How to Detect & Remove Antivirus XP 2008
What's Antivirus XP 2008?
Antivirus XP 2008 Threat Level: 
Antivirus XP 2008 is more fake anti-spyware; Antivirus XP 2008 is just XP Antivirus 2008 by another name. Like XP Antivirus 2008, Antivirus XP 2008 pops up fake security alerts to try and trick you into buying Antivirus XP 2008. Antivirus XP 2008 may have downloaded itself onto your computer through a trojan, like Zlob. Antivirus XP 2008 can launch when you start up Windows, and Antivirus XP 2008 may popup tons of ads that are difficult to close.
Get rid of Antivirus XP 2008, if only because Antivirus XP 2008 may make you want to throw your PC out the window.
Do I Have Antivirus XP 2008?
You can search your computer manually, but it might take hours to find Antivirus XP 2008’s hidden files. To save time, I recommend you automatically scan your PC for Antivirus XP 2008 and other spyware. Why not? It’s free.
Free Antivirus XP 2008 Scan, with SpyHunter
You can easily detect Antivirus XP 2008 with SpyHunter’s FREE spyware scanner. And if you’re really infected with Antivirus XP 2008, you can buy the full version of SpyHunter to remove Antivirus XP 2008 and other spyware. Or you can use my instructions below and remove Antivirus XP 2008 for free.
I’m a big fan of SpyHunter. Here’s why: SpyHunter offers live support on the phone, and if SpyHunter doesn’t automatically remove Antivirus XP 2008, you can get a custom fix for your computer.
How to Remove Antivirus XP 2008
Your best protection against Antivirus XP 2008 is to remove Antivirus XP 2008 processes, registry keys, DLLs, and other files ASAP.
Get Rid of Antivirus XP 2008 Manually
Manual removal of any spyware can be difficult. When you manually remove Antivirus XP 2008, you have to fiddle with your registry and risk destroying your PC. It’s highly recommended you use an automatic spyware scanner to make sure you’re infected with Antivirus XP 2008. Also, I recommend you backup your system any time before editing your registry.
To remove Antivirus XP 2008 manually, you need to delete Antivirus XP 2008 files. Not sure how to delete Antivirus XP 2008 files? Click here, and I’ll tell you. Otherwise, go ahead and…
Remove Antivirus XP 2008 processes:
%ProgramFiles%\[RANDOM NAME]\Uninstall.exe
%System%\[RANDOM NAME].exe
Delete Antivirus XP 2008 DLLs:
%ProgramFiles%\[RANDOM NAME]\MFC71ENU.DLL
%ProgramFiles%\[RANDOM NAME]\msvcp71.dll
%ProgramFiles%\[RANDOM NAME]\msvcr71.dll
%ProgramFiles%\[RANDOM NAME]\rhccv9j0e1b1.exe.local
Remove Antivirus XP 2008 registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\”AntivirXP08″ = “AntivirXP08″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[RANDOM NAME] HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM NAME] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[RANDOM NAME]
Detect and Remove Antivirus XP 2008 files:
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk %ProgramFiles%\[RANDOM NAME]\database.dat
%ProgramFiles%\[RANDOM NAME]\license.txt
Delete Antivirus XP 2008 directories:
%UserProfile%\Application Data\[RANDOM NAME]
Note: In any files I mention above, “%System%” is a variable referring to your PC’s System folder. Maybe you renamed it, but by default your System folder is “C:\Windows\System32″ on Windows XP, “C:\Winnt\System32″ on Windows NT/2000,” or “C:\Windows\System” on Windows 95/98/Me.
“%Program_Files%”, “%ProgramFiles%”, or “%Profile%” is a variable referring to a folder in your PC where applications that aren’t a part of your PC’s operating system are installed by default. You may have changed this folder’s name or moved it, but if you didn’t touch it, find the folder as “C:\Program Files”. If you’re having trouble finding this folder, you can locate it by looking up registry value “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir”.
Also, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”).
Antivirus XP 2008 changed your homepage?
Click Windows Start menu > Control Panel > Internet Options. Next, under Home Page, select the General > Use Default. Type in the URL you want as your home page (e.g., “http://www.homepage.com”). Then select Apply > OK. You’ll want to open a fresh web page and make sure that your new default home page pops up.
Recommendation:
To save time and avoid risking destroying your computer, I highly recommend you use a spyware scanner, such as SpyHunter, to detect Antivirus XP 2008 and other spyware, adware, trojans, viruses, keyloggers, and more that can be hidden in your PC. It’s also recommended before you manually remove Antivirus XP 2008 you backup your system.
Free Antivirus XP 2008 Scan, with SpyHunter
Automatically detect Antivirus XP 2008 and other spyware on your PC with SpyHunter’s FREE spyware scan.
How Do I Remove Antivirus XP 2008 Files?
Need help figuring out how to delete files, DLLs, and registry keys? While there’s some risk involved, and you should only manually remove Antivirus XP 2008 files if you’re comfortable and confident editing your system, you’ll find it’s fairly easy to delete Antivirus XP 2008 files in Windows.
How to delete Antivirus XP 2008 files in Windows XP and Vista:
- Click your Windows Start menu, and from “Search,” click “For Files and Folders…“
- A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
- Type any file name in the search box, and select “Local Hard Drives.”
- Click “Search.” Once the file is found, delete it.
How to stop Antivirus XP 2008 processes:
- Click the Start menu, select Run.
- Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys ALT + CTRL + DELETE or CTRL + Shift + ESC.
- Click Processes tab, and find Antivirus XP 2008 processes.
- Once you’ve found the Antivirus XP 2008 processes, right-click them and select “End Process” to kill Antivirus XP 2008.
How to remove Antivirus XP 2008 registry keys:
Your Windows registry is the core of your Windows operating system, storing information about user settings, system preferences, and software, including which applications automatically launch at start up. Because of this, spyware, malware, and adware will often bury their own files into your Windows registry so that they automatically launch every time your start up your PC.
Because your registry is such a key piece of your Windows system, you should always backup your registry before you make any changes to it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or registry value, there’s a chance you may need to reinstall your entire Windows operating system. Make sure your backup your registry before editing it.
- Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
- Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
- To find a registry key, such as any Antivirus XP 2008 registry keys, select “Edit,” then select “Find,” and in the search bar type any of Antivirus XP 2008’s registry keys.
- As soon as Antivirus XP 2008 registry key appears, you can delete the Antivirus XP 2008 registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
Computer acting funny after you’ve edited your registry and deleted Antivirus XP 2008 registry keys? Just restore your registry with your backup.
How to remove Antivirus XP 2008 DLL files:
Like most any software, spyware, adware, and malware may also use DLL files. DLL is short for “dynamically linked library,” and Antivirus XP 2008 DLL files, like other DLLs, carryout predetermined tasks. To manually delete Antivirus XP 2008 DLL files, you’ll use Regsver32, a Windows tool designed to help you remove DLL and other files.
- First you’ll locate Antivirus XP 2008 DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
- To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Antivirus XP 2008 DLL file is located. If you’re not sure if the Antivirus XP 2008 DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
- When you’ve located the Antivirus XP 2008 DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore Antivirus XP 2008 DLL file you removed, enter “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.
How Did I Get Antivirus XP 2008?
You may be wondering how Antivirus XP 2008 ended up on your PC. If you’re infected with Antivirus XP 2008 or other spyware, your system’s and web browser’s security settings may be set too low, you may not follow safe web browsing and email habits, and you may need to regularly use a good anti-spyware application. Unsafe computer behavior that may lead to your PC having Antivirus XP 2008 includes:
Freeware or Shareware:
Did you download and install shareware or freeware? These low-cost or free software applications may come bundled with spyware, adware, or programs like Antivirus XP 2008. Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly and maliciously attached to free software to harm your computer and steal your personal and financial information.
Peer-to-Peer Software:
Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like Antivirus XP 2008.
Questionable Websites: Did you visit a website that’s of questionable nature? When you visit malicious sites that are fishy and phishy, Trojans, spyware, and adware may be automatically downloaded and installed onto your computer, sometimes including applications like Antivirus XP 2008.
It’s important to practice safer online habits to prevent being infected with Antivirus XP 2008 . You may want to scan your computer for the latest version of Antivirus XP 2008 and other security threats.
Detect Antivirus XP 2008 & Other Malware
Is your computer infected with malware?
When you’re infected with malware, whether it’s Antivirus XP 2008, spyware, adware, trojans, rogue anti-spyware, keyloggers, worms, or viruses, there are a few key symptoms you may experience. If you notice one or more of the symptoms listed below, your PC may be infected with Antivirus XP 2008 or other malware. Continue reading below, or click here for a free malware scan.
Slow computer performance: It only takes one or two spyware parasites like Antivirus XP 2008 to cause your computer to slow dramatically. If your PC takes longer than usual to reboot or if your Internet connection is unusually slow, your computer may be infected with malware.
New desktop shortcuts or switched homepage: Malware like Antivirus XP 2008 may change your Internet settings or redirect your default homepage to another web site. Malware may even add new desktop shortcuts on your PC.
Annoying popups on your PC: Malware may bombard your computer with popup ads, even when you’re not online. Malware may stop your regular Internet activity and track your surfing habits and gather personal information about you, putting your financial and personal information at risk.
Understanding Antivirus XP 2008 & Spyware
If you’re infected with Antivirus XP 2008 and spyware, you should know what you’re fighting. I’ll explain some spyware definitions related to Antivirus XP 2008.
Antivirus XP 2008 May Be Rogue Anti-Spyware
What’s Rogue Anti-Spyware?
Rogue anti-spyware - or suspect anti-spyware - refers to anti-spyware software of questionable value. Rogue anti-spyware may not be proven to protect your computer from spyware, may popup fake alerts or create many false positives about your PC being infected, or may use scare tactics to try to get you to purchase the application. Rogue anti-spyware software may be installed by a Trojan, come bundled with other software, or install itself through web browser security holes. While it is fairly rare, some rogue anti-spyware is created and distributed by known spyware or adware companies, and the rogue anti-spyware may install spyware or adware itself.
Often when you’re infected with rogue anti-spyware like Antivirus XP 2008, you’ll see a false popup security alert like this:
Rogue Anti-Spyware Tactics
Typically, rogue anti-spyware has one or more of the qualities listed below, which is why rogue anti-spyware is considered anti-spyware software of questionable value.
» False positives/fake alerts: Rogue anti-spyware may produce a large number of false positives or use fake alerts, noting that your computer is infected with spyware parasites or other threats that do not really exist.
» Copycat looks: Rogue anti-spyware may copy the look and feel of other legitimate or rogue anti-spyware applications. Often, rogue anti-spyware applications may appear as close clones of other rogue anti-spyware software.
» High pressure marketing: Rogue anti-spyware may use scare tactics or other aggressive advertising and marketing tactics to try to trick you into buying the rogue anti-spyware application. Often, rogue anti-spyware may produce false positives and fake alerts about your computer being infected.
» Poor detection/scan reporting: Rogue anti-spyware may produce poor reports when it scans your PC. For example, rogue anti-spyware may say your computer is infected 11 parasites, but not specify which spyware parasites or what type of parasites. Rogue anti-spyware may also report that your PC is infected with SafeAndClean, but not tell you which related files, DLLS, etc. were found on your computer.
» Weak scanning/detection: Rogue anti-spyware may not only poorly report on computer infection, but rogue antispyware may also poorly scan your PC. Rogue anti-spyware may skip over important folders and files of your computer that should be scanned to detect spyware.
Antivirus XP 2008 may use these tactics to trick or scare you into purchasing Antivirus XP 2008.
Antivirus XP 2008 May Be a Trojan
What Are Trojans?
Trojans install themselves secretly onto your computer, most often through your downloading a simple email attachment (often .avi, .pif, .exe, and even .jpg files.) Most Trojans are able to gain complete control over your PC after installation. With this control, the Trojan and the hacker behind it may change your system settings, delete important files, steal your passwords, and watch your computer acitivity.
Some Trojans may also fall under the category of spyware. Spyware is any software or malware (”malicious software”) used to spy or track your computer activity. While some spyware is legitimately and intentionally installed by parents or employers to monitor Internet activity on a computer, spyware may be installed maliciously. Often spyware may come bundled with downloads of free software or come in the form of a cookie via a website, and this spyware may track your Internet activity or may steal secret account usernames and passwords, credit card numbers, and other personal and financial information.
Methods of Antivirus XP 2008 and Other Trojans Infection
Most trojans infect your computer by tricking you into running an infected application. This infected application could disguised as a small file, such as a jpeg or other email attachment, or it might be downloaded via a website or FTP.
» Email: Your PC may be infected with a trojan when you download infected email attachments, or sometimes even when you simply open an email. Many trojans exploit security holes in Microsoft Outlook. You may be able to reduce your chances of getting infected by a Trojan by using a spam-blocking software.
» Websites: Your PC may be infected with a trojan when you visit a rogue site. Many trojans exploit security holes in Internet Explorer web browser so that by simply visiting a website you may unknowingly download a Trojan.
» Open ports: If your computer runs programs that provide file-sharing functions - such as AOL Instant Messenger (AIM), MSN Messenger, and more - you may open your computer up to vulnerabilities. Using file sharing through these applications may create a network that gives attackers the opportunity to remotely access your computer.
Antivirus XP 2008 may have infected your PC by through one of those methods. Trojans are some of the most sophisticated and dangerous type of malware, capable of controlling your system. Because of this, it may be best if Antivirus XP 2008 and Trojans are removed from your computer immediately.
Antivirus XP 2008's Threat Level Explained
Antivirus XP 2008 Is a Minor Pest 
The parasite isn't a real threat, but Antivirus XP 2008 may track your Internet activities. Antivirus XP 2008 may be easily removed with your Windows system "Add/Remove" function.
Antivirus XP 2008 Is a Pest 
The parasite might profile you web activities and may have installed itself onto your PC via a drive-by download. You can probably manually remove Antivirus XP 2008 yourself.
Antivirus XP 2008 Is a Minor Threat 
The parasite might profile you and other users of your PC, and Antivirus XP 2008 may send this data back to its parent server.
Antivirus XP 2008 Is a Medium Threat 
The parasite might profile you and other users of your PC, and Antivirus XP 2008 may send this data back to its parent server. Antivirus XP 2008 may be impossible to manually remove.
Antivirus XP 2008 Is a Threat 
The parasite might profile you and other users of your PC, and Antivirus XP 2008 may send this data back to its parent server. Antivirus XP 2008 may download and install more malware onto your PC, and Antivirus XP 2008 may be impossible to manually remove.
Antivirus XP 2008 Is a Minor Danger 
The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. Antivirus XP 2008 may also be difficult to manually remove.
Antivirus XP 2008 Is a Medium Danger 
The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. Antivirus XP 2008 may download more malware and also be very difficult to manually remove.
Antivirus XP 2008 Is a Danger 
The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. These logs may be sent to anonymous attacker, and Antivirus XP 2008 may download more malware. Antivirus XP 2008 may be very difficult to manually remove.
Antivirus XP 2008 Is a Major Danger 
The parasite may track all of your computer activity, and Antivirus XP 2008 may allow a hacker to access your PC. Antivirus XP 2008 may pipe more malware into your computer, and may disable your anti-spyware or anti-virus software. Antivirus XP 2008 may be very difficult to manually remove.
Antivirus XP 2008 Is an Extreme Danger 
The parasite may track all of your computer activity, and Antivirus XP 2008 may allow a hacker to control your computer. Antivirus XP 2008 may pipe more malware into your computer, and may disable your anti-spyware or anti-virus software and firewall, and block your access to anti-spyware sites. Antivirus XP 2008 may be very difficult to manually remove.
June 28th, 2008 at 8:36 am
The version of Antivirus XP 2008 I just removed had several variations that may be new:
Some registry keeys were “antivirus xp” rather than “xp antivirus”
June 29th, 2008 at 5:32 am
I’ve been wasting all night trying to get rid of AntivirusXP 2008 and you have been of no use. I know i’m not computer savvy so is there someone out there who can get rid of the mother fucking antivirusxp for me? Please help me. Forgive my french but I’m at the end of my rope. It’s not your fault.
July 3rd, 2008 at 7:19 pm
This site is utalising the danger of antivirus xp 2008 by advertising the purchase of yet MORE software. How can we even trust that YOUR software is not linked to anitivirus xp 2008 at all and will not increase our computers risk even further. I’ve had to resort to safe mode, just to make my computer usable.
And why shuld we have to PAY to remove this parasite! It’s a con if you ask me!!
July 7th, 2008 at 12:39 am
I am trying what you said but when I try to check my email it blocks me. So far it is letting me type this message to you. I wish we could sue this company for attaching a virus to our computer. This seem like an invasion of privacy as well as trying to manipulate you into buying their product. With the headache they have caused no one will ever want to do business with them. If I don’t get rid of this virus I am going to take the chip out of my motherboard and start over. One good thing though, it only effects the computer you may have downloaded on. I was trying to download microsoft word and I got the virus.
July 7th, 2008 at 4:10 pm
hello people, one friend of mine got an Antivirus 2008, I will try to take it out manually… but the best solution to get rid of any viruses is to format the system, so reinstalating the windows… good luck :D
July 8th, 2008 at 9:42 pm
I really wish the FTC would sue these guys, stat!
July 8th, 2008 at 9:44 pm
PS..I had some luck suspending the popups (but not getting rid of it altogether) with a program called Process Explorer
July 10th, 2008 at 10:00 am
Once you have the virus deleted you will notice you are missing the Screensaver and Background Wallpaper TABS in Display Properties. This will prevent you from removing that annoying message or the modified Wallpaper. Here is how you get the TABS back to be able to get rid of the message or stupid Wallpaper:
Manual Steps Using Windows XP Registry…….. be careful
1. Click Start and then Run.
2. Type regedit in the Run dialog box & Click OK.
3. Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
4. Right-click NoDispScrSavPage to select Modify.
Change the value to 0.
5. Do exactly the same with the NoDispBackgroundPage entry
6. Go out of the Registry and Restart your Computer
*************************************
In Addition this Viral Abomination also goes and disables your System Restore Options
Here are Instructions to correct this:
1. Go to the System Registry (Start Run, type in: regedit and click OK)
2. Highlight My Computer, then under Edit in the File Menu select Find
3. Type RestoreOpenIsSafe and click on Find Next
4. At the Fist Instance of the Entry, Right-Click on it and select Modify………. change the value to 1 (if it is not 1 already, Click OK, then press the F3 Button to search for more of the same Entry
5. At the 2nd Instance of the Entry, do the same
6. There should only be 2 Instances of the Entry but to make sure that you press F3 again and modify any additional Instances of the Entry until you are through the Registry.
7. Go out of the Registry and Restart your computer.
Now your Restore Systems should work again.
Regards
Rudi Geldenhuys
Legal Easy CC - Computer Consultants
Gauteng Province, South Africa
July 10th, 2008 at 1:25 pm
I found that Sophos, Norton, SpyBot, SpyHunter, etc did not find/fix this virus. However I found I could fix it manually. This is what I did to get rid of it:-
1. Directory list C:\WINDOWS\system32 and sort by date to look for files created since the infection began. In my case there were three suspicious ones:-
blphcv76j0e76a.scr
lphcv76j0e76a.exe
phcv76j0e76a.bmp
Notice that part of the file name is common to all of them (cv76j0e76a). Delete these files.
2. Run msconfig, click on the startup tab and untick the startup for the virus .exe file (in my case lphcv76j0e76a.exe)
3. Restart your computer.
4. Check that the virus files above have not come back. You may also need to reset the wallpaper in Control Panel Display settings.
5. Run regedit and search for items containing the “common” name (cv76j0e76a). You should find at least two (the screensaver and the startup register). Delete the items found from the registry.
6. Restart your computer again.
7. Check that virus has gone, then create a System Restore point using the options in “Help and Support”
8. Job done!
July 11th, 2008 at 4:08 pm
I bought the Spy Hunter 3 thinking it would remove Antivirus XP 2008 but it did not
July 12th, 2008 at 10:15 am
to: Fix it Manually
Thanks a lot for that info. Among the solutions listed above, yours was really effective. Keep it up! Again, thanks.
July 12th, 2008 at 10:57 am
Similar to what Fix it Manually said, I also found out that many antivirus softwares don’t even work for this virus. I followed his steps and I just want to make a more detailed procedure from what he stated.
1. Go to directory list C:\WINDOWS\system32 and sort by date to look for files created since the infection began. In my case there were three suspicious ones:-
blphc1f1j0ev7l.scr
lphc1f1j0ev7l.exe
phc1f1j0ev7l.bmp
Notice that part of the file name is common to all of them (c1f1j0ev7l).
You cannot delete these files immediately because it is still running on your computer so proceed to step 2.
2. Run msconfig, click on the startup tab and untick the startup for the “virus”.exe file (in my case lphc1f1j0ev7l.exe)
3. Restart your computer.
4. This is the time you will continue with step 1. Go to system 32, arrange files by date modified and delete the files with the common name (mine is c1f1j0ev7l).
5. Check that the virus files above have not come back. You may also need to reset the wallpaper in Control Panel Display settings.
6. Run regedit and search for items containing the “common” name (c1f1j0ev7l). Here’s an easy step: On the first panel, click My Computer. Click Edit from the menu bar and click Find.
Type the common name and the computer will automatically show the files containing the common name. You should find at least two (the screensaver and the startup register).
Delete the items found from the registry.
7. Restart your computer again.
8. Go to My Computer, Drive C, Program Files. Arrange icons by Name, then on the folders beginning with “R”, delete the one with the unusual name (on my case, rfstp30hdgjl). This folder contains
the Antivirus XP 2008.
9. Go to Start, All Programs, and right click “Antivirus XP 2008″, this time, it’s safe to delete it.
10. Go to Control Panel, Add/Remove Programs, then remove Antivirus XP 2008.
11. Finally, remove all contents of the recycle bin.
12. Restart your computer and you can now get back to work!
Hope this helps a lot for freshers in manually removing virus and other malwares. Thanks a lot to Fix it Manually.
July 13th, 2008 at 1:44 pm
My wife just got this. I checked the URL and found it was just purchased 7/10/2008, yet they claim to be in business for 7 years. Also, they must have changed the file and process names because I tried the removal technique and could not find those files.
The URL is http://www.antivirxp08.com
July 13th, 2008 at 5:10 pm
A simple solution to get task manager back if it blocks you out of it is simply to:
1. Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
2. Delete DisableTaskMgr or set it’s value to 0.
3. Immedeatley after, right click either policies or system and go to permissions.
4. Disallow any access to Administrators.
5. Press Ok or Apply.
Ctrl+Alt+Del to get the task manager and stop this virus.
After you clean everything off, be sure to go back and re-allow the permissions.
You will likely have to be under the administrative account for this to work.
July 13th, 2008 at 5:15 pm
I went through the instructions given by “Fix it Manually” and Rudi Geldenhuys and have managed to remove this nasty piece of software from my computer. It is now back to normal! Thanks guys :)
July 15th, 2008 at 7:35 pm
This appears to have worked for me. Step 1 is key as it appears that the file names are different for each instance but at least in my case they appeared to have the date when the infection occurred.
July 19th, 2008 at 3:03 pm
thank you for the instruction of manuel removal, it was the only way to remove it all.
Not all the files in the instruction were there, but when i acces to de reg edit it was very easy to remove the program fron the control panel and the active proces
Thank you very much.
with that “antivirus XP “2008″ my PC did not work at all it was always visible the advertisement an the warning in the screen and as a wallpaper.
An by the way the antivirus XP 2008 erase all the control points of the sistem and i couldn’t restore the sistem to a previous date.
thank you
July 20th, 2008 at 9:35 am
I got this crap too but mine was in a folder called rhcenvj0e13c . Thank You to Rudi Geldenhuys
Legal Easy CC - Computer Consultants
Gauteng Province, South Africa…….. your reg edit got my desktop back and all the tabs back in the settings menu.
July 20th, 2008 at 2:52 pm
After doing a google search, I actually found a free malware tool that removed the virus and fixed the missing wallpaper tabs, task manager lockout and system restore issues. It’s called Malwarebyte Anti-malware. There’s an upgraded version available, but the free tool completely solved my Antivirus XP problem. Their website is http://www.malwarebyte.org.
July 22nd, 2008 at 8:32 pm
tks for destroy 4 years my work. Tks a lot!!
July 22nd, 2008 at 8:33 pm
this malware installed itself automatically without any user intervention. luckily i was able to remove it with some help from a free malware remover software called “Malwarebytes’Anti Malware” which totally remove the Antivirus XP 2008 without any trouble. Just follow this link and follow the detailed instructions provided. http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008
July 23rd, 2008 at 7:49 am
hey i used spyware doctor to get rid of this peace of crap… looks like it did the job… but there is one little snag… it didnt return my screensaver tab… how do i get it back?…
July 24th, 2008 at 12:21 am
Wow! Everything is back to normal. My only concern is that that the the 2 files (lphc9v6j0e3f9 & rhccv6j0e3f9″ are still in the System Configuration Utility Startup. I can’t get rid of them.
Anyone else have this situation?
Thanks
July 25th, 2008 at 6:30 am
Thanks to the information on this site, I was able to remove this virus from my sister-in-law’s computer. One thing I did not see mentioned; there was a file with a name like setup69.exe lurking in her user area. When I searched the entire system on that name, a reference to some kind of pre-fetch file or area also came up (sorry, I should have taken notes). Anyway, until I deleted them, IE’s home page setting wouild be set to the antivirusxp08 web site, which would and download the virus back into the computer and we’d start all over again.
Hope these guys burn in hell.
Again, great web site…thanks.
July 25th, 2008 at 3:21 pm
I dont think you guys are cleaning your machines… at least for the new version of this junk.. I would like to see if you run gmer do you see a root kit? no one is talking about the root kit that you have to del in safe mode.
July 26th, 2008 at 10:17 am
I have been able to delete all necessary files regarding antivirus xp 2008 but ca not get rid of the popup that says computer is infected etc any ideas?
July 26th, 2008 at 7:03 pm
^&*^#*!!!!!!
What a nasty piece of software - thanks for the instructions on how to remove the sucker and also get my dekstop back to normal. I really should do my ‘research’ surfin’ inside a VM from now on - served me right I suppose.
THe only leftover bit is the registry key that I cannot delete. Tried it in safe mode to no avail as the permisisons keep resetting. This machine will get an eventual rebuild I suspect.
thanks again
July 28th, 2008 at 9:20 am
Thanks for the info on how to remove this crap. All of it was extremely helpful and easy to follow (especially since I am illiterate when it comes to the workings of computers). My folders were labeled as follows:
blphcgfkj0eg3p
rhclfkj0eg3p
phcgfkj0eg3p
Thanks again! You all saved me from having to buy a new computer (at least for now)!
July 30th, 2008 at 6:04 am
thanks for the info easy to do and now i can game without the stupid annoying pop ups thanks again and keep up the good work..got this from and email..very annoying thanks again
July 31st, 2008 at 3:15 pm
It is so bad on my moms computer that I can not get to the run screen. All things on my start up are gone. I got to the internet by accident - how can I get ridof this when I can not use my task mnngr or even get to run?? Please help us.
August 1st, 2008 at 10:01 pm
yep, i bought spyhunter and spywaredoctor, both of them, then reg mechanic. got rid of most of it, but not all, still do not have screensaver function, and still see the fake blue screen sometimes. gonna try the manual reg edit per above. thanks all. ANYONE KNOW HOW TO WRITE CODE INTO THEIR VIRUS THAT WILL GO BACK TO THESE CREEPS AND LOCK THEM DOWN…surely that is possible if they are installing trojans that transmit back to themselves.
August 6th, 2008 at 10:51 pm
I would like to thank you, especially to Rudy Geldenhuys and Fix It Manually. Your writing has helped a lot. Thanks for sharing your expertise…
August 10th, 2008 at 8:54 pm
[...] XP Antivirus 2008 Removal Instructions (XP Antivirus 2008) - MS Windows Vista Compatible Software Remove Antivirus XP 2008 (Removal Instructions) 411-Spyware.com __________________ Chappaquiddick 1 - Dick Cheney [...]
August 13th, 2008 at 8:20 am
Hi,I did a search on the forum and someone else had this same problem. Unfortunately their thread didn’t help me any. So am posting a new thread.
Here’s the problem:
1. I uninstalled the Antivirus XP 2008 using the malware removal software, but now I still cannot access any antivirus sites like norton or mcafee, when i click on links from a google search I am directed to unrelated pages trying to sell me stuff. Wheneve I do a google search and the result page comes up, all the result links get redirected to different unrelated sites (usually ad sites,) when I click on them.
I fear that my hard drive has been damaged, and the problems with the internet lead me to believe that either there is still a virus on my system which is an excellent hider, or these are the after-effects of the virus which need to be fixed.
I have downgraded from IE7 to IE6. Still it behaves oddly.
2. In Task Manager i cannot see the user name… its completly blank. ( not sure if this is because of the virus).
Please help! I have no idea how to fix these problems, short of doing a clean reinstall of XP
cheers
Kriativp
August 13th, 2008 at 6:09 pm
I’ve tried all the fix it manually and Rudy’s tips. It all went well but in my task bar there is still this X icon saying my computer is infected bla bla bla… i can’t get rid of this. and if i accidently click it either right or left click, it will dload all over again the stupid antivirus XP 2008. urrhhh im so tired. and i cant repair my wallpaper eventhough ive tried rudy’s tip. did i get it wrong? when i search the RestoreOpenIsSafe (no.4) nothing appeared. HELP me!!! thanks :p
August 15th, 2008 at 8:49 am
Check out the following link http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008
It provides instructions for removal by using Malwarebytes Anti-Malware software, which is a free download. I’ve used it to successfully remove Antivirus XP 2008 from two computers.
August 15th, 2008 at 11:24 am
There are a number of Rogue Trojans doing the same thing. They are Antivirusdoc-scanner.net, Antivirusdoc.net, Systemantiviruspro.com, Websurfsecure.com and Systemantiviruspro-scanner.com. The idea is to scare people into buying their software which does nothing. It also redirects both IE and FF to their download as well as any MS downloads to it’s site as well as disabling IE Update. In addition, it changes your background and screen saver. Lastly, it disables the Restore software. That’s what i have found so far.
There is a fix for the DNS redirection it is SmitFraudFix, it fixes the root. It fixes the root file. Boot into safe mode run SmitFraud and use option 2. Click on yes when asked. Then reboot under safe mode and go to C:\Docs & Settngs\User\local Settings\Temp…remove all files. Then go to C:\Windows\Temp and remove all files.
You’ll still have Restore problems and IE update problems but not the DNS redirect.
cdwy
August 15th, 2008 at 12:06 pm
OMG, this is driving me mad. I can’t get to taskman or control panel. I did a search from Explorer and no files are coming up. Even the DLL’s can’t be access much less Regedit… It sort of seems like a newer version of this rogue. Any help?
August 15th, 2008 at 2:13 pm
Thanks so much to: Someone and Fit it Manually.
And also to Google for finding me this forum.
Never come across something like this.
CHEERS!
August 17th, 2008 at 9:37 pm
Guys,
This is the best tool…just follow the instructions on this page.
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008
Good Luck!
August 18th, 2008 at 4:09 pm
I am ready to freak out. I have tried everything under the sun (including this) to remove Antivirus XP 2008 from my computer and NOTHING is working. I keep getting a message every 10 goddamn seconds that says “Security Alret” 638 virus’ detected and it WON’T go away. I tried everything step by step in this site, but it did not work. Can ANYONE out there help me? I cannot do anything with my laptop without those annoying antivirus shits pop up. The thing is, I did not even sign up for this or anything… I think I accidentally clicked on it and got into a world of shit. I feel like calling up someone and complaining and getting my computer fixed for free.
August 19th, 2008 at 1:40 pm
Erica, i’m so sorry to hear that, as this website states there is a level of severity that you can get from this virus. I was quite lucky and didn’t get it as bad. I am unsure what you should do. It may be best that you consult a professional, prehaps an online computer software engineer or a local shop that repairs computers. The only other thing you could do is totally wipe you’re computer. This may cause you to loose all your files if you are unable to back them up on a CD or USB stick.
As for others, after the process of getting rid of it, please make sure to delete all cookies and try a virus scanner/destroyer free from moneysavingexpert’s website.
August 20th, 2008 at 6:53 pm
I too have this terrible trojan/virus. Mine is worse. After trying several times to remove it using everyone’s advice here my PC will now not boot up completely. It just reboots just before displaying the user login page. I’m even trying to reinstall WinXP and it wont’ work, just keeps getting to a certain part and rebooting. Fortunatel,y it was a newly rebuilt PC with not much on it so not a huge deal but still very irritating and I’m now just wantting to learn how to correct this so I can help friends and family. I’ll wipe the disk and try to reinstall WinXp now. Man, these hackers should be castrated, eyes poked out, toenails/fingernails pulled out and filleted before allowed to die.
August 21st, 2008 at 3:08 am
Thank you very much. Your information was quiet usefull for geting rid of the registry keys. I’m just glan that blasted virus is off my pc.
August 21st, 2008 at 10:00 am
Kriativp
Try winsockxpfix.exe (you will need to google it), It will reset and repair your winsocks where the trojan is still likely to be hiding.
August 21st, 2008 at 6:59 pm
As an added correction to my earlier post, winsockxpfix.exe will not work on its own. These files are responsible for Hijacking the browser.
tdssservers.dat
tdssserv.sys
tdssl.dll
tdssmain.dll
tdsslog.dll
tdss6c9c.tmp
tdss6f31.tmp
tdssserf.dll
tdssinit.dll
They can be found in the system32 folder and are part of the torjan. You may not be able to delete the dll’s especially if they are in use. There is 2 ways to get around this. Use the Xp cd and boot into the recovery console and delete them from there or download a program called unlocker to unload the dlls and then delete.
Good luck.
August 22nd, 2008 at 11:21 am
I used several different means of removing this crap from my PC, especially the help from 10 July. I think I have removed most of it but my system is stuck in a “reboot loop”. I can go into Safe Mode but as soon as I shut down and try to get in normally the system comes up and as soon as the programs in the tray finish loading it shuts down and reboots. I’m not able to access anything except in Safe Mode. Anybody have any ideas ?
August 23rd, 2008 at 1:20 am
Thank you to all who took the time to be a part of the solution
August 26th, 2008 at 2:46 am
I hit CTR-ALT-DEL when I was prompted to download Antivirus XP 2008. However, I still have something on my computer that jacked up my printer and won’t let me do adequate searches on google. I’ve been able to use Lycos but even then the links are disabled. Also, in google, I get the “analitic-checks.google.com” text on the lower left corner of the browser, in both IE and Firefox.
To get around that, I right click on the link, click properties. When the URL address is displayed, I can highlight it and paste it to the web adress in the browser window and this will take me there. In most cases it works except to get to real antivirus websites (McAfee.com, symantec, etc…).
Anybody else have printer problems and the “link hijacking”? If so, how did you get your printer to come back to life?
If I don’t get this shit cleared up in a day or two, I’m just going to reformat C and use my system restore CDs.
August 26th, 2008 at 9:16 am
I’ve been trying to remove this for about 5 hours now!
The USB ports on the computer I’m trying to fix are disable/not working. I can’t get it to access the internet either. I’ve also had no luck getting it to read a CD. This all means I have no way of getting any software removal tool on to the affected PC.
I’ve tried to go down the manual route but I cannot run msconfig. The process starts but nothing ever actually happens. I can’t enable System restore as when I search for the value in RegEdit it’s not there.
Any ideas?
August 26th, 2008 at 9:34 am
Finally managed to get it to read a CD and installed malwarebytes Anti-Malware. However, that hangs after 2 seconds when trying to scan.
I know all I need to do is disable the startup of it but I don’t know how to do that if I can’t access msconfig
August 26th, 2008 at 12:18 pm
I got this nasty bug, but thanks to this site and the helpful writers I got rid of the worst of it.
However I still have one pop up that shows up every now and again stating the computer is infected.
I can’t seem to find where this guy resides. It does not seem to contain the same Antivirus file name as I cannot find it when I search.
However, when I go into C://WINDOWS\system32 I see a bunch of files that all have the date and time of the infestation. There seems to be about 40 of them.
They are files like anticipator.dll, ssvchost, Rundl1, mwin32,taaacck…etc. Some are Application Extensions, some are DAT files, some our Applications…
Question is, should I delete all these since they all have the exact same time of 12:52pm on 8/20 which was the day of infamy for my computer.
I don’t want to do further damage but it seems a bit coincidental that these files appeared all at the same time of the infestation.
Any ideas?
August 27th, 2008 at 11:15 pm
Hi guys! Thank you all SO much for posting solutions (esp. Fix it manually) ! I got rid of that pop-up “agree and install” and desktop picture, but I I was wondering sth: desktop picture said “warning, spyware - win32/adware.VIRTUMONDE and win32/PRIVACYREMOVER.m64″. So the question is - are those viruses deleted simply by deleting Antivirus XP or are there special removal steps for those 2 bastards? I googled them and didn’t understand a thing… Removing them is too complicated (it takes about 4 different programs), so should I trouble myself trying to do that or don’t need to cause they’re gone? What did you folks do?
Tnx in advance, you’re lifesavers! :)
August 28th, 2008 at 1:31 am
Here’s a post that has instructions on how to get rid of this crap. I followed it yesterday, which suggests downloading Dr. Web Cureit (http://www.freedrweb.com/cureit/). Brought my computer back from the brink. Browsers work now, I got my printer back online, and the search engines are all functional again. So far so good.
Good luck.
http://www.suggestafix.com/index.php?showtopic=30859
August 31st, 2008 at 3:49 pm
The malwarebytes, bleepingcomputer, and suggestafix links do not work. As per Rudi Geldenhuys instructions, I also cannot correct my system restore, and as such cannot perform that. Followed all the rest of Rudi’s as well as Fix It Manually’s and Someone’s instructions. No luck. I am still stuck with this aggravating virus and am seriously considering throwing my computer out the window.
September 16th, 2008 at 9:40 pm
HELP!!!!!!!!!!!!!!!! I cannot restore my system. I’ve tried everything listed on this site. I am going crazy. I have prayed, rebuked and everything………..does anyone have the correct directions? I have lost my Windows program. I can start windows in safe mode but it will not let me start normally. Can anyone help…. God Bless you, if you can… ; )
September 17th, 2008 at 1:59 pm
Q, have you done a virus scan in safe mode and removed the files? What happens when you boot normally into windows? Does it show your Desktop and crash or does it crash while showing the Windows logo? If I know that, I can narrow down your problem.
September 20th, 2008 at 3:30 pm
i got rid of it all by goin to the programs in the start menu and just removing the folder there, and in temp internet files i deleted all those and used malwarebytes for scanning, i have the wallpaper tab, but not the ability to do restore, i used the set of instructions from rudi geldenhuy, but it did not even show anything when i typed what i was to type, suggestions?im kinda illiterate when it comes to technical stuff with computers lol
September 21st, 2008 at 1:49 pm
Hi Jamie, Do you have a paid antivirus scanner like SpyDoctor? If not, I recommend you get one and run that on your computer as with your computer knowledge, you could end up causing more problems on your computer if you try to remove Antivirus XP manually.
October 1st, 2008 at 1:51 am
graham, i got rid of it somehow lol, i did remove the folder itself from start menu, and that did help alot, i still do not have system restore, but everything else is back to normal, i installed and ran malware bytes and it did help too…any suggestions on gettin system restore?i tried the others advice, but did not help
October 1st, 2008 at 1:49 pm
jaymet, right click on My Computer and select properties, Is there a “System Restore” tab available? If I know that I can tell you the next step to take.
October 2nd, 2008 at 2:43 am
yes, there is
October 2nd, 2008 at 12:54 pm
Thats good jamie, that means system restore is still on your computer. When you say you don’t have system restore, do you mean that there is no link to system restore on your computer or the link doesn’t work? The way to system restore is Start > Programs > Assessories > System Tools > System Restore.
If there is no link to System Restore, Try the following.
Open this folder:
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System
Tools
Create a new shortcut with this in the filename/target line:
%SystemRoot%\system32\restore\rstrui.exe
Name that shortcut System Restore.
You should now have a working link.
October 2nd, 2008 at 1:34 pm
Hold up Jayme, I just found a really useful tool to help you if your system restore shortcut in the System Tools is not working. It’s a free progam called AccRestore. You can download it http://www.winxptutor.com/download/accrestore.zip
Run it and it will restore the System Restore shotcut in System Tools if its missing.
October 6th, 2008 at 7:54 pm
[...] Microsoft has filed a lawsuit against Texas based “Branch Software”, who has enriched our lives with programs like Registry Cleaner XP, Antivirus 2009, Malwarecore, WinDefender, WinSpywareProtect, XPDefender and Antivirus XP. [...]
October 21st, 2008 at 10:35 pm
I too was infected by this abomination. I think it was late at night when I got this popup advising me of a virus attack did I want to do something to remove it. I said yes, and all hell broke loose. I couldn’t do anything to remove it, I lost my home page, my browser wouldn’t go to the sites I wanted and all my remove features in XP wouldnt work. It even disabled my control panel so I COULDN’T access any of its features. Boy did I want to do a System restore, but that function was gone too. At the insistance if my Son the IT specialest I saved all the files I could to another drive, and wound up reformatting the hard drive and re installing XP and all the programs and updates necessary to bring it back to normal. Although it was time consuming, it is the best way to insure total removal. I then ( again at his suggestion) downloaded a trial version of Eset antivirus. It seems to be working fine now. Just remember to never ok any request to add or check for malware if you are not 100% sure it is something you have or know where it came from!