moore 9 years ago from Austin, Texas

      nice work, wish I had read it before the nightmare that I went through. Got it off after 2 days of work.

    • Tony-P profile image

      Tony-P 9 years ago

      Charlemont , Thanks v.much its really helps well ,, also i bought new Toshiba Labtop and i will follow ur advice for it , i'm I.T graduated and if u know any web site have updated on I.T field i will thank for it ,

    • profile image

      Andrewoid 9 years ago from San Francisco

      great hub! a friend had this virus a few weeks ago, i wish i had found this then...it would have saved big bux!

      keep up the good work...go mac!

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

      Oh. Reformatting sure solved the xp antivirus problem, Paul ;P

    • profile image

      Seo Delhi 9 years ago

      Nice Article On Xp Virus . Thanks

    • profile image

      Paul 9 years ago

      Thanks for the help, but i just wnet ahead and reformated my computer instead, thanks anyway

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

      Paul, if you're still sturggling to remove XP antivirus, contact me at tm_hardware[at]front.ru and I'll try to advise you more specific steps.

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

      Thank you starcatchinfo,

      glad to have helped you!

    • starcatchinfo profile image

      starcatchinfo 9 years ago

      HI CHARLEMONT,

      I MUST SAY THAT YOU ARE A VIRUS REMOVAL GENIUS .

    • profile image

      Paul 9 years ago

      yup my PC is infected, when i try to uninstall the program it says

      uninstall.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

      Hi Paul,

      is your PC infected?

      If not, the above operation makes no sense. Also, it's possible those 2 files are clean so you don't need to make any operations with them.

    • profile image

      Paul 9 years ago

      when i put in regsvr32 /u shlwapi.dll i got "Shlwapi.dll was loaded, but the DllUnregister server entry point was not found. this can not be registered.

      when i put in resvr32 /u wininet.dll i got the samething.

      PLEASE SOMEONE HELP ME PLEASE

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

    • profile image

      none 9 years ago

      one program malware bytes solves this problem

    • Pocket Survival profile image

      Pocket Survival 9 years ago

      This hub is a really good resource with loads of information!

      I got hit with the "Antivirus XP 2008 Mutation." The strangest thing is that I do not remember clicking on any desktop program to initiate the infection. In other words, I browsed to a webpage and I believe the infection took place from there. I'm running WinXP SP2 using Firefox3.

      I wish this on no one, but I think I know the offending site. Regardless, this is a scary virus.

    • simms profile image

      simms 9 years ago from Colchester

      Many thanks for sharing this information - it was really useful.

    • profile image

      Shawna 9 years ago

      I did find the shlwapi.dll and wininet.dll files however...but there are many of them...which ones do I delete? The ones in the c:\windows\system32 file? Email me at mrs_goalie_02@hotmail.com if you'd like :) thanks again!

    • profile image

      Shawna 9 years ago

      Ok, I somehow got the Antivirus XP 2008. I got some help from another site on how to get rid of it, and I think I got most of it, however...I still am having trouble searching the web, both on IE and Firefox, and on many different search engines...it goes to whatever site the virus wants. I also can't download anything, such as some of the virus scanners y'all have suggested. Please, if you can help me charlemont, I'd really appreciate it. I do have all my files backed up, so if I have to start from scratch, I can...I'm just not sure how. System restore doesn't help either. Please help! Thanks :)

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

      Sabrina and Ashley,

      emails sent to you from Hotmail.

      Please include HiJackThis logs in your replies.

    • pcdriverupdate profile image

      pcdriverupdate 9 years ago from VA

      I have heard of so many people falling for this pop up trick. It is sad. This was a good read and I will be sure to direct people here that need help with this.

    • profile image

      Sabrina 9 years ago

      Hi Ms. Charlemont,

      Are you there? I want an e-mail contact? If you are out of town please reply me once you return. I am eagerly waiting for your replys. I still have the Antivirus Xp license agreement in the system. All I need is to send in the log ins so that you can figure out what files to be out of the system. Please reply me ASAP as this system has to be taken to my school and work place. I don't want to run into risk of infecting others cmputers.

      Thank you much in advance, Reply me ASAP

    • anime_nanet profile image

      anime_nanet 9 years ago from Portugal

      once that window appeared for me to install that thing! I'm glad I didn't do it!

      Thanks nice hub!

    • profile image

      SirDent 9 years ago

      A very well written and detailed article. I checked my computer and am glad to report that XP Antivirus isn't on it.

    • profile image

      sabrina 9 years ago

      Hi charlemont,

      I have been waiting for you. I want to use this computer for the school activities. As you know virus will get stronger if I boot up the system. Where do you want me to send the log ins? Please reply. Please provide me an alternate e-mail address so that I can send in the log ins. As I mentioned in the previous post I scanned the computer with malwarebytes'. My computer has some traces of the virus because the real player is showing up with Antivirus Xp license agreement. My media player is in the same condition. it's unable to download music from the internet even after downloading from Microsoft.

      Please post your reply if you see this post. Do you recommend sending my log ins to someone else as your computer is damaged.

    • AndyBaker profile image

      AndyBaker 9 years ago from UK

      Great article - some really useful tips.

    • profile image

      to ashley & charlemont 9 years ago

      Hi ashley,

      What two tabs are missing and I I'll do my best to help you. Charlemont will also help you in this matter. If you can tell us what tabs are missing then it will be easier to get you the right software.

      In my mail box, I spamed some of the foriegn e-mail that are unknown to me. But the spam guard is not spamng the mails. What can I do to fix this problem and please tell me what alternate e-mail I contact to send in my log ins. Also help me with the window media player concern.

      Sabrina

    • profile image

      Sabrina 9 years ago

      Ok How can I send the log ins then? I just e-mailed my log in to tm_hardware@front.ru. I am very sorry for your hard drive. I scaned the system using Malwarebytes' in a safe mode. There are some traces of the virus like the Realplayer is showing up when ever I boot my system also there is an Antivirus XP2008 license aggreement. I don't want to damage the system by deleting the important files that is responsible for system safety. I don't prefer posting my log ins in this site. Do you have an alternate e-mail where I can contact. As you know this is a smart virus and I don't want it any more in the system. I have some critical files in the system. Also reply me for the media player concern with an e-mail contact. Thank you very much for helping me.

    • charlemont profile image
      Author

      charlemont 9 years ago from Lithuania

      My hard drive crashed last week, and I'm still attempting to restore mail folders etc. until that I'm unable to use email.

      Sabrina, I received your email and responded with instructions on what to do with Windows Media Player. Unfortunately, the message would return back as "unable to deliver". Dunno what was wrong. Now I can't even paste the copy of my reply because of HDD crash.

      Ashley, what tabs exactly are missing in Desktop Properties?

    • profile image

      Sabrina 9 years ago

      Hi charlemont,

      Are you still in this forum? I have a new virus called Antivirus XP 2008 in my system. I have seeked your help before and I need your know. Please tell me what I can do inorder to uninstall this crap from my system. I e-mailed you several times but I didn't hear from you. If you are still in this forum please contact me. I am sabrina. I think you remember me.

      Please help me. If you still have my e-mail Id. E-mail me from there or post your replies here. I cannot go to the internet because the application is letting me do that.

      If anyone see this post please post your instruction step by step. Your help is very much appreciated.

      Sabrina

    • profile image

      Mary 9 years ago

      I'm so glad this hasn't happened to me yet! But I will definately be prepared now!

    • profile image

      doodleink 9 years ago

      Charlemont,

      I have to extend a very big thank you for all of your work on this.

    • profile image

      Ashley  9 years ago

      I just tried to Switch Users on my computer. I get to the main screen with the other users on it, but when I click on my sisters it flashes my background and goes back to the main screen instead of taking me to the other user profile.

    • profile image

      Ashley 9 years ago

      Also, my Mozilla is definately slower than usual. It also redirects me to other sites than what I want to go to.