forums Computer Tutorials Computer Help and Spyware Removal File DatabaseUninstall Database Windows Startup Programs Database Computer Resources Computer Glossary Forums Computer Help and Spyware Removal
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
STOPzilla Anti-Spyware

> How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

 
Reply to this topicStart new topic
> How To Remove Xpantivirus (removal Instructions)
Grinler
post Oct 10 2007, 02:01 PM
Post #1


Bleep Bleep!
******

Group: Admin
Posts: 27,990
Joined: 24-January 04
From: USA
Member No.: 3

How to remove XPAntiVirus (Removal Instructions)


What these programs do:

XPAntiVirus is a rogue antivirus software that, when runs, display false results as a tactic to scare you into purchasing the software. When XPAntivirus is first installed it will create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries are harmless and have absolutely no effect on your computer. Instead, these entries are set so that XP AntiVirus can find them when scanning your computer and report them as infections. In order to remove these fake infections you need to purchase the software as the trial does not allow you to remove them.

As you can see this program is fraudware in that makes changes on your computer and then states these changes are infections as a scare tactic to have you purchase the software. It goes without saying that under no circumstances should you buy it. The program does come with a removal option in the computer's Add or Remove Programs list, but when you attempt to uninstall it, all that happens is the entry is removed from the list and program's process is terminated. Next time you reboot, XP AntiVirus will start up again.

The guide below will walk you through the steps necessary to remove this software and the fake malware entries it installed in your Windows Registry. A screenshot of the program is included below.


XPAntiVirus Screenshot
XP AntiVirus Screenshot


Tools Needed to remove XPAntiVirus:

Symptoms in a HijackThis Log (Other than XP Antivirus, these are fake malware entries):


O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe

Add/Remove Programs control panel entry:

XP antivirus 1.0.1


 Guide Updates:

10/10/07 - Initial guide creation.


Removal Instructions for XP AntiVirus:

These steps may appear to be long and daunting. They are, though, quite easy to do and consist of so many steps only because I have written them in an extremely detailed manner.
  1. Print out these instructions as we will need to close every window that is open later in the fix.


  2. Next, please reboot your computer into Safe Mode by doing the following:

    1. Restart your computer

    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

    3. Instead of Windows loading as normal, a menu should appear

    4. Select the first option, to run Windows in Safe Mode.

    5. Login as a user with administrator privileges.

  3. When your computer has started in safe mode, and you see the desktop, continue with the rest of the instructions.

  4. Click on the Start button and then select the Run option.

  5. In the Open: field type C:\Program Files\ and then press the OK button.

  6. When the folder appears, if it says These files are hidden, click on the Show the contents of this folder option.

  7. When the C:\Program Files\ folder opens, look through the list of folders and when you find the folder named XPAntivirus left-click on it once so it becomes highlighted.

  8. Then hit the Delete button on your keyboard and when it asks if you are you want to delete the folder, click on the Yes button with your mouse.

  9. When the folder is deleted, reboot your computer back to normal mode.

  10. When your computer has rebooted and you are back at your desktop, download FixXPAV.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.

    FixXPAV.reg Download Link

    Confirm that the file FixXPAV.reg now resides on your desktop as we will need it later.

  11. Go to your desktop and double click on the FixXPAV.reg file that you just downloaded. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.

  12. Delete the following files and folders (Do not be concerned if a folder does not exist):

    C:\Documents and Settings\All Users\Start Menu\Programs\XP antivirus\
    C:\program files\XPAntivirus\ (This folder should already be gone from previous steps)

  13. Next to your Start Menu button is your Quick Launch. XP AntiVirus also installs a shortcut in the Quick Launch that we want to remove. To do that, simply right-click on the XpAntiVirus icon to delete it.

  14. Reboot your computer for the time in this guide.

  15. Once the computer has rebooted we want to perform an online scan with Panda to find any possible inactive remnants from this infection: Panda Online

    1. Once you are on the Panda site click the Scan your PC button

    2. A new window will open...click the Check Now button

    3. Enter your Country

    4. Enter your State/Province

    5. Enter your e-mail address and click send

    6. Select either Home User or Company

    7. Click the big Scan Now button

    8. If it wants to install an ActiveX component allow it

    9. It will start downloading the files it requires for the scan (Note: It may take a few minutes)

    10. When download is complete, click on Local Disks to start the scan

  1. When the online scan has been completed, let it remove what it finds, and then you can close Internet Explorer.

Your computer should now be free of the XP AntiVirus software.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log



This is a self-help guide. Use at your own risk.



BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.


--------------------
Lawrence
Go to the top of the page
 
+Quote Post
« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »
 

Reply to this topicStart new topic
5 User(s) are reading this topic (5 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 16th May 2008 - 01:25 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database

© 2003-2008 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2008  IPS, Inc.