What is XP Anti Virus?

Status
Not open for further replies.
Eh, forgive me if I am missing something here. Windows XP is a Microsoft Operating System, and an "Anti-Virus" application is precisely as the name implies, it thwarts viruses and malware. Please be specific as to what your problem is.
 
XPAntiVirus is a rogue antivirus software that, when runs, display false results as a tactic to scare you into purchasing the software.

(Notice that the words are all bunched up)

Do a HijackThis log and post the results back as an attachment.
 
You dont see it too often so its not well known.

If its there though other things may be as well.
 
Meh, I don't have that stuff memorized - chasing malware around bores the hell out of me. :D I should stick to hardware threads. Anyway, don't want to drag this off topic :O I'll **** out!

*Edit*

Wow, that's lame, it stars out b.u.t.t.!
 
A lot of malware is named after legit programs, makes it harder to detect.

And marygg, is this one of the computers that we have already cleaned?
 
No. It popped up on a computer that is used for business by a friend. I was pretty sure it was malware but I wanted to make sure. I'm debating going to get the computer or trying to walk him through the cleanup.
 
Courtesy of bleepingcomputer

Symptoms in a HijackThis Log (Other than XP Antivirus, these are fake malware entries):


O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe

Add/Remove Programs control panel entry:

XP antivirus 1.0.1

Removal Instructions for XP AntiVirus:
  • . Print out these instructions as we will need to close every window that is open later in the fix.

  • . Next, please reboot your computer into Safe Mode by doing the following:
    • . Restart your computer
    • . After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • . Instead of Windows loading as normal, a menu should appear
    • . Select the first option, to run Windows in Safe Mode.
    • . Login as a user with administrator privileges.
  • . When your computer has started in safe mode, and you see the desktop, continue with the rest of the instructions.
  • . Click on the Start button and then select the Run option.
  • . In the Open: field type C:\Program Files\ and then press the OK button.
  • . When the folder appears, if it says These files are hidden, click on the Show the contents of this folder option.
  • . When the C:\Program Files\ folder opens, look through the list of folders and when you find the folder named XPAntivirus left-click on it once so it becomes highlighted.
  • . Then hit the Delete button on your keyboard and when it asks if you are you want to delete the folder, click on the Yes button with your mouse.
  • . When the folder is deleted, reboot your computer back to normal mode.
  • . When your computer has rebooted and you are back at your desktop, download FixXPAV.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.


    Confirm that the file FixXPAV.reg now resides on your desktop as we will need it later.
  • . Go to your desktop and double click on the FixXPAV.reg file that you just downloaded. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.
  • . Delete the following files and folders (Do not be concerned if a folder does not exist):

    C:\Documents and Settings\All Users\Start Menu\Programs\XP antivirus\
    C:\program files\XPAntivirus\ (This folder should already be gone from previous steps)
  • . Next to your Start Menu button is your Quick Launch. XP AntiVirus also installs a shortcut in the Quick Launch that we want to remove. To do that, simply right-click on the XpAntiVirus icon to delete it.
  • . Reboot your computer for the time in this guide.
  • . Once the computer has rebooted we want to perform an online scan with Panda to find any possible inactive remnants from this infection: Panda Online
    • . Once you are on the Panda site click the Scan your PC button
    • . A new window will open...click the Check Now button
    • . Enter your Country
    • . Enter your State/Province
    • . Enter your e-mail address and click send
    • . Select either Home User or Company
    • . Click the big Scan Now button
    • . If it wants to install an ActiveX component allow it
    • . It will start downloading the files it requires for the scan (Note: It may take a few minutes)
    • . When download is complete, click on Local Disks to start the scan
  • . When the online scan has been completed, let it remove what it finds, and then you can close Internet Explorer.

Your computer should now be free of the XP AntiVirus software.
 
Status
Not open for further replies.
Back