A neighbor has acquired a program named AntivirusXP2008. I think she downloaded it thinking it was a legitimate program. It has planted a big box in the middle of the screen, run a bogus scan, found thousands of malware, and wants $99.99. It cannot be removed in the manner usually used to remove crap. It will not go away regardless of what is done.
Has anyone removed this and how is it done?
The problem is on a HP a1410Y computer with XP and Roadrunner.
#2. "RE: "AntivirusXP2008" malware" In response to don s (Reply # 0) Thu Aug-21-08 02:01 AM by Dave101
I ran crapcleaner/tools/startup & deleted it from there. I re-booted in safemode & went to start/search & typed the exact words, found 2 folders & deleted them. Pretty sure I used spybot & superantispyware after & scanned & found a few associations. That was it. Be sure to disable system restore first in full mode.
Edit: Chari beat me to it. I guess they came out with a removal tool. Never tried it though.
"The only goddamn thing you know about the law is how to break it." Chief Lafleche
#3. "RE: "AntivirusXP2008" malware" In response to don s (Reply # 0) Thu Aug-21-08 02:17 AM by Grogan
Yep, I'm seeing that one all over town. It's a bit bothersome to remove, but not that bad.
Kill its process in Task Manager
Get SuperAntiSpyware, Spybot Search and Destroy and Avira Antivir installed and updated.
Disconnect network (this malware is usually found in the presence of downloader trojans)
Run a SuperAntiSpyware scan, and when it's finished proceed to remove everything and accept the reboot.
Now, boot to Safe Mode and run Spybot Search and Destroy and remove everything it finds. Go to Advanced Tools, and use the Startup utility to clean up startup entries.
Spybot Search and Destroy will find and fix some System Policies for you as well. That thing in the middle of your screen is actually just wallpaper, but it sets policies so you can't get in and change it (tabs missing from display properties)
Open Avira Antivir, and go to Configuration and check the Expert box. Under General, enable all the Extended Threat Categories (optional, but I always enable them). Do a full system scan and let it quarantine or delete anything it finds.
That should take care of it. I usually have to do a bunch of manual hunting and poking during a malware cleanup, but that will get everything important related to "Antvirus XP 2008"
P.S. It also wouldn't be a bad idea to run Antivir's rootkit scan, because I've also found hidden services/drivers in the presence of this Antivirus XP 2008. It just depends on what the downloader trojans have done to the system additionally... Antivirus XP 2008 is seldom the only thing wrong.
#6. "RE: "AntivirusXP2008" malware" In response to DF_Fan (Reply # 5) Thu Aug-21-08 01:03 PM by Pilgrim
Yep, ditto here.... just this past Tuesday I had a client's PC infected with this Rogue malware/trojan or however they want to classify it and Malwarebyte's Anti-malware 1.25 made short work of it in one pass. It got most everything but required a reboot to get rid of those files which were still in use. Ran Kaspersky AV 2009 (8.0.0.454) afterwards and it didn't find a thing. This is the second time Malwarebytes has impressed me in getting rid of resistant junk where others have failed.
Addendum: I really want to add that this PC had Norton 2009 installed on it . . . fully operational and updated; totally useless. The first thing I did after getting rid of Antivirus 2009 was to remove Norton and install Kaspersky AV.
#7. "RE: "AntivirusXP2008" malware" In response to DF_Fan (Reply # 5)
I've heard it's very good at what it does, but the reason I don't use it is, it only removes a limited subset of malware, and there's usually more on a PC than just that.
Time is money to me and another scan means another half an hour so I just stick with what I know works. I may try it as an alternate if I get something I'm having trouble finding/removing.
#9. "RE: "AntivirusXP2008" malware" In response to uffbros (Reply # 8)
Yes, that's what I described as part of my method in post #3 in this thread.
SuperAntiSpyware Spybot Search and Destroy Avira Antivir
I also have to do some manual removal of some stubborn things, but for the purposes of this thread that will suffice.
Malware Bytes Antimalware may indeed take care of this one item marvelously, but I guarantee it won't be the only thing on the PC and I'm not familiar enough with it to recommend it. I'll have to get testing it.
#11. "RE: "AntivirusXP2008" malware" In response to don s (Reply # 0)
I am grateful to all you gentlemen who replied to my post with good information. It was nice to have some choices. I decided to try Malwarebytes first. It installed and worked great. It found a ton of junk and deleted it. I then ran Trendmicro Security which found nine more items. Two of these were trojans. They in turn were deleted. The computer is back up and running and my neighbor is happy. She says she has learned her lesson not to mess with a box that is running well.