ButtonGenerator.com ButtonGenerator.com ButtonGenerator.com Specific Virus Removal Guide Forum

XP Antivirus 2008/2009 Removal

XP Antivirus 2008/2009 is a rogue antivirus program which hijacks the system disguised as an antivirus program. It will constantly prompt you that your computer is infected and urge you to buy their version to clean up the system.

Threat Level:
Extreme

Associated Files:

-C:\Program Files\XP Antivirusc:\Program Files\XP Antivirus\xpa.exe
-C:\Program Files\XPAntivirus\C:\Program Files\XPAntivirus\XPAntivirus.exec:\WINDOWS\system32\scui.cpl
-%UserProfile%\Desktop\XP Antivirus 2008.lnk
-%UserProfile%\Start Menu\XP Antivirus 2008
-%UserProfile%\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk
-%UserProfile%\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk
-%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk
-C:\WINDOWS\krln32.exeC:\WINDOWS\system32\scvh0st.exe
-C:\Program Files\Common Files\trjdwnl.dllC:\WINDOWS\shlext32.exe

Associated Registry Entries

-HKEY_CURRENT_USER\Software\XP antivirusHKEY_CURRENT_USER\Software\
-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPAntivirusFilter
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPAntivirusFilter
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-dcf7-f96da086b434}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C6B8C69-9285-4D94-8492-9E920C8C2B65}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74f25a2c-22b3-4023-8f1a-ca616c30a8b5}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D714A94F-123A-45CC-8F03-040BCAF82AD6}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP antivirus_is1\
-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XP Antivirus"
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "mmnext06"
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "shellbn"
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System"
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Framework"
-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
Posted by The Tech Guru

Comments (8)

Loading... Logging you in...
Dashboard | Edit profile | Logout
  • Logged in as
0 Vote up Vote down
Chuck's avatar

Chuck · 866 weeks ago

OK...so in laymans terms....what do we do??
Loading...
+1 Vote up Vote down
thetechgurus's avatar - Go to profile

thetechgurus 4p · 866 weeks ago

For the associated files you just have to go to those areas and see if they're there, if not just go to the next part.

For the registry entries you'll need to open the registry editor:

Start > Run > Regedt32

From there you need to browse through each of the sections as defined and try to find the entry. If it's there delete it, if not move to the next part.

Hope that helps.
2 replies · active 866 weeks ago
0 Vote up Vote down
Patti's avatar

Patti · 866 weeks ago

this is constantly popping up and it even shuts down my computer how do I get rid of this antivirus 2009 I never agreed to purchasing it but yet it won't let me do anything without promting me and changing my screen to "MONSTER" Please help
Loading...
+1 Vote up Vote down
thetechgurus's avatar - Go to profile

thetechgurus 4p · 866 weeks ago

By following the guide above it will help you to remove the Antivirus 2009 program (or at least really take a good hit out of it). After that you will need to run the Generic Removal Guide to completely finish it off. It takes a good amount of time but is very effective (running the programs more then once). Then after that you would want to checkout how to reverse virus after effects to fix the screen. Here are those links:

Generic Virus Removal Guide:
-http://ultcomprepair.blogspot.com/2008/07/generic...

Fix After Effects Of Virus
-http://ultcomprepair.blogspot.com/2008/08/effects...

Good luck.
0 Vote up Vote down
Leith's avatar

Leith · 866 weeks ago

Use Super antivirus I used that and was able to get rid of it. Run it in safe mode by hiting f8 when ur pc first starts up. May differ with different Os or brands. Run super it will find it and lable it as a rouge antivirus xp 2008. Mine found 6 objects. Then you "SHOULD" be good. It took me 1 day to figure it out.
0 Vote up Vote down
Georgia's avatar

Georgia · 851 weeks ago

As far as i'm aware I never purchased or downloaded Antivirus 2009 and still have the popup, and many others, i followed the steps above and didn't mind any of the files, now what do i do? Help! 8-D

Post a new comment

Comments by

Subscribe to: Post Comments (Atom)
Contact: thetechgurus@yahoo.com