411 على [سبور]

« [سرشسبي] | [أوديوبيتثسر.إكس] »

[أنتيفيروس] [إكسب] 2008

[أنتيفيروس] [إكسب] 2008 تهديد مستوية: [أنتيفيروس] [إكسب] 2008 وباء

[أنتيفيروس] [إكسب] 2008 [سكرينشوت][أنتيفيروس] [إكسب] 2008 أكثر [أنتي-سبور] مقلّدة; [أنتيفيروس] [إكسب] 2008 [إكسب] صحيحة [أنتيفيروس] 2008 ب آخر اسم. يفرقع مثل [إكسب] [أنتيفيروس] 2008, [أنتيفيروس] [إكسب] 2008 فوق مقلّدة أمن إنذارات أن يحاول وخدعت أنت داخل يشتري [أنتيفيروس] [إكسب] 2008. [أنتيفيروس] [إكسب] 2008 يمكن يتلقّى جلبتبنفسي على حاسوبك من خلال [تروجن], مثل [زلوب]. [أنتيفيروس] [إكسب] 2008 يستطيع أطلقت عندما يبدأ أنت فوق [ويندووس], و [أنتيفيروس] [إكسب] 2008 يمكن [بوبوب] أطنان ال [أد] أنّ يكون يصعب أن يغلق.

حصلت يخلّص من [أنتيفيروس] [إكسب] 2008, إن فقط لأنّ [أنتيفيروس] [إكسب] 2008 يمكن جعلت أنت أردت أن يرمي [بك] ك خارجا النافذة.

حصلت يخلّص من [أنتيفيروس] [إكسب] 2008

أنت تتلقّى [أنتيفيروس] [إكسب] 2008?

عندما أعديت أنت مع [بدور] - ما إذا هو [أنتيفيروس] [إكسب] 2008, [سبور], [أدور], [تروجن], أو حمى - هناك [ا فو] أعراض أساسيّة. تتلقّى أنت يلاحظ…

كيف أن يزيل [أنتيفيروس] [إكسب] 2008 يدويّا

[أنتيفيروس] [إكسب] 2008 يحذّر قبل أن يحصل نحن يبدأ, أنت سوفت نسخة احتياطيّة نظامتك وتسجيلك, لذلك هو سيكون يتيح أن يحيي حاسوبك إن أيّ شيء يذهب على نحو خاطئ.

أن يزيل [أنتيفيروس] [إكسب] 2008 يدويّا, يحتاج أنت أن يمحو [أنتيفيروس] [إكسب] 2008 مبارد. لا يوقن كيف أن يمحو [أنتيفيروس] [إكسب] 2008 مبارد? طقطقت هنا, وسيبدي أنا أنت. ذهبت خلاف ذلك, إلى الأمام و…

أزلت [أنتيفيروس] [إكسب] 2008 عمليات:

[بروغرمفيلس] \ [عشوائيّة اسم] \ [رهكّف9ج01ب1.إكس]
[بروغرمفيلس] \ [عشوائيّة اسم] \ [أونينستلّ.إكس]
[سستم] \ [اسم عشوائيّة] [.إكس]

مفتاح للشطب [أنتيفيروس] [إكسب] 2008 [دلّس]:

[بروغرمفيلس] \ [عشوائيّة اسم] \ [مفك71.دلّ]
[بروغرمفيلس] \ [عشوائيّة اسم] \ [مفك71نو.دلّ]
[بروغرمفيلس] \ [عشوائيّة اسم] \ [مسفكب71.دلّ]
[بروغرمفيلس] \ [عشوائيّة اسم] \ [مسفكر71.دلّ]
[بروغرمفيلس] \ [عشوائيّة اسم] \ [رهكّف9ج01ب1.إكس.لوكل]

Remove Antivirus XP 2008 registry values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NAME]” = “C:\Program Files\[RANDOM NAME]\[RANDOM NAME].exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\”AntivirXP08″ = “AntivirXP08″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[RANDOM NAME] HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[RANDOM NAME]

Detect and Remove Antivirus XP 2008 files:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk %ProgramFiles%\[RANDOM NAME]\database.dat
%ProgramFiles%\[RANDOM NAME]\license.txt

Delete Antivirus XP 2008 directories:

%program_files%\antivirusxp2008
%UserProfile%\Application Data\[RANDOM NAME]

Note: In any Antivirus XP 2008 files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Antivirus XP 2008 removal, go ahead and leave a comment.

How Do You Remove Antivirus XP 2008 Files?

Need help figuring out how to delete Antivirus XP 2008 files? While there’s some risk involved, and you should only manually remove Antivirus XP 2008 files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete Antivirus XP 2008 files in Windows.

How to delete Antivirus XP 2008 files in Windows XP and Vista:

  1. Click your Windows Start menu, and then click “Search.”
  2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
  3. Type a Antivirus XP 2008 file in the search box, and select “Local Hard Drives.”
  4. Click “Search.” Once the file is found, delete it.

How to stop Antivirus XP 2008 processes:

  1. Click the Start menu, select Run.
  2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
  3. Click Processes tab, and find Antivirus XP 2008 processes.
  4. Once you’ve found the Antivirus XP 2008 processes, right-click them and select “End Process” to kill Antivirus XP 2008.

How to remove Antivirus XP 2008 registry keys:

Antivirus XP 2008 warning Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.

  1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
  2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
  3. To find a registry key, such as any Antivirus XP 2008 registry keys, select “Edit,” then select “Find,” and in the search bar type any of Antivirus XP 2008’s registry keys.
  4. As soon as Antivirus XP 2008 registry key appears, you can delete the Antivirus XP 2008 registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”

How to delete Antivirus XP 2008 DLL files:

  1. First locate Antivirus XP 2008 DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
  2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Antivirus XP 2008 DLL file is located. If you’re not sure if the Antivirus XP 2008 DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
  3. When you’ve located the Antivirus XP 2008 DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.

That’s it. If you want to restore any Antivirus XP 2008 DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

Did Antivirus XP 2008 change your homepage?

  1. Click Windows Start menu > Control Panel > Internet Options.
  2. Under Home Page, select the General > Use Default.
  3. Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
  4. Select Apply > OK.
  5. You’ll want to open a fresh web page and make sure that your new default home page pops up.

Antivirus XP 2008 Removal Tip

Is your computer acting funny after deleting any Antivirus XP 2008 files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.

Want to save time finding Antivirus XP 2008 files? Download Spyware Doctor, let it find the Antivirus XP 2008 files for you, and then manually delete Antivirus XP 2008 files.

How Did You Get Antivirus XP 2008?

Wondering how Antivirus XP 2008 ended up on your PC? If you’re infected with Antivirus XP 2008 or other badware, perhaps you were using…

Understanding Antivirus XP 2008

If you’re infected with Antivirus XP 2008, you should know what you’re fighting. I’ll explain some definitions related to Antivirus XP 2008.

Antivirus XP 2008 May Be Rogue Anti-Spyware

Rogue anti-spyware refers to anti-spyware/antivirus software of questionable value. Rogue anti-spyware may not be proven to protect your computer from spyware, may popup fake alerts or create many false positives about your PC being infected, or may use scare tactics to try to get you to purchase the application. Rogue anti-spyware software may be installed by a Trojan, come bundled with other software, or install itself through web browser security holes. While it is fairly rare, some rogue anti-spyware is created and distributed by known spyware or adware companies, and the rogue anti-spyware may install spyware or adware itself.

Often when you’re infected with rogue anti-spyware like Antivirus XP 2008, you’ll see a false popup security alert like this:

Antivirus XP 2008 popup

Rogue Anti-Spyware Tactics

Typically, rogue anti-spyware such as Antivirus XP 2008 has one or more of the qualities listed below, which is why rogue anti-spyware is considered anti-spyware software of questionable value.

Did Antivirus XP 2008 use these tactics to trick you into buying Antivirus XP 2008?

Antivirus XP 2008 May Be a Trojan

Trojans install themselves secretly onto your computer, most often through your downloading a simple email attachment (often Trojans pose as harmless pictures). Most Trojans are able to gain complete control over your PC after installation. With this control, the Trojan and the hacker behind it may change your system settings, delete important files, steal your passwords, and watch your computer acitivity.

Infection Methods of Antivirus XP 2008 and Other Trojans

Most Trojans infect your computer by tricking you into launching an infected file. This poisoned file could disguised as a small file, such as a jpeg or other email attachment, or it might be downloaded via a website or FTP.

Posted by Kristopher on July 15, 2008.

Tags:

Categories: Fake Antispyware

67 Responses

  1. The version of Antivirus XP 2008 I just removed had several variations that may be new:

    Some registry keeys were “antivirus xp” rather than “xp antivirus”

    by Tom Davis on Jun 28, 2008 at 8:36 am

  2. I’ve been wasting all night trying to get rid of AntivirusXP 2008 and you have been of no use. I know i’m not computer savvy so is there someone out there who can get rid of the mother fucking antivirusxp for me? Please help me. Forgive my french but I’m at the end of my rope. It’s not your fault.

    by Victor on Jun 29, 2008 at 5:32 am

  3. This site is utalising the danger of antivirus xp 2008 by advertising the purchase of yet MORE software. How can we even trust that YOUR software is not linked to anitivirus xp 2008 at all and will not increase our computers risk even further. I’ve had to resort to safe mode, just to make my computer usable.

    And why shuld we have to PAY to remove this parasite! It’s a con if you ask me!!

    by anon on Jul 3, 2008 at 7:19 pm

  4. I am trying what you said but when I try to check my email it blocks me. So far it is letting me type this message to you. I wish we could sue this company for attaching a virus to our computer. This seem like an invasion of privacy as well as trying to manipulate you into buying their product. With the headache they have caused no one will ever want to do business with them. If I don’t get rid of this virus I am going to take the chip out of my motherboard and start over. One good thing though, it only effects the computer you may have downloaded on. I was trying to download microsoft word and I got the virus.

    by anita on Jul 7, 2008 at 12:39 am

  5. hello people, one friend of mine got an Antivirus 2008, I will try to take it out manually… but the best solution to get rid of any viruses is to format the system, so reinstalating the windows… good luck :D

    by Andreea on Jul 7, 2008 at 4:10 pm

  6. I really wish the FTC would sue these guys, stat!

    by Andrea Carter on Jul 8, 2008 at 9:42 pm

  7. PS..I had some luck suspending the popups (but not getting rid of it altogether) with a program called Process Explorer

    by Andrea Carter on Jul 8, 2008 at 9:44 pm

  8. Once you have the virus deleted you will notice you are missing the Screensaver and Background Wallpaper TABS in Display Properties. This will prevent you from removing that annoying message or the modified Wallpaper. Here is how you get the TABS back to be able to get rid of the message or stupid Wallpaper:

    Manual Steps Using Windows XP Registry…….. be careful

    1. Click Start and then Run.

    2. Type regedit in the Run dialog box & Click OK.

    3. Navigate to:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

    4. Right-click NoDispScrSavPage to select Modify.
    Change the value to 0.

    5. Do exactly the same with the NoDispBackgroundPage entry

    6. Go out of the Registry and Restart your Computer

    *************************************

    In Addition this Viral Abomination also goes and disables your System Restore Options

    Here are Instructions to correct this:

    1. Go to the System Registry (Start Run, type in: regedit and click OK)

    2. Highlight My Computer, then under Edit in the File Menu select Find

    3. Type RestoreOpenIsSafe and click on Find Next

    4. At the Fist Instance of the Entry, Right-Click on it and select Modify………. change the value to 1 (if it is not 1 already, Click OK, then press the F3 Button to search for more of the same Entry

    5. At the 2nd Instance of the Entry, do the same

    6. There should only be 2 Instances of the Entry but to make sure that you press F3 again and modify any additional Instances of the Entry until you are through the Registry.

    7. Go out of the Registry and Restart your computer.

    Now your Restore Systems should work again.

    Regards

    Rudi Geldenhuys
    Legal Easy CC – Computer Consultants
    Gauteng Province, South Africa

    by Rudi Geldenhuys on Jul 10, 2008 at 10:00 am

  9. I found that Sophos, Norton, Spybot, SpyHunter, etc did not find/fix this virus. However I found I could fix it manually. This is what I did to get rid of it:-

    1. Directory list C:\WINDOWS\system32 and sort by date to look for files created since the infection began. In my case there were three suspicious ones:-

    blphcv76j0e76a.scr
    lphcv76j0e76a.exe
    phcv76j0e76a.bmp

    Notice that part of the file name is common to all of them (cv76j0e76a). Delete these files.

    2. Run msconfig, click on the startup tab and untick the startup for the virus .exe file (in my case lphcv76j0e76a.exe)

    3. Restart your computer.

    4. Check that the virus files above have not come back. You may also need to reset the wallpaper in Control Panel Display settings.

    5. Run regedit and search for items containing the “common” name (cv76j0e76a). You should find at least two (the screensaver and the startup register). Delete the items found from the registry.

    6. Restart your computer again.

    7. Check that virus has gone, then create a System Restore point using the options in “Help and Support”

    8. Job done!

    by Fix it Manually on Jul 10, 2008 at 1:25 pm

  10. I bought the Spy Hunter 3 thinking it would remove Antivirus XP 2008 but it did not

    by Tony Rogers on Jul 11, 2008 at 4:08 pm

  11. to: Fix it Manually

    Thanks a lot for that info. Among the solutions listed above, yours was really effective. Keep it up! Again, thanks.

    by Someone on Jul 12, 2008 at 10:15 am

  12. Similar to what Fix it Manually said, I also found out that many antivirus softwares don’t even work for this virus. I followed his steps and I just want to make a more detailed procedure from what he stated.

    1. Go to directory list C:\WINDOWS\system32 and sort by date to look for files created since the infection began. In my case there were three suspicious ones:-

    blphc1f1j0ev7l.scr
    lphc1f1j0ev7l.exe
    phc1f1j0ev7l.bmp

    Notice that part of the file name is common to all of them (c1f1j0ev7l).
    You cannot delete these files immediately because it is still running on your computer so proceed to step 2.

    2. Run msconfig, click on the startup tab and untick the startup for the “virus”.exe file (in my case lphc1f1j0ev7l.exe)

    3. Restart your computer.

    4. This is the time you will continue with step 1. Go to system 32, arrange files by date modified and delete the files with the common name (mine is c1f1j0ev7l).

    5. Check that the virus files above have not come back. You may also need to reset the wallpaper in Control Panel Display settings.

    6. Run regedit and search for items containing the “common” name (c1f1j0ev7l). Here’s an easy step: On the first panel, click My Computer. Click Edit from the menu bar and click Find.
    Type the common name and the computer will automatically show the files containing the common name. You should find at least two (the screensaver and the startup register).
    Delete the items found from the registry.

    7. Restart your computer again.

    8. Go to My Computer, Drive C, Program Files. Arrange icons by Name, then on the folders beginning with “R”, delete the one with the unusual name (on my case, rfstp30hdgjl). This folder contains
    the Antivirus XP 2008.

    9. Go to Start, All Programs, and right click “Antivirus XP 2008″, this time, it’s safe to delete it.

    10. Go to Control Panel, Add/Remove Programs, then remove Antivirus XP 2008.

    11. Finally, remove all contents of the recycle bin.

    12. Restart your computer and you can now get back to work!

    Hope this helps a lot for freshers in manually removing virus and other malwares. Thanks a lot to Fix it Manually.

    by Someone on Jul 12, 2008 at 10:57 am

  13. My wife just got this. I checked the URL and found it was just purchased 7/10/2008, yet they claim to be in business for 7 years. Also, they must have changed the file and process names because I tried the removal technique and could not find those files.

    The URL is http://www.antivirxp08.com

    by Michael Mummert on Jul 13, 2008 at 1:44 pm

  14. A simple solution to get task manager back if it blocks you out of it is simply to:

    1. Navigate to

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

    2. Delete DisableTaskMgr or set it’s value to 0.

    3. Immedeatley after, right click either policies or system and go to permissions.

    4. Disallow any access to Administrators.

    5. Press Ok or Apply.

    Ctrl+Alt+Del to get the task manager and stop this virus.

    After you clean everything off, be sure to go back and re-allow the permissions.

    You will likely have to be under the administrative account for this to work.

    by J C on Jul 13, 2008 at 5:10 pm

  15. I went through the instructions given by “Fix it Manually” and Rudi Geldenhuys and have managed to remove this nasty piece of software from my computer. It is now back to normal! Thanks guys :)

    by Gudmundur Jonsson on Jul 13, 2008 at 5:15 pm

  16. This appears to have worked for me. Step 1 is key as it appears that the file names are different for each instance but at least in my case they appeared to have the date when the infection occurred.

    by Paul Karsh on Jul 15, 2008 at 7:35 pm

  17. thank you for the instruction of manuel removal, it was the only way to remove it all.

    Not all the files in the instruction were there, but when i acces to de reg edit it was very easy to remove the program fron the control panel and the active proces
    Thank you very much.
    with that “antivirus XP “2008″ my PC did not work at all it was always visible the advertisement an the warning in the screen and as a wallpaper.
    An by the way the antivirus XP 2008 erase all the control points of the sistem and i couldn’t restore the sistem to a previous date.

    thank you

    by maria teresa on Jul 19, 2008 at 3:03 pm

  18. I got this crap too but mine was in a folder called rhcenvj0e13c . Thank You to Rudi Geldenhuys
    Legal Easy CC – Computer Consultants
    Gauteng Province, South Africa…….. your reg edit got my desktop back and all the tabs back in the settings menu.

    by Hank on Jul 20, 2008 at 9:35 am

  19. After doing a google search, I actually found a free malware tool that removed the virus and fixed the missing wallpaper tabs, task manager lockout and system restore issues. It’s called Malwarebyte Anti-malware. There’s an upgraded version available, but the free tool completely solved my Antivirus XP problem. Their website is http://www.malwarebyte.org.

    by Bryn Pryo on Jul 20, 2008 at 2:52 pm

  20. tks for destroy 4 years my work. Tks a lot!!

    by cesar on Jul 22, 2008 at 8:32 pm

  21. this malware installed itself automatically without any user intervention. luckily i was able to remove it with some help from a free malware remover software called “Malwarebytes‘Anti Malware” which totally remove the Antivirus XP 2008 without any trouble. Just follow this link and follow the detailed instructions provided. http://www.bleepingcomputer.co.....us-xp-2008

    by kelvink78 on Jul 22, 2008 at 8:33 pm

  22. hey i used Spyware Doctor to get rid of this peace of crap… looks like it did the job… but there is one little snag… it didnt return my screensaver tab… how do i get it back?…

    by demon303 on Jul 23, 2008 at 7:49 am

  23. Wow! Everything is back to normal. My only concern is that that the the 2 files (lphc9v6j0e3f9 & rhccv6j0e3f9″ are still in the System Configuration Utility Startup. I can’t get rid of them.
    Anyone else have this situation?
    Thanks

    by john on Jul 24, 2008 at 12:21 am

  24. Thanks to the information on this site, I was able to remove this virus from my sister-in-law’s computer. One thing I did not see mentioned; there was a file with a name like setup69.exe lurking in her user area. When I searched the entire system on that name, a reference to some kind of pre-fetch file or area also came up (sorry, I should have taken notes). Anyway, until I deleted them, IE’s home page setting wouild be set to the antivirusxp08 web site, which would and download the virus back into the computer and we’d start all over again.

    Hope these guys burn in hell.

    Again, great web site…thanks.

    by Charles Davidson on Jul 25, 2008 at 6:30 am

  25. I dont think you guys are cleaning your machines… at least for the new version of this junk.. I would like to see if you run gmer do you see a root kit? no one is talking about the root kit that you have to del in safe mode.

    by surbo on Jul 25, 2008 at 3:21 pm

  26. I have been able to delete all necessary files regarding antivirus xp 2008 but ca not get rid of the popup that says computer is infected etc any ideas?

    by Kaz on Jul 26, 2008 at 10:17 am

  27. ^&*^#*!!!!!!

    What a nasty piece of software – thanks for the instructions on how to remove the sucker and also get my dekstop back to normal. I really should do my ‘research’ surfin’ inside a VM from now on – served me right I suppose.

    THe only leftover bit is the registry key that I cannot delete. Tried it in safe mode to no avail as the permisisons keep resetting. This machine will get an eventual rebuild I suspect.

    thanks again

    by Gord on Jul 26, 2008 at 7:03 pm

  28. Thanks for the info on how to remove this crap. All of it was extremely helpful and easy to follow (especially since I am illiterate when it comes to the workings of computers). My folders were labeled as follows:

    blphcgfkj0eg3p
    rhclfkj0eg3p
    phcgfkj0eg3p

    Thanks again! You all saved me from having to buy a new computer (at least for now)!

    by fathay on Jul 28, 2008 at 9:20 am

  29. thanks for the info easy to do and now i can game without the stupid annoying pop ups thanks again and keep up the good work..got this from and email..very annoying thanks again

    by Jason on Jul 30, 2008 at 6:04 am

  30. It is so bad on my moms computer that I can not get to the run screen. All things on my start up are gone. I got to the internet by accident – how can I get ridof this when I can not use my task mnngr or even get to run?? Please help us.

    by Paula on Jul 31, 2008 at 3:15 pm

  31. yep, i bought spyhunter and SpywareDoctor, both of them, then reg mechanic. got rid of most of it, but not all, still do not have screensaver function, and still see the fake blue screen sometimes. gonna try the manual reg edit per above. thanks all. ANYONE KNOW HOW TO WRITE CODE INTO THEIR VIRUS THAT WILL GO BACK TO THESE CREEPS AND LOCK THEM DOWN…surely that is possible if they are installing trojans that transmit back to themselves.

    by slonis on Aug 1, 2008 at 10:01 pm

  32. I would like to thank you, especially to Rudy Geldenhuys and Fix It Manually. Your writing has helped a lot. Thanks for sharing your expertise…

    by verdastel on Aug 6, 2008 at 10:51 pm

  33. [...] XP Antivirus 2008 Removal Instructions (XP Antivirus 2008) – MS Windows Vista Compatible Software Remove Antivirus XP 2008 (Removal Instructions) » 411-Spyware.com __________________ Chappaquiddick 1 – Dick Cheney [...]

    by Wallpaper Turns Blue & Antivirus 2008 XP Malware Infection - Going to College Soon! - Tech Support Forums - TechIMO.com on Aug 10, 2008 at 8:54 pm

  34. Hi,I did a search on the forum and someone else had this same problem. Unfortunately their thread didn’t help me any. So am posting a new thread.

    Here’s the problem:

    1. I uninstalled the Antivirus XP 2008 using the malware removal software, but now I still cannot access any antivirus sites like Norton or mcafee, when i click on links from a google search I am directed to unrelated pages trying to sell me stuff. Wheneve I do a google search and the result page comes up, all the result links get redirected to different unrelated sites (usually ad sites,) when I click on them.

    I fear that my hard drive has been damaged, and the problems with the internet lead me to believe that either there is still a virus on my system which is an excellent hider, or these are the after-effects of the virus which need to be fixed.

    I have downgraded from IE7 to IE6. Still it behaves oddly.

    2. In Task Manager i cannot see the user name… its completly blank. ( not sure if this is because of the virus).

    Please help! I have no idea how to fix these problems, short of doing a clean reinstall of XP

    cheers
    Kriativp

    by Kriativp on Aug 13, 2008 at 8:20 am

  35. I’ve tried all the fix it manually and Rudy’s tips. It all went well but in my task bar there is still this X icon saying my computer is infected bla bla bla… i can’t get rid of this. and if i accidently click it either right or left click, it will dload all over again the stupid antivirus XP 2008. urrhhh im so tired. and i cant repair my wallpaper eventhough ive tried rudy’s tip. did i get it wrong? when i search the RestoreOpenIsSafe (no.4) nothing appeared. HELP me!!! thanks :p

    by HELP needed on Aug 13, 2008 at 6:09 pm

  36. Check out the following link http://www.bleepingcomputer.co.....us-xp-2008

    It provides instructions for removal by using Malwarebytes Anti-Malware software, which is a free download. I’ve used it to successfully remove Antivirus XP 2008 from two computers.

    by Tom on Aug 15, 2008 at 8:49 am

  37. There are a number of Rogue Trojans doing the same thing. They are Antivirusdoc-scanner.net, Antivirusdoc.net, Systemantiviruspro.com, Websurfsecure.com and Systemantiviruspro-scanner.com. The idea is to scare people into buying their software which does nothing. It also redirects both IE and FF to their download as well as any MS downloads to it’s site as well as disabling IE Update. In addition, it changes your background and screen saver. Lastly, it disables the Restore software. That’s what i have found so far.

    There is a fix for the DNS redirection it is SmitFraudFix, it fixes the root. It fixes the root file. Boot into safe mode run SmitFraud and use option 2. Click on yes when asked. Then reboot under safe mode and go to C:\Docs & Settngs\User\local Settings\Temp…remove all files. Then go to C:\Windows\Temp and remove all files.

    You’ll still have Restore problems and IE update problems but not the DNS redirect.

    cdwy

    by cdwy on Aug 15, 2008 at 11:24 am

  38. OMG, this is driving me mad. I can’t get to taskman or control panel. I did a search from Explorer and no files are coming up. Even the DLL’s can’t be access much less Regedit… It sort of seems like a newer version of this rogue. Any help?

    by Steaming on Aug 15, 2008 at 12:06 pm

  39. Thanks so much to: Someone and Fit it Manually.
    And also to Google for finding me this forum.

    Never come across something like this.

    CHEERS!

    by Yasmine on Aug 15, 2008 at 2:13 pm

  40. Guys,

    This is the best tool…just follow the instructions on this page.

    http://www.bleepingcomputer.co.....us-xp-2008

    Good Luck!

    by ronwiz on Aug 17, 2008 at 9:37 pm

  41. I am ready to freak out. I have tried everything under the sun (including this) to remove Antivirus XP 2008 from my computer and NOTHING is working. I keep getting a message every 10 goddamn seconds that says “Security Alret” 638 virus’ detected and it WON’T go away. I tried everything step by step in this site, but it did not work. Can ANYONE out there help me? I cannot do anything with my laptop without those annoying antivirus shits pop up. The thing is, I did not even sign up for this or anything… I think I accidentally clicked on it and got into a world of shit. I feel like calling up someone and complaining and getting my computer fixed for free.

    by Erica on Aug 18, 2008 at 4:09 pm

  42. Erica, i’m so sorry to hear that, as this website states there is a level of severity that you can get from this virus. I was quite lucky and didn’t get it as bad. I am unsure what you should do. It may be best that you consult a professional, prehaps an online computer software engineer or a local shop that repairs computers. The only other thing you could do is totally wipe you’re computer. This may cause you to loose all your files if you are unable to back them up on a CD or USB stick.

    As for others, after the process of getting rid of it, please make sure to delete all cookies and try a virus scanner/destroyer free from moneysavingexpert’s website.

    by Yasmine on Aug 19, 2008 at 1:40 pm

  43. I too have this terrible trojan/virus. Mine is worse. After trying several times to remove it using everyone’s advice here my PC will now not boot up completely. It just reboots just before displaying the user login page. I’m even trying to reinstall WinXP and it wont’ work, just keeps getting to a certain part and rebooting. Fortunatel,y it was a newly rebuilt PC with not much on it so not a huge deal but still very irritating and I’m now just wantting to learn how to correct this so I can help friends and family. I’ll wipe the disk and try to reinstall WinXp now. Man, these hackers should be castrated, eyes poked out, toenails/fingernails pulled out and filleted before allowed to die.

    by TROLL on Aug 20, 2008 at 6:53 pm

  44. Thank you very much. Your information was quiet usefull for geting rid of the registry keys. I’m just glan that blasted virus is off my pc.

    by Krystopher on Aug 21, 2008 at 3:08 am

  45. Kriativp

    Try winsockxpfix.exe (you will need to google it), It will reset and repair your winsocks where the trojan is still likely to be hiding.

    by Bodan on Aug 21, 2008 at 10:00 am

  46. As an added correction to my earlier post, winsockxpfix.exe will not work on its own. These files are responsible for Hijacking the browser.

    tdssservers.dat
    tdssserv.sys
    tdssl.dll
    tdssmain.dll
    tdsslog.dll

    tdss6c9c.tmp
    tdss6f31.tmp
    tdssserf.dll
    tdssinit.dll

    They can be found in the system32 folder and are part of the torjan. You may not be able to delete the dll’s especially if they are in use. There is 2 ways to get around this. Use the Xp cd and boot into the recovery console and delete them from there or download a program called unlocker to unload the dlls and then delete.

    Good luck.

    by Bodan on Aug 21, 2008 at 6:59 pm

  47. I used several different means of removing this crap from my PC, especially the help from 10 July. I think I have removed most of it but my system is stuck in a “reboot loop”. I can go into Safe Mode but as soon as I shut down and try to get in normally the system comes up and as soon as the programs in the tray finish loading it shuts down and reboots. I’m not able to access anything except in Safe Mode. Anybody have any ideas ?

    by Jim K on Aug 22, 2008 at 11:21 am

  48. Thank you to all who took the time to be a part of the solution

    by Bluemoonisgood on Aug 23, 2008 at 1:20 am

  49. I hit CTR-ALT-DEL when I was prompted to download Antivirus XP 2008. However, I still have something on my computer that jacked up my printer and won’t let me do adequate searches on google. I’ve been able to use Lycos but even then the links are disabled. Also, in google, I get the “analitic-checks.google.com” text on the lower left corner of the browser, in both IE and Firefox.

    To get around that, I right click on the link, click properties. When the URL address is displayed, I can highlight it and paste it to the web adress in the browser window and this will take me there. In most cases it works except to get to real antivirus websites (McAfee.com, Symantec, etc…).

    Anybody else have printer problems and the “link hijacking”? If so, how did you get your printer to come back to life?

    If I don’t get this shit cleared up in a day or two, I’m just going to reformat C and use my system restore CDs.

    by Charles on Aug 26, 2008 at 2:46 am

  50. I’ve been trying to remove this for about 5 hours now!

    The USB ports on the computer I’m trying to fix are disable/not working. I can’t get it to access the internet either. I’ve also had no luck getting it to read a CD. This all means I have no way of getting any software removal tool on to the affected PC.

    I’ve tried to go down the manual route but I cannot run msconfig. The process starts but nothing ever actually happens. I can’t enable System restore as when I search for the value in RegEdit it’s not there.

    Any ideas?

    by John on Aug 26, 2008 at 9:16 am

  51. Finally managed to get it to read a CD and installed Malwarebytes Anti-Malware. However, that hangs after 2 seconds when trying to scan.

    I know all I need to do is disable the startup of it but I don’t know how to do that if I can’t access msconfig

    by John on Aug 26, 2008 at 9:34 am

  52. I got this nasty bug, but thanks to this site and the helpful writers I got rid of the worst of it.
    However I still have one pop up that shows up every now and again stating the computer is infected.
    I can’t seem to find where this guy resides. It does not seem to contain the same Antivirus file name as I cannot find it when I search.
    However, when I go into C://WINDOWS\system32 I see a bunch of files that all have the date and time of the infestation. There seems to be about 40 of them.
    They are files like anticipator.dll, ssvchost, Rundl1, mwin32,taaacck…etc. Some are Application Extensions, some are DAT files, some our Applications…
    Question is, should I delete all these since they all have the exact same time of 12:52pm on 8/20 which was the day of infamy for my computer.
    I don’t want to do further damage but it seems a bit coincidental that these files appeared all at the same time of the infestation.
    Any ideas?

    by pcw67 on Aug 26, 2008 at 12:18 pm

  53. Hi guys! Thank you all SO much for posting solutions (esp. Fix it manually) ! I got rid of that pop-up “agree and install” and desktop picture, but I I was wondering sth: desktop picture said “warning, spyware – win32/adware.VIRTUMONDE and win32/PRIVACYREMOVER.m64″. So the question is – are those viruses deleted simply by deleting Antivirus XP or are there special removal steps for those 2 bastards? I googled them and didn’t understand a thing… Removing them is too complicated (it takes about 4 different programs), so should I trouble myself trying to do that or don’t need to cause they’re gone? What did you folks do?
    Tnx in advance, you’re lifesavers! :)

    by mica on Aug 27, 2008 at 11:15 pm

  54. Here’s a post that has instructions on how to get rid of this crap. I followed it yesterday, which suggests downloading Dr. Web Cureit (http://www.freedrweb.com/cureit/). Brought my computer back from the brink. Browsers work now, I got my printer back online, and the search engines are all functional again. So far so good.

    Good luck.

    http://www.suggestafix.com/ind.....opic=30859

    by Charles on Aug 28, 2008 at 1:31 am

  55. The Malwarebytes, bleepingcomputer, and suggestafix links do not work. As per Rudi Geldenhuys instructions, I also cannot correct my system restore, and as such cannot perform that. Followed all the rest of Rudi’s as well as Fix It Manually’s and Someone’s instructions. No luck. I am still stuck with this aggravating virus and am seriously considering throwing my computer out the window.

    by Me on Aug 31, 2008 at 3:49 pm

  56. HELP!!!!!!!!!!!!!!!! I cannot restore my system. I’ve tried everything listed on this site. I am going crazy. I have prayed, rebuked and everything………..does anyone have the correct directions? I have lost my Windows program. I can start windows in safe mode but it will not let me start normally. Can anyone help…. God Bless you, if you can… ; )

    by Q on Sep 16, 2008 at 9:40 pm

  57. Q, have you done a virus scan in safe mode and removed the files? What happens when you boot normally into windows? Does it show your Desktop and crash or does it crash while showing the Windows logo? If I know that, I can narrow down your problem.

    by Graham on Sep 17, 2008 at 1:59 pm

  58. i got rid of it all by goin to the programs in the start menu and just removing the folder there, and in temp internet files i deleted all those and used Malwarebytes for scanning, i have the wallpaper tab, but not the ability to do restore, i used the set of instructions from rudi geldenhuy, but it did not even show anything when i typed what i was to type, suggestions?im kinda illiterate when it comes to technical stuff with computers lol

    by jayme on Sep 20, 2008 at 3:30 pm

  59. Hi Jamie, Do you have a paid antivirus scanner like SpyDoctor? If not, I recommend you get one and run that on your computer as with your computer knowledge, you could end up causing more problems on your computer if you try to remove Antivirus XP manually.

    by Graham on Sep 21, 2008 at 1:49 pm

  60. graham, i got rid of it somehow lol, i did remove the folder itself from start menu, and that did help alot, i still do not have system restore, but everything else is back to normal, i installed and ran Malware bytes and it did help too…any suggestions on gettin system restore?i tried the others advice, but did not help

    by jaymet on Oct 1, 2008 at 1:51 am

  61. jaymet, right click on My Computer and select properties, Is there a “System Restore” tab available? If I know that I can tell you the next step to take.

    by Graham on Oct 1, 2008 at 1:49 pm

  62. yes, there is

    by jayme on Oct 2, 2008 at 2:43 am

  63. Thats good jamie, that means system restore is still on your computer. When you say you don’t have system restore, do you mean that there is no link to system restore on your computer or the link doesn’t work? The way to system restore is Start > Programs > Assessories > System Tools > System Restore.

    If there is no link to System Restore, Try the following.

    Open this folder:

    C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System
    Tools

    Create a new shortcut with this in the filename/target line:

    %SystemRoot%\system32\restore\rstrui.exe

    Name that shortcut System Restore.

    You should now have a working link.

    by Graham on Oct 2, 2008 at 12:54 pm

  64. Hold up Jayme, I just found a really useful tool to help you if your system restore shortcut in the System Tools is not working. It’s a free progam called AccRestore. You can download it http://www.winxptutor.com/download/accrestore.zip

    Run it and it will restore the System Restore shotcut in System Tools if its missing.

    by Graham on Oct 2, 2008 at 1:34 pm

  65. [...] Microsoft has filed a lawsuit against Texas based “Branch Software”, who has enriched our lives with programs like Registry Cleaner XP, Antivirus 2009, Malwarecore, WinDefender, WinSpywareProtect, XPDefender and Antivirus XP. [...]

    by Antivirus XP Makers Sued » DAMN TROJAN on Oct 6, 2008 at 7:54 pm

  66. I too was infected by this abomination. I think it was late at night when I got this popup advising me of a virus attack did I want to do something to remove it. I said yes, and all hell broke loose. I couldn’t do anything to remove it, I lost my home page, my browser wouldn’t go to the sites I wanted and all my remove features in XP wouldnt work. It even disabled my control panel so I COULDN’T access any of its features. Boy did I want to do a System restore, but that function was gone too. At the insistance if my Son the IT specialest I saved all the files I could to another drive, and wound up reformatting the hard drive and re installing XP and all the programs and updates necessary to bring it back to normal. Although it was time consuming, it is the best way to insure total removal. I then ( again at his suggestion) downloaded a trial version of Eset antivirus. It seems to be working fine now. Just remember to never ok any request to add or check for malware if you are not 100% sure it is something you have or know where it came from!

    by Peter on Oct 21, 2008 at 10:35 pm

  67. Hi; 411-Spyware -Thanks
    for “Fix It manually” July 8,2008 1:25pm
    I searched my Win-system32,
    I isolated ‘phc’, etc, & found a unique:
    phcgvejoe8v
    ibmgrphc.gpd
    ibmgrphpc.gpd
    I clicked the 1st one & found the V-Screen
    I deleted it OK!
    The other 2, wouldn’t dlete; but on restart
    I’m now free after 8 mos!

    Thanks for your methodology help

    Bill Sullivan dba Tesla Inc.

    by Bill Sullivan on Jun 12, 2009 at 12:11 pm

Leave a Reply

« SearchSpy | AudioPitUSR.exe »

Recent Posts

Pages

About 411 on Spyware

We’re the 411 on how to fight badware. 411-Spyware.com isn’t a blog just for the technically savvy; we’re pretty simple. We tell you what the latest PC threats are, how to avoid them, and how to remove them with free instructions and recommended software. Started in 2006 by Kristopher Dukes, Kristopher’s goal is to make [...]more →