TechSpot

What is XP Anti Virus?

By marygg
Mar 20, 2008
  1. Is this a serious infection that should be cleaned out? Is there any easy way to do it?
     
  2. Matthew

    Matthew TechSpot Staff Posts: 6,087   +84 Staff Member

    Eh, forgive me if I am missing something here. Windows XP is a Microsoft Operating System, and an "Anti-Virus" application is precisely as the name implies, it thwarts viruses and malware. Please be specific as to what your problem is.
     
  3. kritius

    kritius TS Guru Posts: 2,087

    XPAntiVirus is a rogue antivirus software that, when runs, display false results as a tactic to scare you into purchasing the software.

    (Notice that the words are all bunched up)

    Do a HijackThis log and post the results back as an attachment.
     
  4. Matthew

    Matthew TechSpot Staff Posts: 6,087   +84 Staff Member

    Aha! :) Not surprisingly, there was more to it.
     
  5. kritius

    kritius TS Guru Posts: 2,087

    You dont see it too often so its not well known.

    If its there though other things may be as well.
     
  6. Matthew

    Matthew TechSpot Staff Posts: 6,087   +84 Staff Member

    Meh, I don't have that stuff memorized - chasing malware around bores the hell out of me. :D I should stick to hardware threads. Anyway, don't want to drag this off topic :O I'll **** out!

    *Edit*

    Wow, that's lame, it stars out b.u.t.t.!
     
  7. kritius

    kritius TS Guru Posts: 2,087

    I love chasin malware!
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    A lot of malware is named after legit programs, makes it harder to detect.

    And marygg, is this one of the computers that we have already cleaned?
     
  9. marygg

    marygg TS Enthusiast Topic Starter Posts: 135

    No. It popped up on a computer that is used for business by a friend. I was pretty sure it was malware but I wanted to make sure. I'm debating going to get the computer or trying to walk him through the cleanup.
     
  10. mumbai_pune_guy

    mumbai_pune_guy TS Rookie Posts: 16

    whats the difference between spyware n malware?
     
  11. kritius

    kritius TS Guru Posts: 2,087

    Courtesy of bleepingcomputer

    Symptoms in a HijackThis Log (Other than XP Antivirus, these are fake malware entries):


    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
    O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
    O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
    O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
    O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
    O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
    O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
    O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
    O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
    O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe

    Add/Remove Programs control panel entry:

    XP antivirus 1.0.1

    Removal Instructions for XP AntiVirus:
    • . Print out these instructions as we will need to close every window that is open later in the fix.

    • . Next, please reboot your computer into Safe Mode by doing the following:
      • . Restart your computer
      • . After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
      • . Instead of Windows loading as normal, a menu should appear
      • . Select the first option, to run Windows in Safe Mode.
      • . Login as a user with administrator privileges.
    • . When your computer has started in safe mode, and you see the desktop, continue with the rest of the instructions.
    • . Click on the Start button and then select the Run option.
    • . In the Open: field type C:\Program Files\ and then press the OK button.
    • . When the folder appears, if it says These files are hidden, click on the Show the contents of this folder option.
    • . When the C:\Program Files\ folder opens, look through the list of folders and when you find the folder named XPAntivirus left-click on it once so it becomes highlighted.
    • . Then hit the Delete button on your keyboard and when it asks if you are you want to delete the folder, click on the Yes button with your mouse.
    • . When the folder is deleted, reboot your computer back to normal mode.
    • . When your computer has rebooted and you are back at your desktop, download FixXPAV.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.


      Confirm that the file FixXPAV.reg now resides on your desktop as we will need it later.
    • . Go to your desktop and double click on the FixXPAV.reg file that you just downloaded. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.
    • . Delete the following files and folders (Do not be concerned if a folder does not exist):

      C:\Documents and Settings\All Users\Start Menu\Programs\XP antivirus\
      C:\program files\XPAntivirus\ (This folder should already be gone from previous steps)
    • . Next to your Start Menu button is your Quick Launch. XP AntiVirus also installs a shortcut in the Quick Launch that we want to remove. To do that, simply right-click on the XpAntiVirus icon to delete it.
    • . Reboot your computer for the time in this guide.
    • . Once the computer has rebooted we want to perform an online scan with Panda to find any possible inactive remnants from this infection: Panda Online
      • . Once you are on the Panda site click the Scan your PC button
      • . A new window will open...click the Check Now button
      • . Enter your Country
      • . Enter your State/Province
      • . Enter your e-mail address and click send
      • . Select either Home User or Company
      • . Click the big Scan Now button
      • . If it wants to install an ActiveX component allow it
      • . It will start downloading the files it requires for the scan (Note: It may take a few minutes)
      • . When download is complete, click on Local Disks to start the scan
    • . When the online scan has been completed, let it remove what it finds, and then you can close Internet Explorer.

    Your computer should now be free of the XP AntiVirus software.
     
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.