Home About us Malwarebytes Spyware Doctor Threats Contact us
Home > Threats > XPAntiVirus

What is XPAntiVirus

Posted on 21 August 2008 under Rogue Programs

1. What is XPAntiVirus?

XPAntiVirus - rogue spyware security software, pretending to be able to detect and remove computer security threats. The principal XPAntiVirus symptom is a popping warning in the taskbar area, indicating that critical errors have been found: "XP antivirus notification. Your computer is at risk, critical errors found. Click on this baloon to fix these errors". The only purpose of XPAntiVirus is to terrify PC owner with it's corrupt alerts, which determines the purchase of a licensed program version. Even if XPAntiVirus is purchased it will not make PC secure. Most victims that were infected are using Windows 2000, Windows XP or Windows Vista.

2. XPAntiVirus screen shot:

XPAntiVirus

3. How to remove XPAntiVirus:

  1. Internet connection might be disabled or Internet browser might be blocked by XPAntiVirus, so it won't be possible to download any files to infected computer. In this case please download all files required for XPAntiVirus removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove XPAntiVirus download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove XPAntiVirus.

  5. Restart the computer to complete XPAntiVirus removal procedure.

4. XPAntiVirus files:

trjdwnl.dll
krln32.exe, scvh0st.exe, shlext32.exe, XPAntivirus.exe, xpantivirusupdate.exe, explorer.exe*, ntoskrnl.exe*, shlwapi.dll*, xpa.exe, wininet.dll*.
* - File location is %program_files%\xpantivirus\sysbackup\

5. Hijackthis entries:

O4 Entries
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe