XP Antivirus 2008/2009 Removal

XP Antivirus 2008/2009 is a rogue antivirus program which hijacks the system disguised as an antivirus program. It will constantly prompt you that your computer is infected and urge you to buy their version to clean up the system.

Threat Level:
Extreme

Associated Files:

-C:\Program Files\XP Antivirusc:\Program Files\XP Antivirus\xpa.exe
-C:\Program Files\XPAntivirus\C:\Program Files\XPAntivirus\XPAntivirus.exec:\WINDOWS\system32\scui.cpl
-%UserProfile%\Desktop\XP Antivirus 2008.lnk
-%UserProfile%\Start Menu\XP Antivirus 2008
-%UserProfile%\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk
-%UserProfile%\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk
-%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk
-C:\WINDOWS\krln32.exeC:\WINDOWS\system32\scvh0st.exe
-C:\Program Files\Common Files\trjdwnl.dllC:\WINDOWS\shlext32.exe

Associated Registry Entries

-HKEY_CURRENT_USER\Software\XP antivirusHKEY_CURRENT_USER\Software\
-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPAntivirusFilter
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPAntivirusFilter
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-dcf7-f96da086b434}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C6B8C69-9285-4D94-8492-9E920C8C2B65}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74f25a2c-22b3-4023-8f1a-ca616c30a8b5}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D714A94F-123A-45CC-8F03-040BCAF82AD6}\
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP antivirus_is1\
-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "XP Antivirus"
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "mmnext06"
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "shellbn"
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System"
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Framework"
-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""