What is XPAntiVirus?
XPAntiVirus - rogue spyware security software, pretending to be able to detect and remove computer security threats. The principal XPAntiVirus symptom is a popping warning in the taskbar area, indicating that critical errors have been found: "XP antivirus notification. Your computer is at risk, critical errors found. Click on this baloon to fix these errors". The only purpose of XPAntiVirus is to terrify PC owner with it's corrupt alerts, which determines the purchase of a licensed program version. Even if XPAntiVirus is purchased it will not make PC secure. Most victims that were infected are using Windows 2000, Windows XP or Windows Vista.
XPAntiVirus removal tool:
- Spyware Doctor (see here for the installation guide)
Screenshot:
XPAntiVirus Entries:
The following dll files are created: trjdwnl.dll
The following files are created:
krln32.exe, scvh0st.exe, shlext32.exe, XPAntivirus.exe, xpantivirusupdate.exe, explorer.exe*, ntoskrnl.exe*, shlwapi.dll*, xpa.exe, wininet.dll*.
* - File location is %program_files%\xpantivirus\sysbackup\
Hijackthis Entries:
O4 Entries
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe