What is XPAntiVirus?
- Type: Spyware
- Category: Rogue Programs
- Discovered: 21 August 2008
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
XPAntiVirus - rogue spyware security software, pretending to be able to detect and remove computer security threats. The principal XPAntiVirus symptom is a popping warning in the taskbar area, indicating that critical errors have been found: "XP antivirus notification. Your computer is at risk, critical errors found. Click on this baloon to fix these errors". The only purpose of XPAntiVirus is to terrify PC owner with it's corrupt alerts, which determines the purchase of a licensed program version. Even if XPAntiVirus is purchased it will not make PC secure. Most victims that were infected are using Windows 2000, Windows XP or Windows Vista.
2. XPAntiVirus removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. Screenshot:
4. XPAntiVirus files:
trjdwnl.dllkrln32.exe, scvh0st.exe, shlext32.exe, XPAntivirus.exe, xpantivirusupdate.exe, explorer.exe*, ntoskrnl.exe*, shlwapi.dll*, xpa.exe, wininet.dll*.
* - File location is %program_files%\xpantivirus\sysbackup\
5. Hijackthis entries:
O4 Entries
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe