Web design, server maintenance, computer repair, pc fix, data restore, pc upgrade, wireless setup, virus removal and pc repair in Bicester, Oxford, Aylesbury, Brackley, Buckingham, Banbury, Arncott, Ambrosden, Stratton Audley, Deddington, Aynho, Fritwell, Ardley, Middleton Stoney, Fringford, Caversfield, Chesterton, Weston on the Green, Wendlebury, Marsh Gibbon, Blackthorn, Kidlington, Rousham, Launton, Piddington, Merton, Kirtlington, Caulcott, Heyford, Milton Keynes
SocialTwist Tell-a-Friend

Go Back   Bicester Computers Support Forum - Complete IT Services in Oxfordshire. > SOFTWARE & DRIVERS > Protection Software > Malicious Software & Spam emails (removal procedures)
Reload this Page Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
Connect with Facebook


Reply
 
Thread Tools Search this Thread Rating: Thread Rating: 1 votes, 5.00 average. Display Modes
Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
Tweet this Post!   #1  
Old 17th August 2008, 04:04 PM
laurentio's Avatar
laurentio laurentio is offline
Master Admin
  
Join Date: Jan 2008
Location: Oxfordshire, UK
Posts: 440
laurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to behold
Send a message via MSN to laurentio Send a message via Skype™ to laurentio
Thumbs up Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus Rogue Software removal procedure:

Fake programs that, when run, display false infections on your computer as a tactic to scare you into purchasing the software.(see attached screenshots)











Under no circumstances should you buy it!!!

Associated XP Antivirus 2008, XP Antivirus 2009, and XPAntivirus Files:
c:\Program Files\XP Antivirus
c:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\XPAntivirus\
C:\Program Files\XPAntivirus\XPAntivirus.exe
c:\WINDOWS\system32\scui.cpl
%UserProfile%\Desktop\XP Antivirus 2008.lnk
%UserProfile%\Start Menu\XP Antivirus 2008
%UserProfile%\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk
%UserProfile%\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk
C:\WINDOWS\krln32.exe
C:\WINDOWS\system32\scvh0st.exe
C:\Program Files\Common Files\trjdwnl.dll
C:\WINDOWS\shlext32.exe

Associated XP Antivirus 2008, XP Antivirus 2009, and XPAntivirus Windows Registry Information:
HKEY_CURRENT_USER\Software\XP antivirus
HKEY_CURRENT_USER\Software\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X PAntivirusFilter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\XPAntivirusFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-dcf7-f96da086b434}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6C6B8C69-9285-4D94-8492-9E920C8C2B65}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{74f25a2c-22b3-4023-8f1a-ca616c30a8b5}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D714A94F-123A-45CC-8F03-040BCAF82AD6}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\XP antivirus_is1\
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "XP Antivirus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "mmnext06"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "shellbn"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "System"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Windows Framework"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run ""

Removal instructions:
Download these 2 programs:
1) Malwarebytes from here
2) Super Antispyware from here

Install both programs and make sure you update them.
Restart the computer in safe mode (keep pressing F8 right after restart and the computer should take you to a special menu from where safe mode can be selected) Once there, run both programs you've just installed.
Restart when requested.

Please let us know if the above posted solution has helped you or not.
It is not only about helping others but helping yourself and making us better. Open an account with us today and get an automatic confirmation email with your username and password that will save you time in future.
(It is free and it takes less than a minute)
Thank you.
Attached Images
File Type: jpg xpantivirus2008.jpg (134.2 KB, 230 views)
File Type: jpg xpantivirus20082.jpg (112.7 KB, 234 views)
File Type: jpg xpantivirus2009.jpg (92.1 KB, 235 views)
File Type: jpg xpantivirus.jpg (126.0 KB, 248 views)
File Type: jpg xpantivirus20086.jpg (77.6 KB, 233 views)
Last edited by laurentio; 11th January 2009 at 04:42 PM.
Reply With Quote
Sponsored Links
Ultimate Antivirus and Windows Antivirus 2008
Tweet this Post!   #2  
Old 25th November 2008, 04:01 PM
laurentio's Avatar
laurentio laurentio is offline
Master Admin
  
Join Date: Jan 2008
Location: Oxfordshire, UK
Posts: 440
laurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to behold
Send a message via MSN to laurentio Send a message via Skype™ to laurentio
Default Ultimate Antivirus and Windows Antivirus 2008
This pseudo antivirus has changed the interface that now it is "fully compatible" with Vista's interface. See the attached screen shots...








Malwarebytes cannot remove it on it's own any more so you'll need again smitfraudfix in order to kill any running processes.
Attached Images
File Type: jpg New Ultimate Antivirus.jpg (168.4 KB, 219 views)
File Type: jpg New Windows Antivirus 2008.jpg (165.6 KB, 234 views)
File Type: jpg malwarebytes-error.jpg (143.6 KB, 222 views)
Last edited by laurentio; 11th January 2009 at 04:43 PM.
Reply With Quote
Re: Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
Tweet this Post!   #3  
Old 24th January 2009, 05:34 PM
Lyndsey Lyndsey is offline
New Member
  
Join Date: Jan 2009
Posts: 3
Lyndsey is on a distinguished road
Default Re: Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
Hi

I have infected my machine, somehow with 'spyware guard 2009' Have used Norman Walware Cleaner to disable it then ran malware bytes and antivir in safe mode but its still there, I can't update any of my malware removal or anti virus progs and can't find any of the codes? you suggest?

although I don't know where to look for the HKEY files?

Help
Reply With Quote
Re: Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
Tweet this Post!   #4  
Old 24th January 2009, 06:15 PM
laurentio's Avatar
laurentio laurentio is offline
Master Admin
  
Join Date: Jan 2008
Location: Oxfordshire, UK
Posts: 440
laurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to beholdlaurentio is a splendid one to behold
Send a message via MSN to laurentio Send a message via Skype™ to laurentio
Thumbs up Re: Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
1. First and foremost, download the latest version of malwarebytes @ http://www.malwarebytes.org/

2. If for some reason you are unable to download it from the infected computer, you will need to download it from another computer and transfer the program to the infected computer. You can do this various way…..burn to CD, transfer with removable storage.ie….thumb drive….external hard drive…….etc.


3. Once transferred to the infected computer, install the malwarebytes program. Now if you are unable to install it on the infected computer, rename the executable to a batch file: mbam-setup.exe -> mbam-setup.bat
Now you can install the program….and when it’s time to run the program….you can do the same and rename the application/executable to a batch file and it will run. For some reason I think the spyware guard 2009 disease stops you from running the program.
Anyway…that’s how to get rid of it. Malwarebytes removes spyware guard 2009 100%….if not….then you have other issues.


As I can see you are talking about an antivirus. Can you detail please? Also, what codes are you talking about??



Try this also:
1. Remove all existing antivirus and antimalware software you might have already installed.


2. Download and install Avast Antivirus. Let it scan at the system's restart.


3. Download, install and scan with Trojan Remover.


4. Download, install and can the computer with Tune-up Utilities 2009.


Hope this help; please let us know the results.


p.s. No need to do follow the above steps in safe mode.



"High quality IT Support for small and medium business in Bicester, Oxfordshire, required to start-up and keep your business operating efficiently. From logo and website design to hardware, software, wireless and wired networking; Complete IT solutions, from A to Z all under one roof."
Last edited by laurentio; 24th January 2009 at 06:17 PM.
Reply With Quote
Re: Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
Tweet this Post!   #5  
Old 28th January 2009, 07:57 AM
Lyndsey Lyndsey is offline
New Member
  
Join Date: Jan 2009
Posts: 3
Lyndsey is on a distinguished road
Default Re: Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
hanks Laurentio

I have bought a little laptop so have managed to get a cd copy of malwarebytes but it won't let me run it? Can you explain in a little more detail how to rename the cd copy?

Its a shame you are so far away, I have 3 pc's that are not working and my sons has all his course work in it that he needs to hand in on Friday. His screen has stopped working (graphics card is shot I think)

Also I don't know if you recall, I emailed you for help with the UPS virus, that is still on my system and I'm running 2 OS's?

Not had a lot of fun with pc's at the mo

But for now how do I make a cd a batch file?

Many Thanks

Lyndsey
Reply With Quote
Re: Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
Tweet this Post!   #6  
Old 29th January 2009, 05:40 AM
Lyndsey Lyndsey is offline
New Member
  
Join Date: Jan 2009
Posts: 3
Lyndsey is on a distinguished road
Default Re: Remove XP Antivirus 2008, XP Antivirus 2009, XP Antivirus - Fake Antivirus
I have now managed to get rid of it by doing this... Start > Run > type devmgmt.msc click OK > View > Show hidden devices > Non-Plug and Play Drivers > TDSSserv.sys > right click > DISABLE > RESTART computer.

I could then update and run Malwarebytes and super antispyware

I don't know what it is I did and should probably enable it again but the pesky little virus has gone
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

All times are GMT. The time now is 11:15 AM.
Mark Forums Read | View Forum Leaders
Contact Us - Web design and computer support in Bicester, Oxfordshire, UK - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Copyright to Bicester Computers
You Rated this Thread: