Antivirus XP 2008 Removal Instructions (XP or Vista Antivirus XP 2008)

By Ko on Feb 17, 2008 | Reply

XP Antivirus 2008 is a piece of sh*t.

By Shawn on Feb 17, 2008 | Reply

Haha.. get a new pc! It’s not worth the headache.

By Mary on Feb 17, 2008 | Reply

I can’t uninstall XP Antivirus 2008

By T on Feb 19, 2008 | Reply

Okay, so I’ve got this xp antivirus 2008 deal and its driving me crazy. I’ve tried what mark suggested, but it still gives me the same error as before. And, every time I try to move those .dll’s to the desktop, another comes right back into my system32! I’ve tried ending the process first and this did not help.
If anyone out there still checks these, can you offer any advice?

Oh, and Ben, if you haven’t already, try what Mark or Kevin Binkly suggested; it might help you.

By Andrew on Feb 27, 2008 | Reply

Did you guys try to uninstall XP Antivirus 2008 from the control panel? That’s normally how I uninstall a program. Good luck ya’ll!

By stephy on Feb 27, 2008 | Reply

I downloaded XP Antivirus 2008 by accident. Can anybody help me removing it? Please email me.

By mer on Feb 28, 2008 | Reply

hello. i got a call about xp anti virus 2008 a while ago and customer said she cant remove that pop up and i just learned from this website that xp anti virus is actually not an anti-virus program,just a counterfeit. thanks for the info!

By ruth m witte on Feb 28, 2008 | Reply

I cannot rid of XP Antivirus..with help of tech..

By Rhonda on Mar 1, 2008 | Reply

I’ve tried everything to remove this stupid xp antivirus 2008…….Can someone please help me, I read where it’s a rogue and my computer is new so I don’t want it to crash. Is there a safe way to get it off?

By TomT on Mar 2, 2008 | Reply

Rhonda, this ‘virus’ showed up on my PC today 3/2/08 and it was obviously not something I wanted on my PC. To get rid of it I typed ‘regedit’ at the run command, then opened ‘hkey current user, software and deleted ‘xpantivirus’. Then typed msconfig at the run command. Went to startup and unchecked ‘xpa’. Then went to C:\program files and found xpantivirus and deleted it. This took care of it for me. Give this a try.

By Beverly on Mar 3, 2008 | Reply

I just got my computer back. And I got a warning. Since I run xp I thought I needed to click on the warning. Doing so downloaded XP Antivirus 2008. What a bummer. Now I can not get rid of it any suggestions Thank you for your timew!

By Beverly on Mar 3, 2008 | Reply

TOMT you are the best. It’s all gone. God Bless YOU!!!
It was driving me nuts. I am going to email an alert to all my friends of that crap. Thank again

By swagsx on Mar 3, 2008 | Reply

cheers tom t it worked for me

By stephon on Mar 4, 2008 | Reply

It’s weird. I didn’t install XP Antivirus 2008. How can I uninstall it?

By Ryan on Mar 4, 2008 | Reply

Tom,

Thanks for your suggestions, I did exactly as you said and was able to delete it. I now have the user who had this issue running a full scan with REAL AV software, NIS2007.

Ryan

By Brian on Mar 4, 2008 | Reply

Many thanks to TOMT – restored my sanity!

By Rose Diaz on Mar 4, 2008 | Reply

I downloaded XP Antivirus by accident.Can anybody help me removing it? Please e-mail me. Thanks

By Cheryl on Mar 4, 2008 | Reply

Hi TomT.
I’ve gotten to msconfig at the run command. Went to startup BUT can’t find the XPA.
Any thoughts?
Desperate.
Thank you.

By MARY on Mar 7, 2008 | Reply

CAN ANY BODY HELP ME PLEASE? I DO THE SAME MISTAKE DOWNLODED XP ANTIVIRUS BY ACCIDENT.
THANKS..

By Michael B. on Mar 8, 2008 | Reply

Tom T’s removal of xpantivirus worked great. One thing to add, I could not delete the xp antivirus file until I dragged it from the hidden files to my desk top and then put the computer in safe mode. Then it allowed me to delete it from my desk top.

Thanks Tom

By Tammy on Mar 9, 2008 | Reply

Please help me Micheal B. I’m almost there…i’ve been following the directions to a “t”. However, i get an error msg when i try to delete it from the program file and now my desk top. How did you get ur computer in safe mode?

Thanks a million

Tammy

By Juan on Mar 9, 2008 | Reply

TomT thanks for the advice it really helped and I was also able to get rid of Malware. Thanks alot becuase that virus was starting to bug me.

By shaz on Mar 9, 2008 | Reply

TomT you are an absolute star, if i could give you some sort of good karma for this i would….thankyou ever so much

shaz

By Tammy on Mar 9, 2008 | Reply

Hey TomT………I finally got it!! ur a cyber saint I tell you! God Bless you! Keep up the good work!

Another thankful person!

Tammy

By Jimbo on Mar 9, 2008 | Reply

Tom T is “TOM TERRIFIC’. His instructions on removal of this pest were TERRIFIC. One additional thing tho…… you should do a FULL SYSTEM SCAN with your Anti-Virus tool (McAfee/Norton) to remove any residuals on your system. KUDO’s to Tom T. You are the greatest!!!!!!!

By Marsha on Mar 10, 2008 | Reply

Somebody Plz help…trying to get rid of that XPAntivirus. I have tried going to the run command and tpye in regedit and then select hkey current user . but did not find the XP there so i have not gone any further

By Marsha on Mar 10, 2008 | Reply

OK every body needing to uninstall XP Antivirus. I was so frustrated I went to the XPAnti website and asked for the removal software. It is gone now and I hope it stays gone and is not hiding on my computer.

By willem on Mar 10, 2008 | Reply

this xp antivirus like a predator in my notebook
i’ve tired and stressed coz i can’t removed it from my pc. i’ve already remove it from control panel>>add/remove program but doesn’t work.
anybody can help me solve this problem?
Thanks before..

By Spataru Florin on Mar 10, 2008 | Reply

what is the registration key and e-mail,please.I d’ont know

By Justin on Mar 10, 2008 | Reply

Um, two of the dll’s these instructions tell you to remove are Windows files:

shlwapi.dll
wininet.dll

Granted, they might have been replaced by contaminated versions, but don’t just read these instructions and start deleting those files willy nilly.

By Richard Cunningham on Mar 11, 2008 | Reply

Your unwanted pop ups are unsolicited and I don’t want them. I had absolutely no problems whatsoever until you came along and all you’ve done is slow down my computer. I have appropriate protection and there is no way I would now buy your product. Since I’ve found it impossible to delete your garbabe I want you to get it off NOW! You have caused a great inconvenience and it’s an invasion of privacy.

By Elba on Mar 12, 2008 | Reply

I got this virus too and it was almost impossible to get rid of it until I found this post, it really worked.

By Elba on Mar 12, 2008 | Reply

Juan, how did you get rid of the Malware?

By frndlyplady on Mar 12, 2008 | Reply

TomT is THE MAN!!!! it is finally gone..yippee…what a nasty viral program that xp antivirus 2008 WAS! and was is the operative word thanks to TomT, whoever and wherever you are..i think I love you.

By Kevin on Mar 12, 2008 | Reply

Marsha, my situation is like yours. I followed the instructions suggested, but there was no ‘xpantivirus” listed to select. I will go to the XP Antivirus website to get removal software. Thanks to ALL of you. I hope this works.

By Sue on Mar 12, 2008 | Reply

I too have xp antivirus BUT I do not find it in the HKEY Current User file. I have looked everywher.What now?

By alberto on Mar 12, 2008 | Reply

Your xp antivirus trial is popping up in my computer every thirty seconds I can’t remove it. The xp antivirus trial is telling me to buy it I tried deleting it and I can’t I need you guy’s to tell me how to erase it. Give me your phone number so I can contact you.

By Vivienne Darden on Mar 14, 2008 | Reply

XP Virus 2008 has attached itself to my computer and I don’t know how to get rid of it. HEEEELP!!!

By Willie Germishuizen on Mar 16, 2008 | Reply

Please help me to get rid of XP Antivirus.It interferes and pops up all of the time even as Iam typing this letter. 16 march 2008

By Marsha on Mar 17, 2008 | Reply

Go to the XP website and get the removal soft ware they really arent a Virus I guest they are just trying to get you to buy the full version of there software. I dont have the problem any more. Like I said got to the website and follow the removal instruction.

By Dickson on Mar 17, 2008 | Reply

We just got rid of this “program”. We went into task manager on Windows XP and clicked on processes and deleted xpa.1501.exe, and the program disappeared. We hope it is gone for good. It took us around 5-10 minutes to figure this out using this site!!

By CHRIS on Mar 17, 2008 | Reply

TOM T YOU SEEM TO BEE THE PERSON TO TALK TO.
I HAVE THIS XP 2008 ANTIVIRUS, HOW DO I REMOVE IT?

By Guy on Mar 17, 2008 | Reply

DO WHAT TomT says at the third or fourth post. It worked beautifully. Thanks Tom

repost
Rhonda, this ‘virus’ showed up on my PC today 3/2/08 and it was obviously not something I wanted on my PC. To get rid of it I typed ‘regedit’ at the run command, then opened ‘hkey current user, software and deleted ‘xpantivirus’. Then typed msconfig at the run command. Went to startup and unchecked ‘xpa’. Then went to C:\program files and found xpantivirus and deleted it. This took care of it for me. Give this a try.

By jackie on Mar 17, 2008 | Reply

to dickson-I am a novice with this. can you be more specific as to how to get into task master on windows XP. I certainly would appreciate it. Thank you in advance.

I tried Tom’s approach but could find no xpanti in the software. Anybbody any suggestion?

By Jessica on Mar 20, 2008 | Reply

Tom Said
“Rhonda, this ‘virus’ showed up on my PC today 3/2/08 and it was obviously not something I wanted on my PC. To get rid of it I typed ‘regedit’ at the run command, then opened ‘hkey current user, software and deleted ‘xpantivirus’. Then typed msconfig at the run command. Went to startup and unchecked ‘xpa’. Then went to C:\program files and found xpantivirus and deleted it. This took care of it for me. Give this a try.”

I tried that,i got to the ‘hkey current user’ but it didn’t say ‘xpantivirus’ it says default…okay i have no idea what i’m doing and this stupid thing is driving me crazy..anyone have any suggestions? seriously i need help..i’m about to kill someone.

By casey on Mar 21, 2008 | Reply

I downloaded a codec program from CNET site…
and guess what…?
got the XP Antivirus 2008 bug…
tried to get rid of it…ha ha…
i couldnt.
all the “free” virus killers…you have to pay ….
i think this is all a scam…
anyhow…
i found altools.co.kr
got rid of it…cleanly…and free..
(only in korean)…

By Jessica on Mar 21, 2008 | Reply

I think i finally got rid of this stupid thing.After reading through all the adive and tips everyone gave,i do believe it is finally gone..well we can hope anyway.For those that still have it on your computer these are all the things i did..i hope they work for you..

I went to start, then search, then i typed in Xpantivirus, and don’t forget to check hidden folders.Basically got rid of anything and everything in every file and folder than said pantivirus, and i also restored my computer a couple times. The first time i restored it,i restored it to march 16, i thought i got hit with the virus on march 19th so i figured that would be good.But it didn’t work so i restored it to march 15th the second time and i thought it worked but then i saw that the XP Antivirus 2008 was now on my desktop which i had deleted off of there like yesturday and then when i couldnt get it off my computer that’s when i realized it was a scam.So then i went into start and saw XP Anti Virus 2008 and it had an uninstall option and i uninstalled it and it is now gone from my desktop and the stupid icon that was on my taskbar is gone…so i think it did work..so i thank anyone and everyone who put there advice on here..i very much appreciated it.
I hope the rest of you are able to get this nasty thing off your computers…i was ready to kill someone yesturday…so i know how you feel…i know that was all a long ramble but i hope my advice works for the rest you..

By hozefa on Mar 24, 2008 | Reply

alt ctrl delete go to processes and end process the xpscaner program then go to C drive program files and delet the xpscaner folder ok…….

By Tina on Mar 26, 2008 | Reply

Tom T…..I love you!!!! It worked it worked….and I’m a dumb blonde. But one question…internet connection is still running slow…cable internet and it is usually BAM right there when I try to get on here….Thanks for any help.

By Ripley on Mar 27, 2008 | Reply

Tom, if you’re still reading these, thanks for your help. Thanks to your advice I have now removed the “XP Antivirus 2008.” I have one more question which I hope someone can answer. I keep getting a System Configuration Utlity message prompting me to launch the restore on the startup as I am now running in a selective startup mode. Is this a problem? Or should I simply ignore it? Thanks to everyone. Rip

By Tina on Mar 27, 2008 | Reply

Rip-I’m getting the same thing on my computer too…the system config thingy….I’m sure that happened when we took the xpa off but I don’t know how to fix it.

Also thought I’d share exactly how to do Tom T’s directions:
1. type regedit in the run command
2. open hkey current user and look for xpantivirus, it you don’t see it go to edit and to find and type it in. It was hidden in this area so that is the best way to find the dirty little sucker. then delete that file
3. type msconfig in the run command, then go to startup tab and uncheck ‘xpa’. only thing is when you do this it brings up the system config thing when computer starts up and I don’t know how to fix that.
4. type C:/program files and find xpantivirus and delete it there.
Now that is where Tom leaves it but I wanted to make sure I got it all….go to the search engine in start and look in all files (hidden especially). I found one last xpanitvirus hidden in there and deleted that one.

the only thing that I have left is the xp antivirus in the start and the system config.

If anyone knows how to get that off let me know.

And Tom and Jessica you don’t know how much I apprciate your help. I hope you read these.

By josephnikolai on Mar 28, 2008 | Reply

hey that xp antivirus SUCKS!!!

By Malene on Mar 29, 2008 | Reply

I cant delet the last xpantivirus that whas in C:/program files how do I put my computer in safemode?

By chris on Mar 30, 2008 | Reply

I recently ran into this issue on my Vista based machine. I got this random pop up and couldn’t ignore it and used the X to close it and next thing i know its installed and telling me i have a virus. i searched through the registry and couldn’t find it, even after searching through hidden files. so what i did was go into task manager and end the process then went to program files and deleted the program. ran a mcafee virus scan and all came back clear on that, so hopefully this thing is gone

By Tiffanee on Mar 31, 2008 | Reply

Thanks TomT, I followed your instructions and I got rid of the annoyance after failure upon failure. Once I found the XPA I unchecked the box then rebooted my laptop then deleted the file folder. ^__^

By Ripley on Apr 1, 2008 | Reply

Malene, to get your computer into the “safe mode:”
–Restart your computer and tap the F-8 key a few times when the Windows screen appears. When you get to the startup menu select “safe mode” and hit log in to your username. Then follow instructions after the black desktop loads.
————————————————————Has anyone (Tina?) figured out whether we should ignore the selective startup warnings or launch the restore? Thanks. Rip

By Lynna B on Apr 1, 2008 | Reply

Tom’s directions seem to work for mostly everyone, but I am still not able to find “XP Antivirus” under my software tab. I noticed other people had the same issue and no one has really answered that. Can anyone help me ? Thanks.

By Dallas on Apr 2, 2008 | Reply

Using the maual instructions provided go to start/run and type regedit. Once in the registry press F3/type in the first file referenced in the list e.g., type xpa.exe and hit enter. The registry will reveal if that file is in your registry. If it is delete it. I then exited registry and started the process over for each of the files listed. After completing the list the xp antivirus program still existed. I then went back into registry and went into HKEY_USERS/once there I checked each entry S-1-5-18-, S-1-1-5-19-, S-1-5-20-, and S-1-5-21-with a bunch of numbers following each. When I clicked on S-1-5-21-1176—–/software/microsoft/windows/current version/run, I noticed in the right window a series of files with one of them having …xpa_eng… in the string. I deleted that file and XP Antivirus is now completely removed from my system. Hope this helps.

By Realname on Apr 3, 2008 | Reply

Hey you know what, I have Yahoo! Anti-Spy and when I ran it, it showed XP”ANTIVIRUS”2008 AS A VIRUS! so I try removing it from yahoo antispy, and it’s gone forever. wow that’s easy

By SumGuy on Apr 3, 2008 | Reply

i was just mindin my own busyness when xp antivirus popped up on my screen sayin i hav tons of viri(plural virus?) spy ware, trojans, and crap so i ran another antivirus program (norton internet security system) and it sad i had 1 infected program out of over 200k. then 1 infected was xp antivirus. i also just downloaded spyhunter spyware detector and it found xp antivirus and 2 cookies. anyways…

xp anti virus is not made buy xp. its a fake that gives fake virus reports so that ppl will buy it. its a scam. u can tell its fake because real antivirus programs pick up on it. also there is no icon in the start menu and u cant right click the icon in the tool bar. because u cant right click it u can enable it. its a scam……. no du

By Taneshia on Apr 3, 2008 | Reply

I am tryin to get this XP” Antivirus 2008 off and I went to Run typed in “regedit” but I did not locate the xp antivirus….. what do I do….

By ellie on Apr 4, 2008 | Reply

I’m having the same troubles as everyone else.

TomT, where is the Startup located? No clue whatsoever!

Thanks.

By Marie on Apr 5, 2008 | Reply

why not reformat your computer to get rid of that viruses

By ellie on Apr 5, 2008 | Reply

decided to run hitman pro 2, worked like a charm, then ran smit fraud fix and that cleared it up.

followed to steps on what to remove and I think it’s all gone?

woo.

By Jack on Apr 5, 2008 | Reply

The XP Antivirus 2008 website’s support page has a FAQ indicating you can get rid of this software at the following link: xpantivirus .com/uninstall2008.exe. I ran this program exe and XP Antivirus 2008 was successfully uninstalled. I then ran a full NAV system scan to be safe. This appears to have worked. I am among those above who tried TOM T’s suggestions and did not find the specified files at regedit or ms config.

By Danny W on Apr 7, 2008 | Reply

I just spent the 29 bucks on SpyHunter, and it took care of that XP crap. I look at it this way, now I have protection from future spyware/malware that I am sure will happen again!! They are getting better at pissing us off.

By Octavice on Apr 7, 2008 | Reply

What you all can do to get rid of the headache is to go to yahoo antispy and detect it and it will deleted it like 90% of the chance

Good luck!

By Nashey on Apr 9, 2008 | Reply

Wow.. I am SO Glad I found this page! Lost net last night 3-8-08 round 10:30pm (due to my service people errors) teh same day this XP AntiVirus appeared on my computer..(I swear I downloaded NOTHING it was just there!) and I though ‘XP’ was sending me this alert cause something suddenly WAS trying to harm my computer… Well, After getting the net activated again I could not view ANY pages on the net, so I go to the library and look up XP antivirus and find nothing in results EXCEPT “How to remove”. I did not dare, personally, try the instructions on this page.. just seemed too much (for me, as I don’t know the technical stuff of comps at all) so I tried what TOMT said (Mar 2nd, 2008) and so far so good! I had to reboot the computer though, BEFORE it would let me remove XPAntiVirus from Program Files but still it seems to be gone! THANK YOU SO MUUUCH!

By aLI on Apr 10, 2008 | Reply

OK

By Mia on Apr 12, 2008 | Reply

HELP!! I have done everything that is suggested the dll files do not exist according to what I keep getting, also there are no .exe processes either. I am about to go nuts. I do not want to have to take this thing into a computer shop and pay big bucks. I downloaded the “free” spyware but to remove it ya have to pay for it. Don’t know how that is “free”

Someone please help me.

By Dracul on Apr 12, 2008 | Reply

Phanx TomT!

By Kayla on Apr 16, 2008 | Reply

okay!!! just like alot of others…i have tried everything and this is about to drive me crazy!!! PLEASE HELP ME!!!!

By patrick on Apr 18, 2008 | Reply

Hi,
What I did was use system restore. I restored my system to an earlier date, about one month before this malicious program appeared on my computer. Guess what? It worked–no more xp antivirus popups!!

By ice on Apr 18, 2008 | Reply

please help me to uninstall the XP antivirus because i can’t uninstall it in my computer .. it has some problem and I really need to uninstall it ..i was tried to uninstall it from the control panel but it don’t have in control panel….

By Mannix on Apr 19, 2008 | Reply

Man i need some help. i cant get Xp Antivirus 2008 to stop popping up on my laptop. It interfears with my World of Warcraft game play. Could somebody pleeez help me, if you do i will love you for the rest of my life.

By shel on Apr 20, 2008 | Reply

hey m stuck wit tis damn anti virus 2008 plz help me to get rid of this sumhw

By T on Apr 21, 2008 | Reply

I did what Patrick said and did a system restore. It has worked so far. Thank you Patrick.

By Grant on Apr 22, 2008 | Reply

My other spyware/antivirus found it and quarrantened it. I am following these instructions and removing the files listed. We’ll see how it goes.

By BamaBright on Apr 28, 2008 | Reply

With all this aggravation we’ve all been through to get rid of this XP Anti-Virus 2008, the solution was right under our noses. When that program opens up click on the “Help” button and after that pops up and you scroll down a bit you will see where it asks if you want to uninstall the program. Where it says “download” in the sentence (thats a link to click on)..it will uninstall it if you install the uninstaller. Hope this helps others like it finally did me. God Bless.

By VinZ on Apr 30, 2008 | Reply

thank you very much 4 d help… wtf wrong with that. i ddnt install it .. it suddenly appeard on my pc… errr!!

By Kev-O on May 1, 2008 | Reply

Just uninstalled with their software. Seemed to work. Took a lot of searching and reading to find it. Here is the link. Good luck! http:// xpantivirus .com

By savannah on May 1, 2008 | Reply

i did the thing tomt said but i have a question, i can’t find it after i go into because i get all the way to current user but i can’t find where it says the xp to delete it, can someone please instruct me what to do next?

By winsome on May 5, 2008 | Reply

i tried to uninstall XPA from the control panel, yet it doesnt work. everytime i turn on my pc, XPA will pop-up then start scanning automatically. ;(

By r0n1n1d0 on May 6, 2008 | Reply

To Ripley and Tina (and anyone else),

To disable the “System Config” message at startup, next time you get the message, look in the lower left corner of the message window. There should be a check-box that says something like “Do not run the system configuration utility or show this screen at startup”. Just check that box and click “Yes” or “Apply” or whatever it says, and you won’t see that at startup anymore.

By Nick on May 6, 2008 | Reply

r0n1n1d0,

Yes, so it doesn’t display on the startup, but it is still an option on the system config. Even though I have deleted everything it still displays as an option. I want to get rid of that option, though I do not know how. If I do get rid of that option, there won’t be any trace of Anti-virus 2008 on my computer, which is what I desire.

Any help?

By TTT on May 6, 2008 | Reply

what if i have something called antivirus 2008

By Sam on May 7, 2008 | Reply

I found the xp antivirus 2008 in my program files and i did all of toms steps and cant delete the damn thing help please!!!!!!

By Oogii on May 7, 2008 | Reply

Hello? I`m greeting from MONGOLIA which is located between the CHINA and RUSSIA.I`ve run the XP Antivirus 2008 and scan my PC. but i couldn`t remove that all virus.it wants Registration number but i dont have that number. Please mail me!!!! pls! HElP ME.

By Holly on May 7, 2008 | Reply

Just follow Tom’s instructions above–it just worked for me.

By Allison on May 8, 2008 | Reply

Umm… Hi people um…. Tom T when I tried deleting it and I’m almost in the Brink of deleting it a pop up suddenly came out and said “cannot delete close the file something blah blah blah” can somebody please help with this piece of crap!

By Michelle on May 9, 2008 | Reply

I need help getting rid of this antivirus 2008 thing!! Help me

By angel on May 10, 2008 | Reply

o.k. i need magore help PLEASE someone i havnt downloaded the virus but i cant rid the pop up. my whole family is sleeping and if my bro thinks i downloaded a virus on his pc he’ll kill me. so PLEASE help i just need to get rid of the pop up befor my bro wakes.

By mike w. on May 10, 2008 | Reply

I was able to remove anti virus 2008 by restarting my computer in safe mode.Press f8 several times while the computer is restarting,use arrows to select safe mode press enter. After your in safe mode go to (my computer)select c drive and then program files. You can now delete the 2008 antivirus file.Restart your computer in normal mode. Hope this helps…….. Mike.

By jm on May 10, 2008 | Reply

try system restore

By rove on May 11, 2008 | Reply

please can somebody help me removing this ……..xp antivirus 2008.it drives me crazy.please wright to me…thanks

By matt on May 13, 2008 | Reply

Go to START, PROGRAMS, ASSESSORIES, SYSTEM TOOLS, SYSTEM RESTORE. If fixed it for me!

By bill merkel on May 14, 2008 | Reply

i DON’T KNOW HOW THIS STUPID ANTIVIRUS2008 GOT INTO MY COMPUTER. i WOULD SURE LIKE TO GET RID OF IT.

By Shane on May 14, 2008 | Reply

This Antivirus 2008 WON’T GO AWAY!! everytime i go to youtube and search a video it says that it unprotected, and it gives me the option to “continue unprotected” and it does nothing when i click on it. its annoying the s**t out of me!! i now that its fake and im not going to buy into it, i got Norton anyway. SOMBODY HELP ME!

By leec on May 14, 2008 | Reply

go 2 control panel then select change start up program.then you should be able 2 delete the dam thing.leecc@live.co.uk. be happy 2 help

By Collin on May 18, 2008 | Reply

I uninstalled XPantivirus on my PC by searching for the “Uninstall XP Antivirus 2008.lnk” file and opended it then it was uninstalled successfully. Thanks to the one who post that instruction. GOD BLESS!

By Darrel on May 19, 2008 | Reply

Idid the above it said it was removed Time will tell
it seens to easy and file size was small was it only short cut?

By Lt Llama on May 24, 2008 | Reply

I followed Tom T:s instructions but it seems the developers of the malware have renamed it to something called “Antivirus” instead of “XP Antivirus” sinc he posted his info. The uninstall instructions have to be updated according to this. So follow Tom T:s instructions.

But I started by pressing ctrl alt delete and stopped the “antivir” something process before going on to regedit, msconfig and deleting the folder.

By sick of this on May 24, 2008 | Reply

i accidently downloaded the XP Anitvirus 2008 and it was one of the worst mistakes i’ve ever made. i’ve even tries to remove it and i cannot get rid of it and it’s driving me insane! what is the most effective way to get rid of this counterfit??? any tips or instructions??? thanks!!

By robin on May 24, 2008 | Reply

I’ve got a virus that I can’t find with McAfee. It keeps yahoo and google from loading and activates a host of pop-ups all leading to antispywareexpert.com. Can anyone help me with getting rid of it

By warren on May 24, 2008 | Reply

26th May 2008. Tom’s instructions worked for me. Recommend if you have the same problem give it a go.

By Reyinn on May 26, 2008 | Reply

Robin,

Your problem sounds like either spyware or pop-up. There’s a virus that you can recieve by either 1) Going ot sites that endorse many companies, or have many pop-ups, or 2) Not going to those sites, so your computer becomes a target.

While I’m sure that problem is pretty bad for you, I advise looking that up under “pop-ups”. XP Antivirus does not specifically cause your problem.

Also: From what I’ve read and done, this was the way that saved me.

1. Open “run”.
2. Type “regedit”in the command box.
3. Open H_KEY_USER

By auntie15 on May 26, 2008 | Reply

Got to the end of TomT’s instructions, so far so good, then in the C: it states “Cannot delete Antvrs.exe: Access denied. Make sure the disk is not full or write-protected and …” How do I get it out of the read only stage? Thanks for any help!

By MS on May 27, 2008 | Reply

TomT THANK YOU!!! I was working on a project when the blasted program showed up and installed itself after I had tried to close out of the window.

THANK YOU, THANK YOU, THANK YOU, THANK YOU!!!

By memyselfandi on May 27, 2008 | Reply

i followed april 28, 2008 by bamabright and it worked like magic! so easy just click on help and then on uninstall abit further down in the write up. no luck needed, it really worked. thanks bama bright for your info!

By Mar on May 27, 2008 | Reply

Tom T.
Thank you so much! We had just reformatted our computer a month ago, then this awful XP antivirus showed up a few days ao. Your advice worked like a charm..those annoying pop ups are gone. Thanks for your help!

By MW on May 28, 2008 | Reply

I was enjoying internet time and suddenly i got this load of shit on my computer without any warning it just started loading. i went to task manager and found it on process and clicked end process. im asking can i be sure that its off my computer or should i be worried?

By KH25 on May 31, 2008 | Reply

do u have to pay for it??????????? and how can i call the XP antivirus company????????/

By al ameen on May 31, 2008 | Reply

i want remove antivorus 2008 from my pc, when i wen for down load thats time its loded

By nathan on Jun 1, 2008 | Reply

i deleted all of the xpantivirus software but i can go to the websites it keep saying “your computer probably has spyware,….. i need help how do u get the pop up away, plzz someone

By Sandra on Jun 2, 2008 | Reply

I followed BamaBright’s instructions, easy as….and I’m computer illiterate.U have to download the uninstaller from the help menu in the program,sounds scary to think u have to download something else from that crap but it worked instantly, no more probs. I tried to follow Tom’s advice, it’s a little complicated, It didn’t get rid of every little hidden file and I had to download the whole piece of shit again to get to the “help” menu, then scrolled down and found the download for the uninstaller…BINGO! worked instantly.Thank you everyone for ur advice

By sai on Jun 3, 2008 | Reply

Stop the activity of antivirus 2008 by killing the process with taskmanager( its an antv…exe), then using regedit navigate to antivirus, under software and remove the corresponding antivirus entries, there are written ant… something, then go to c drive then program files and delete the folder antivirus 2008, then you wont have problems again, email me if you face any difficulty with this.

By susie on Jun 3, 2008 | Reply

ok I am a real computer illiterate here. I got the antivirus pop up I did not download I don’t think or at least when it asked for money i hit cancel. However I can not make it stop with the pop up. I read the directions on how to take it off by Tom and I can not find it when I get to hkey current user there is no xpantivirus there. I went to msconfig to see if I could find there and no go. I tried Marks but when I get to the command all I see is my documents and it will not go any further. I am at my wits end and I did not have too many to start with….HELP save my sanity.

By Crystal on Jun 6, 2008 | Reply

This xp virus protector is a total rip off i want my money back, but u can’t get though to customer service i wanta call the better business bureua

By Crystal on Jun 6, 2008 | Reply

This xp virus protector is a total rip off i want my money back, but u can’t get though to customer service i wanta call the better business bureua

By Bronagh on Jun 7, 2008 | Reply

AHH! It Win’t Lewt Me On Anything It Says EVERYTHING I Go on oint the internet it says its BLOCKED! >:[ Help!

By j dawg on Jun 8, 2008 | Reply

Tom is right it worked in five minuts for me because i too am challanged by computers. I wrote it down step by step and used copy/paste, the things i would add is that the list i got ofter `hkey current user’ was very long and found it toward the end. The msconfig thing startup is a tab at the top. I pasted that c:program thing because i can’t find forward slash. also my bug was antivirus2008 with no xp on it but it worked
thanks tom

By BETH on Jun 9, 2008 | Reply

how in the world do i get rid of this antivirus thing, i tried the contral/alt thing and it didnt work, it is messing everything up on my computer, i cant get into my yahoo games or anything and its making me mad please respond and/or remove it from my computer at home. not the computer i am on if you can just email me instructions that is fine…thank you

By abc on Jun 10, 2008 | Reply

hey this proggrames are fucking shit in the internet world its just like piece of shit

By GertBTrobe on Jun 10, 2008 | Reply

Has anyone got there money back on this shit. I got it at the bargain price of: Antivirus 2008 – 49.95 USD
AlphaWipe Tracks Cleaner 2008 – 34.95 USD
Premium support – 24.95 USD problem is, I was only buying the $49.95 piece of shit. The other pieces of shit where never mentioned, but damn sure showed up in the email. Reporting to BBB won’t do any good, the neglegent company has to be a member of BBB before reporting it means anything.

By greg on Jun 11, 2008 | Reply

i deleted xp antivirus pro 2008 =p
now this is how i did it
1.open any file
2.on the top of the file it should say C:\”fileyouopen now you delete that out and type in this C:\Program Files
3.look for the program and delete it
might not work because the program is open so what you do is restart the pc
and then onces the pc starts open the file and do what i write and it should come off.
now i dont know about the little red x sign i still having problems with that im workig on it now
hope it works for ya!=p
=x
=]

By keii on Jun 12, 2008 | Reply

i d.l this one by accident too and deleted the files but the antivirus sign still comes up and blocked my IE too T___T any help?

By chris on Jun 12, 2008 | Reply

TomT’s advice works fine. If u don’t see xpa when u go to msconfig, startup, don’t worry, just go to c:\program files and delete the xpantivirus folder. u may need to go to ctrl-alt-delete, task manager, application and or processes to be sure the program is stopped before u can delete that folder. worked for me.

By Ray on Jun 15, 2008 | Reply

BamaBright is Right!!!!
The unistaller is built into the Help info if you scroll down far enough. Click link to install the unistaller and Hey presto! no more shit on the screen.

By Rich on Jun 15, 2008 | Reply

This horrific virus has hijacked my desktop and locked me out of such functions as Task Manager, Registry Editing and Search.

Any suggestions for removal around these constraints?

By Rick on Jun 16, 2008 | Reply

Where is the “help” menu in the Antivirus 2008 xp?

By Mad Shade on Jun 16, 2008 | Reply

PLEASE PLEASE ANYONE OUT THERE HELP ME GET RID OF VISTA ANTI VIRUS FROM MY COMPUTER

By marvin pledgerantivi on Jun 17, 2008 | Reply

I WONT YOU SON OF BITHES TO STAY OFF MY COMPUTER IF YOU DONT I WILL SUE .I HAVE DONE THAT TO 2 OTHER SITES .SO KEEP YOUR SHIT OFF MY COMPUTER OR YOU WILL PAY .I BOUGHT ME A HOUSE AND A CAR FROMTHE OTHER

By Maria on Jun 17, 2008 | Reply

I opened the task manager and then removed antivirus.exe. This worked for me.

By Kelsey on Jun 20, 2008 | Reply

i accidently installed this thinking that i needed it for security reasons. boy was i wrong. now i cant seem to get it gone. when i go to remove programs its not there. this is the ONLY way i know to get rid of stuff like that. it is driving me crazy that i cant get rid of it. so PLEASE someone who knows exactly how to get rid of it HELP ME! i am by no means computer savvy so i would need detailed step by stpe instructions. any help would be greatly appreciated!!

By Kristen on Jun 21, 2008 | Reply

Eff my life. This is a new labtop and I can’t open my control panel now.

By Damien on Jun 22, 2008 | Reply

Thank-you so much, I’ve been trying to get rid of XP Antivirus for ages, and I even tried the “Uninstall” option that this program provides witch doesn’t work.

By T on Jun 22, 2008 | Reply

i was able to remove antivirus xp 2008 but im unable to change the desktop background that it placed
when i go to display properties the Backround option isnt even available

anyone else have this problem or know how to fix it
ty

By Terri on Jun 22, 2008 | Reply

This xp antivirus popped up and said I have 68 infected items. So I went to download this and now my other antivirus says it found a infected file on xp? I spent money on this damn antivirus and this is the shit I pay for? Why can we live in a safe world?

By allen_gurl on Jun 23, 2008 | Reply

i love you tom. u r such an angel. keep up the good work and god bless u always!!!

By John on Jun 23, 2008 | Reply

This is how I got rid of Antivirus XP 2008. It is different than the XP Antivirus 2008 most sites refer to.

First you need to stop the program from loading on startup. This is what you do to stop it:

Start, run

Type msconfig

Go to Startup tab

Uncheck lphc35dj0e1an
Uncheck rhc75dj0e1an

Click apply, then ok
Restart computer

Then you need to delete the main files this program uses. Delete the following files:

C:\windows\system32\lphc35dj0e1an.exe
C:\program files\rhc75dj0e1an\rhc75dj0e1an.exe

This should remove the program from your system but you probably still have a warning message displayed as your wallpaper in Windows and the virus removed the ability to change the wallpaper or your desktop settings.

To restore ability to change your desktop settings and select a different wallpaper and screen saver do the following:

Start, run

type Gpedit.msc

Navigate to User configuration, Administrative Templates, Control Panel, Display

Right click on Remove Display in Control Panel
Click on Properties and select Disabled

Do the same steps to change the following attributes to disabled:

Hide Desktop Tab
Prevent changing wallpaper
Hide Apperance and Themes tab
Hide Settings tab
Hide Screen Saver tab

You should now be able to use your computer normally and change the wallpaper to

something other than the warning message Antivirus XP 2008 set it to.

By Allen on Jun 23, 2008 | Reply

OK. I’ve followed every step on every post. Ive got Ultimate Antivirus 2008. thats what the shortcut said. I deleted that. And by doing other things ive gotten everything but the pop up at the bottom deleted. However, my computer just shuts off if im not under safe mode, and even when I am under safe mode, it still does when i use the search feature or a few other things. Also, i did delete antivirus2008 and antvrs unde HKEY CURRENT USER. I cant find the program in the process menu, and i cant find it in the program files. i also can not find anything under msconfig. I am thinkin i have a new version with different naming. im going to mess around with the start up config. any help anyone..if you need any advice i can only tell you what ive done but thanks to everyone so far!

allen

By May on Jun 23, 2008 | Reply

hey john, I did what you did… and it looked like it worked (it stopped popping up when I restarted) but I can’t revert my desktop background/screen saver… etc with your Gpedit.msc.. any ideas?

Oh, and one more thing,
the lph_____j0e file changes its name (it might be different for every computer) so I found the two files through looking at my task manager’s processes… (the names are really obvious)

but I was wondering, because I got lazy and only typed in the first few letters (like lph3fs) and it gave me a few files, I deleted the exe files and then I saw the unknown files and screen saver files.. should i delete those as well?

By Billy Jr. on Jun 24, 2008 | Reply

The file names were a little different on mine as well, but similar. The first part of each, lphc and rhc were the same but the rest of it was different. The gpedit.msc did not work for me either. I found some files and was able to delete them and got rid of the warning message wallpaper but I just have a blue screen background. If I try to set an image as background, its just a little pic in the center of the screen!?

By Alice on Jun 24, 2008 | Reply

I did exactly as John advised and got rid of it!!! Thanks John

By Christine on Jun 24, 2008 | Reply

I’m pretty sure I managed to remove this wonderful little bug through a series of chants and various voodoo rituals before I finally found John’s advice… I got to the part where I type in “Gpedit.msc” and I get an error box telling me it can’t find it. I tried it on my office computer and it pulls up fine… is that another side effect of infection? How can I get my screen saver & background back without Gpedit.msc?
Thanks for any help!

By Matt on Jun 24, 2008 | Reply

John, thank you so much, your steps were the final ones I needed to completely rid my computer of this virus. I’d get pretty far on my own finding everything and deleting them, but you helped me get the last few files. And nowhere else could I figure out how to fix my desktop background but it works. Thanks again, you’re the man.

By Kim on Jun 24, 2008 | Reply

I got the virus the other night. After reading through the entire blog I believe I wiped out all the files thanks to everyone’s input. However, it is still blocking me from IE.I attempted to run a few so called FREE downloads, however when I run them they find some of the hidden lingering virus files but then wants me to register and purchase to continue to remove the dirty B’s. Knowing my computer is infected I am hesitant to do so. Has anyone else had this experience? I’m running XP on a Lenova lap top.

By Kunal on Jun 24, 2008 | Reply

I started my net and guess what ????? antivirus infected my comp

By Jacob on Jun 25, 2008 | Reply

Ahhh… when I deleted the lphc file, it was an application and not an exe file…. I can not find it anywhere else on my computer.

What should I do? Leave it?
I can’t find anything else that is similar in name.

By Adam on Jun 25, 2008 | Reply

Likewise, I appreciate everyone’s input. I have successfully rid my PC of everything but the Internet Explorer message. Please let me know if you have figured out what file this is. Thanks.

By Wayne on Jun 25, 2008 | Reply

THANK GOD I FOUND THIS PAGE. following john’s steps removed the virus. hopefully this nightmare will be gone for good.

By Adam on Jun 25, 2008 | Reply

Whole new set of issues this morning. Logged in and had 3 new antivirus icons on desktop. Same shield as the antivirus XP 2008. My programs had shutdown b/c a virus had been detected, ran ad aware and it deleted some worm virus. Anyone else run into this issue? What can I get to delete this thing completely? Badly in need of advise.

By bunky on Jun 25, 2008 | Reply

followed TomT’s suggestions and worked great. Had to do an addtional search on regedit using xpa and found the vav.exe file and the uninstall xp antivirus.lnk files in another folder. Once I deleted these addtional files computer back to normal.

By tyrt on Jun 25, 2008 | Reply

gtyuhyjytjyrt

By sns on Jun 25, 2008 | Reply

John I desperately need your help. I dont know if the virus is still on there. super anti spyware deleted most of the stuff. I also manually deleted the files out of my program. I couldnt find the .dll files or the ini files in the command prompt so i figured they are deleted. my main problem is I dont have the option to get my backround back. WHEN I RUN Gpedit.msc it says it can not be found. Is there a manuall way to get the this administrative option to get my backround and desktop options back.

Thanks

By todd on Jun 25, 2008 | Reply

I tried John’s tip for getting rid of the wallpaper, but the only thing I have under admin templates is windows media player. any ideas? Everything else worked, though. Seems great.

By the way, in my startup, should the virus names still be there?

By Miss on Jun 25, 2008 | Reply

I had to go to regedit under the run command then delete vav and antivirus from the software under hkey current user. In addition I deleted vav under the window task manager and typed msconfig in the run command but the file was vav. I then was able to delete the vav file in the program files.

I pretty much used a combination of Tom T and John’s advice. I believe the names may be different for some.

By DAN M on Jun 25, 2008 | Reply

IF

By Mamy on Jun 25, 2008 | Reply

The new name for this virus is now Antivirus XP 2008!

By scott t on Jun 26, 2008 | Reply

WOW, none of this is working for me. No files in regedit, searched for all the file names associated in the C:, tried to find the .dll’s. NOTHING. I know i got it, i see it! Anyone know? I have the Shield Deluxe 2008 program and it dont even see it.

By chloe babe. on Jun 26, 2008 | Reply

Iv Tried Everything Iv Seen On Here And Nothing Has Worked. And it Has Muffed Up My Computer Big Time i Cant Get On Bebo Or Even The School Sitee For Homework.

SomeOne Please Help My Get Rid Of This Thingg !! x

By osama net on Jun 26, 2008 | Reply

thanks

By Win Pet on Jun 26, 2008 | Reply

Yes, this virus is now named Antivirus XP 2008. It’s even worst that it crashes my computer with blue screen after few seconds or few minutes from startup. I got no chance to do what suggested here. Has to start in Safe Mode, but what you can do in safe mode is minimal. The system restore files are also removed by the virus. Related filenames are name rhceba*. I removed them all from C: and from registry. Still no hope. Help please.

By Mike on Jun 26, 2008 | Reply

Dear all,

this is what I did,

Go into safe mode,

I clicked its icon on desk top(right click), and click on property—-click on find target—then you will find whatever its newest name now, mine is named by some kind of number, I guess they change the name so often so you can’t find it.

anyway, I delet the whole folder and restore my computer to a earlier time, I choosed 10 days earlier, then restart…………it is fixed.

By phil on Jun 26, 2008 | Reply

microsoft is pathetic. the best they could come up with was “it’s not our fault” my buddy was right, get a mac! meanwhile mircosoft has offered very little in constructive ways to deal with this virus. i am going to try many of the suggestions given here, and hopefully i will get free of vista antivirus 2008….

By nzdans on Jun 26, 2008 | Reply

Justin has a very good point regarding the likes of shlwapi.dll. I picked up this virus yesterday and with the help of this page and a few real anti spyware tools appeared to have it sorted. Unfortunately I did not read down to Justins post until now and removed (actually relocated and renamed as XP would not let me remove) shlwapi.dll and wininet.dll, after this the PC would no longer boot. I had 2 WD raptor drives configured in RAID 0 for my system drive which I have had to replace as I could not reinstall windows onto them even when installed sol(no RAID). Oh well, they were about 3 years old so probably time for them to go anyway.

By Win Pet on Jun 26, 2008 | Reply

I got BSOD a few minute after the reboot. Is this just a coincidence that something wrong with my system or caused/damaged by the virus?

By denny on Jun 27, 2008 | Reply

I can’t delete antivirus xp 2008, and I have no ideas what to do anymore. I am going to bring it to the FireDogs tomorrow.

By Kevin on Jun 27, 2008 | Reply

It would help if the instructions were for computer illiterates like myself. Where’s the run command? I’m reading all of these tip and I don’t even know where to start!

Damn this Antivirus XP.

By Donal on Jun 27, 2008 | Reply

Ok i did not download antivirus XP 2008. But i am getting the popups to download it and my desktop background has been changed to “Warning Spyware detected on your computer!” This happened me last week and i was able to remove it through system restore, but this time i have no restore points. System Restore should work for most people. Anyone able to help me? I tried to follow Tom T advice but i cant find the file in the hkey current user, software to deleted ‘xpantivirus’.
Help Please.

By Raewyn on Jun 28, 2008 | Reply

Thank you so much TOMT,
I had tried many a suggesions on thi site, it’s taken me 4hours to fully delete everything to do with that stupid xp antivirus crap, if only i had of read your comment first.
Hopefully these directions help people, as TOM T yours would be hard to understand for someone not use to comp talk.
Step 1:
Click on start button, select Run and enter “regedit” and press ok, this should open a box named “Registry Editor”
Step 2:
On the left hand side find under the computer section a file named “HKEY_CURRENT_USER” In here you should find a file called “Software”, click on it, find folder called “XPantivirus”, then right click on it and delete.
Step 3:
Click on Start button, select Run and enter “msconfig” which will bring up a box called “System Configuration Utility” On the top tabs click on “Startup” go down the list and un-tick “Xpa” Do not re-start till the end.
Step 4:
Go to start button, go to “Search”
Click on “All files and folders”
enter “Program files” click on the folder, scroll down the list till you find “XPantirus”, right click and delete the file. This should do it.
Then Restart ya comp
“Good luck”

By jam on Jun 28, 2008 | Reply

i just want to clear all the virus present in my computer coz i dont use it nicely….

By Sunny on Jun 28, 2008 | Reply

My granddaughter said, “Hey, Nana! Look at this cool stuff… and it’s free!”

That night, my computer contracted the AntiVirus. I tapped into this blog and did everything suggested until the wee hours of the morning but to no avail. (Even in System Restore, there were no dates in bold to back up to!) I realized I had a new version of the Virus. At 4 AM, I decided to get some sleep and work on it in the morning.

The next day, to my shock and horror, my computer couldn’t even properly boot up, not even in Safe Mode! My husband, however, found that when trying to boot the system up in normal mode, if you hit alt control del, it will get it to complete booting up.

My solution was to spend the money on a fix provided by my virus protection company. But wait! Why hadn’t their ‘best of breed’ protection taken care of AntiVirus in the first place?

They explained that the virus may be obtained by being in questionable websites (YouTube was on the list) and closing out annoying pop-ups by clicking on the X in the right hand corner. That ad may have a virus that is programmed to say that you’ve actually accepted the terms and conditions of what you’re clicking out of! Because the virus protection programs can’t distinguish what offers you really have accepted and what you haven’t and that’s how the virus gets in.

They advised that whenever you get annoying pop-ups, don’t click the X box. Position your cursor somewhere inside the ad and press the Alt key plus F4. The ad will close.

This virus almost destroyed my whole system in less than 24 hours. It’s nothing to toy with!

By Kevin on Jun 28, 2008 | Reply

yesterday I followed John’s instructions. It seemed to work, but now, things are worse. I can’t even access the run function or my C drive….it’s awful. My computer is screwed.

By Jeff on Jun 29, 2008 | Reply

I have done everything Tom said to in his post and things are mostly back to normal. What is not normal is my wallpaper which has a message saying I have spyware on my CPU and I need to load antivirus or spyware remover software. I have both. I’ll go into the Display Properties window and the tabs to change wallpaper and screen saver settings are gone. I only have the Themes, Appearance, and Settings tabs. How do I get rid of this wallpaper and get the tabs back?

By Kim on Jun 29, 2008 | Reply

I just got it in my dad’s laptop n since im a major klutz i really dont wanna go and delete those files”shlwapi.dll” cuz i’ll probably end up deleting something important so i was wondering isnt there some kinda software to remove the damn thing…

By FW on Jun 29, 2008 | Reply

Jeff,

Start –> ‘Run’ the “msconfig” command, which will display the System Configuration Utility. Select the “Launch System Restore” option and select a restore checkpoint prior to when you encountered the virus. This will restore your configuration prior to the virus being installed and should restore your wallpaper. It worked for me.

By Kenard on Jun 29, 2008 | Reply

I had the same problem where this “antivirus xp 2008″ got onto my system on the night of 6/27/08. I have Norton Internet Security 2008 and by the morning of 6/28/08 Norton had updated itself and found “antivirus xp 2008″.

It also found some other items that I believe were associated with it but were under different spyware/virus names. It removed it safely and I turned off the system restore to make sure that it wasn’t going to pop up again from a different file. I then restarted the computer and did another full scan to be safe.

I also did a search on the computer for “antivirus xp 2008″ and found the icons and folder which can then be deleted (Norton got rid of everything that was harming the computer).

When “Antivirus xp 2008″ gets onto your computer it will also change your desktop and won’t allow you to change it back in the display settings until this spyware is completely gone. This worked for me I hope it works for others because this thing was a pain in the neck.

By Maury on Jun 30, 2008 | Reply

Good day, all.

I appear to have a newer version of the antivirus xp 2008. It has hidden most of my commands, and has disabled my ability to run taskmgr, regedit, any of the commands listed in this thread. It has blocked my ability to do start/run, so I cannot try the msconfig.

Next?

By ash on Jul 1, 2008 | Reply

Hi everyone,

I’m having the same problem as Maury. I have a newer version. Can’t hardly do anything. about it. except i can run my regedit and msconfig and xpantivirus won’t show up at all but its still on my laptop. It still shows it in my programs folder and when i delete it, it just reinstalls. I don’t know what to do, its making my laptop run at the speed of a snail. It took my laptop fifteen minutes this morning to completely boot up. Help please! ;-;

By T on Jul 1, 2008 | Reply

To get your desktop/screen saver tabs back, create these registry entries with values of 0:

In:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

create:
1) a REG_DWORD entry called NoDispBackgroundPage
2) a REG_DWORD entry called NoDispScrSavPage

As long as their values are both set to 0, your tabs will be back.

By shaban on Jul 1, 2008 | Reply

i need yours help! i don’t have key or license ! how i can get it?

By Paul on Jul 1, 2008 | Reply

Please help. When I goto misconfig then startup I can not find “XPA” to uncheck but I do see “Antvrs” Should I uncheck this and continue the process? I am not very computer savvy so I am hesitant to delete things without knowing? Any advise is greatly appreciated.

By Jeff on Jul 1, 2008 | Reply

Ok, I did the suggestions by Tom, then couldn’t reset my screen saver or wallpaper since the tabs were gone. I then tried the restore suggestion by FW but the only restore points were on the day I got this stupid virus and the day after it. I selected the day of hoping it was before my CPU was infected. No dice! All icons showed back up. I restored back to today and I am back to not seeing any files related to XP Antivirus 08 (no icons, .dll, etc), but I still don’t have the tabs to modify my screen saver or wallpaper. HELP!!!

By T on Jul 2, 2008 | Reply

Jeff look at my Jul 1st, 2008 at 4:15 pm post.

By Jeff on Jul 2, 2008 | Reply

T, you ROCK! I now have my screen saver and wallpaper back!!! Goodbye stupid message, hello pictures of my baby boy!!! Thanks again!

By Spencer on Jul 2, 2008 | Reply

There’s an extra weird program that came up with all of this!

A toolbar has magically added itself when this whole thing struck, which is an extension of that same program! Not only that, any IE window I try to open up tries to automatically redirect me to the XP 2008 thing and gives me a warning. I can’t even trust if THAT’S fake or not either so I just disregard it and manually go to my homepage.

The toolbar is called nqgpedlr and a search through the computer brings up its .dll file, but I can’t do anything with it! Please help! [email me back maybe?]

By Lori Janiec on Jul 3, 2008 | Reply

I have this same toolbar in IE. Also, it seems to have attacked some of my other programs such as adobe photoshop because I can’t open that up either.

I don’t have the xpantivirus files I have a new version since it happened last night while trying to download a song. I have disabled it, but it still shows up in my STARTUP (when I run Msconfig) The files seem to be crypted with alphabet soup. One starts with “L” and the other “R”. Also, my windows settings are messed up. I will try the above suggestion when I get home tonight.

In the interim, does anyone know how to get rid of the ie toolbar? I can’t seem to delete it.

By Tam G on Jul 3, 2008 | Reply

Tom I have completed all of the instructions that you entered in the blog. However, I continue to get the warning page that blocks me from viewing when surfing the web. So you have any suggestion?

By ED on Jul 3, 2008 | Reply

I followed TomT’s advise from back a few months ago and the file name has been changed to “rhcc38j0eafg”. I couldn’t find it in hkey current users but it was in my startup file and I unchecked it and IT worked.

I also purchased real spyware software from MaxSecure and checked cookies files etc and I was totally infected by all kinds of BS.

Thanks TomT

By biggriff on Jul 4, 2008 | Reply

Did a system restore and got rid of it

By josh bidwell on Jul 5, 2008 | Reply

can anyone help me get that stupid antivirus xp 2008 shit of my computer?????????????

By R.S. OREM on Jul 5, 2008 | Reply

WHY HAVEN’T THE PEOPLE RESPONSIBLE FOR THIS BEEN ARRESTED ?

By TJ on Jul 5, 2008 | Reply

‘Cause those guys are from places like Siberia… it sucks that there’s no laws to put those bastards in jail.

By mattyc on Jul 6, 2008 | Reply

Im also having same problem. followed tomt’s instructions but cannot locate any of the files. anyone know if the names have been changed again? rhcc38j0eafg also cannot be found in msconfig

By Ram on Jul 6, 2008 | Reply

Thanks to John’s post on Jun 23rd, 2008 at 6:40 pm.

By Heather on Jul 6, 2008 | Reply

OK, so what I did, was find out what the actual name of the file was for the Antivirus XP 2008. Then I went to Start, Search, and clicked on “all files and folders” and did the C drive only. I typed in the filename…mine was rhctw0j0egna and did a search. Once I found all of the files, I did file, select all, and then deleted them bad boys. Then i went to my control panel, it still showed Antivirus XP 2008 but it did delete it from my system. I hope this helps!!!!!!

By Angel on Jul 6, 2008 | Reply

Thanks so much for all the tips! the actual antivirus seems to be gone and uninstalled but a blue background reading “Warning: Spyware threat has been detected on your PC” remains. Futhermore a small yellow triangle baring an exclamation mark continues to pop up in my toolbar. Both will just lead me back to antivirus 2008. Please help! I’ll appreciate any legitimate advice! I’m so desperate!

By JohnP on Jul 6, 2008 | Reply

I have acquired this fine little nasty. It has become impossible to get to my tabs 3 secinds after it logs on – I have tried SafeMode – I have deleted registry files – It is not getting any better as a matter of fact it’s getting worse. So if it is at all possible I need a step by step sequencial way of commands (not able to use buttons they have become non-existent), so please reply with command lines because I can access that. Ctrl-Alt-Del brings up Task Manager and I have of course “regedit – cmd – msconfig – etc” – need somereal helps here anyone. Haven’t dealt with a nasty as bad as this. Everything was fine it seemed until I downloaded and inatalled servicepack3 for XP. Am running, or was Comcast McAfees with a firewall and medium-high security and haven’t given any permissions for anything to download. Woke up this morning and waalaa the ol’BSOD with a banner in the middle that doesn’t even click thru.

Any replies with “how to’s” or where to go to (URL’s) would be greatly appreciated!

Got to get this one fixed I’ve my inventory and many many digital products on this hard-drive.

Thanks

By Lori Janiec on Jul 7, 2008 | Reply

Well this thing took over my entire desk top and admin functions – couldn’t even access through safemode. My computer geek friend said it tried to disable the spybot program he finally got down loaded and it disabled that as well!

So we had to do a total wipe clean and restore. He took off my itunes and photos and it seems it left those alone (THANK GOD!)

I haven’t gotten my pc back yet to tell you how it’s doing but dang! This thing is hella nasty! Oh, and apparently I got mine off YOUTUBE, so be careful!

By tony on Jul 7, 2008 | Reply

the blue screen still shows, what do i do? somebody pls help me. it’s the xp antivirus 2008 whipping ma ass……

By Steve on Jul 7, 2008 | Reply

Hey everyone make sure they’ve searched their files for CODEC there is a file in there that’s a nasty bugger which is riggering the re release of files

By keithw on Jul 7, 2008 | Reply

Normally, the only way back from a BSOD is power off and restart. However I’ve noticed that, with WinAntivirusPro on a friend’s PC, Ctrl-Alt-Del gets rid of the blue screen and after a minute or two drops you back to where you were, with the machine still operating.

I would guess the fake BSODs are thrown up to fool you into restarting the PC before the infection has been fully removed.

By CL05 on Jul 8, 2008 | Reply

I got rid of this annoying problem by following a pretty simple procedure and it FULLY WORKED!

To get rid of my vista antivirus proplems, I typed ‘regedit’ at the run command, I then opened ‘hkey current user, then software and deleted ‘vav’. I then typed msconfig at the run command and went to startup and unchecked ‘vav’. Then I went to C:\program files and found “vav” and deleted it. Also, when i went to Control Panel I noticed that I had another Vista Antivirus 2008 item and in order to delete that i had to go to C:\Windows\system32(’My Computer’, then ‘Windows’ folder followed by ’system32′ folder) and then deleted a file entitled “vav.dll”. In order to ensure I no longer had any of these “VAV” files (which im guessing stands for Vista Antivirus), i went to start then search and then searched my computer for ‘vav’ and as a result deleted these files.

I hope this helps! coz it definitely worked for me. Good Luck!

By mianova on Jul 8, 2008 | Reply

I think its gone but I continue to get the warning page that blocks me from viewing when surfing the web. So anybofy have any suggestion?

By Josh on Jul 9, 2008 | Reply

I’m sure I’ve eradicated the virus for the most part, however, I still cannot change the properties on my desktop background. This wouldn’t prove to be such a problem, as I changed my background externally, however, now my computer goes to sleep after 10 minutes, and the option to adjust that has disappeared. How can I get my desktop properties abilities recovered?

By Dan Osto on Jul 9, 2008 | Reply

After looking at about a dozen sites including this one, I was able to remove the virus from my system, but it has left me unable to open any programs or even look at my property settings, stating that I have to be an administrator to be able to change anything. I am the administrator, and now I can’t figure out what to do.

By Tay Diggs on Jul 9, 2008 | Reply

I think i successfully got rid of everything antivirus xp 2008 on my pc EXCEPT for the large box image in the center of my monitor display which says “Warning! Spyware detected on your computer…”

CAN ANYONE HELP WITH THIS? THANKS!!

By DJOldskool on Jul 10, 2008 | Reply

I have removed most of this virus but I am left with run, my computer etc.. and control panel link missing. I take it need to edit the registry to get these back, I also have Virus alert after every timestamp everywhere. When I use work around to get to my computer the C drive does not show up. Any help would be appreciated.

My ability to run task manager and desktop properties has returned though. If you can see themes tab, set to xp and it will change desktop and screen saver back. The Blue screen is a fake, its just a screensaver.

To access run command when it has been removed from start menu hold windows key and press r.
To access my computer type c: into run command.

By Prayforme on Jul 10, 2008 | Reply

i’ve had this virus twice thanks to my internet porn addiction, pray for me. I have also successfuly removed the virus twice.

Follow the instructions regarding the deletion of all antivirxp08 files. On my system they also showed in the form of *7j0evdr.exe. (*=File Name). So i did a windows search for all files containing “7j0evdr.exe”. I repeated this search also in “regedit”. Once you find the correct files, you can delete them. Make sure that the files you are about to delete are the correct files, deletion of system files may cause your operating system to not function properly. If you are unable to delete any specific files, for any reason (i.e., access denied: read only), try renaming or moving the files. Once you have deleted all of the files that you can, you need to disable the virus in startup by going, start menu >> run >> msconfig >> startup. Here you can stop the virus application from starting when windows starts. Note: if you have deleted all of the correct registry files, the startup file(s) may already be deleted. Once you have complete all tasks, restart you computer, search for the files that you were previously unable to delete and delete them. You should have no problem. If you are missing tabs from your desktop properties, I recommend that you do a system restore, which can be acheived through pF10 (press f10) when windows is starting. You will have to reinstall some programs and others may not work properly, but you will have all of the files you had before and your desktop property tabs will be restored.

By Fix it Manually on Jul 10, 2008 | Reply

What John said is more or less correct to remove this manually. This is what I did to remove it:-

1. Directory list C:\WINDOWS\system32 and sort by date to look for files created since the date you believe the infection began. In my case I saw three suspicious files:-

blphcv76j0e76a.scr
lphcv76j0e76a.exe
phcv76j0e76a.bmp

Notice that part of the name is common to all of them (cv76j0e76a). Delete these files.

2. Run msconfig, click on the startup tab and untick startup for the virus .exe file (in my case lphcv76j0e76a.exe)

3. Restart your computer.

4. Check that the virus files above have not come back (if they have the repeat the above steps). You may also need to reset your wallpaper in Control Panel Display settings.

5. Run regedit and search for items containing the “common” name (for example cv76j0e76a). You should find at least two (the screensaver and the startup register). Delete the items found from the registry.

6. Restart your computer again.

7. Check that virus has gone, then create a System Restore point using the options in “Help and Support”

8. Job done!

By danny on Jul 10, 2008 | Reply

hi im having a problem with a popup every time i open a new window on my desktop – every time it accesses til xpantivirus2008 website and asks me to download the problem – could you please help me remove this bug – thank you soooo much, its really annoying

By Daniel on Jul 10, 2008 | Reply

the easiest way. start in safe mode, in PC in C: in Program files, just erase rhcg17j0ep5j folder and then click on start, control panel, erase programs, select the program of the XP antivirus and eliminate it.

By digger on Jul 10, 2008 | Reply

fix it manually tip seemed to work so far – thanks!

By danny on Jul 11, 2008 | Reply

the problem is i never installed the program and i dont have a folder called “c:\program files\rhcg17j0ep5j”

By Alan on Jul 11, 2008 | Reply

I have followed all of the directions here and Norton I have been able to remove all evidence of XP antivirus 2008 and apparently it’s cousin “Malware 2008″ which popped in while I was trying to remove the first — exact same MO just different look & names.

But I still have the fake BSOD that annoyingly pops and no wallpaper control. I tried the instructions from T says posted July 1 — This works!

In:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

create:
1) a REG_DWORD entry called NoDispBackgroundPage
2) a REG_DWORD entry called NoDispScrSavPage

As long as their values are both set to 0, your tabs will be back.

Thanks T!

By jonah on Jul 11, 2008 | Reply

If you have the same one i did (antivirus xp 2008) and none of the steps above have worked so far… I strongly recommend the following

Follow Tom June 23’s advice best as possible… but if it does not fix it:

Start-search-all files/folders

search for lph and delete any very long filenames that begin with those letters

search for rhc and do the same thing

search for antivirus and delete anything with antivirus 2008, xp, etc

*****download malwarebytes antimalware from their website. Do a scan, delete the files it tells you too.

This step is the most important, my mcafee did not find this thing but this did on its first scan and took care of all my problems.

By Matt D on Jul 11, 2008 | Reply

It took me 3 hours, but I think I finally got rid of it, with the many suggestions and guidelines posted here.

I hope the developer of this one chokes to death the next time he teabags his friends.

BE AWARE that the bastards out there are changing this POS before uploading it. Most of my folders and such weren’t recognizable as XPA or antivirus or similar. I had to remove 5 files tagged as “rchjogj0en9n” and 2 files marked as “Setup68″ and stop the start-up of a file named “B6.exe” among others before I finally stopped the pop-ups.

Does anyone know how to get rid of my screen which now has the permanent image of the virus warning?

By mike on Jul 11, 2008 | Reply

does anyone know how go get rid of this without the run command at start. I can’t find the run command. thanks

By Matt D on Jul 11, 2008 | Reply

FOLLOW-UP:
Performing Tom’s instructions I was able to get my background and screensaver tags back. However the last part of the file address given in the previous posts, that doesn’t appear because it runs off the page, is /system

So, it should read:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Policies\System

“System” being the last sub-folder.

create:
1) a REG_DWORD entry called NoDispBackgroundPage
2) a REG_DWORD entry called NoDispScrSavPage

As long as their values are both set to 0, your tabs will be back.

Again, thanks to Tom!

By Matt D on Jul 12, 2008 | Reply

Mike,

From DJOldSkool on July 10th:

To access run command when it has been removed from start menu hold windows key and press r.
To access my computer type c: into run command.

By Coolperson on Jul 12, 2008 | Reply

F*ck the creator of this mother F*cking thing, and d*hm the F*cking dude to h*ll. What a son of a b*tch

By H Warner on Jul 12, 2008 | Reply

Got this virus today and can’t get rid of it. I can’t even get to RUN or Control panel or anything. The virus has removed all available tools. Is there any other way to find RUN or initiate Task Maanager etc

Thanks for any help

By H on Jul 12, 2008 | Reply

Hi there,

I just got this virus yesterday night and I spent about 4 hours of my time and I finally seem to have got rid of it, However,
No matter how many times I tried Tom’s and John’s suggestions to get my wallpaper and my tabs back.It always returned back to the blue screensaver saying “warning, spyware detected on your computer.Install an antivirus or spyware remover to clean your computer”..
And I also sometimes come into contact with this webpage that brings me back to getting antivirus or continue unprotected.

Please help

By Amy on Jul 12, 2008 | Reply

OK I can’t get this stupid antivirus XP off. I tried searching for the files manually and it found a bunch of shlwapi.dll but I can’t delete them. I’ve ran two spyware programs and it’s still on here. How in the world can I get this off?

By Amy on Jul 12, 2008 | Reply

OK I have it removed from the registry but I can’t find a xpa in my startup programs to uncheck. Now what?

By mz lyly on Jul 13, 2008 | Reply

READ VERY CAREFULLY AND FOLLOW THE STEPS of what Tom said and if u cant find:
vav.exe
XPAntivirus.exe
XPAntivirusUpdate.exe
xpa.exe
xpa2008.exe
or what ever everone els said

than look for the antivirus 2008 icon on your computer just right click it and go to find target and there you should see what folder its name is.

Than after that follow Tom’s instructions again.

Also im still trying to figure out how to permently remove that stupid warning wall paper.. help?

By P Crafton on Jul 13, 2008 | Reply

I received your Antivirus somehow when I entered a program of which I have not figured out which one. I have tried repeatedly to get rid of it, but it is not possible to do so. I am trubing you into the Better Busniss Bureau, as well as informing the proper authorities of your scam. Scams are illegal by the way and what you are doing is totally illegal. I have do not want your program. Either send out a program that enables people to get rid of you program(for free) or suffer a legal battle to come. The free program must not have any other itentions, but to get rid of your program. I am angry that you had the gaul to intrued into my computer via another program. Fix it, NOW!!!!!!!!!!!!

By Matt D on Jul 13, 2008 | Reply

I can understand the frustration with many of you, but you all need to take time and read all these posts. The info you’re seeking on how to get rid of this malware is here. I am no computer geek, but was able to bumble my way through it.
As to getting your wallpaper back…
to repeat Tom’s instructions:
Click “Start”
Click “Run”
type in “regedit”
Click “OK”
Now, open the following folders in this order:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Policies\System

“System” being the last sub-folder.

create:
1) a REG_DWORD entry called NoDispBackgroundPage
2) a REG_DWORD entry called NoDispScrSavPage

As long as their values are both set to 0, your tabs will be back.

Again, thanks to Tom!

By Bill on Jul 13, 2008 | Reply

There are different versions of this “virus” and each has differnt filenames. The easiest way to identify the names it to search on any applications created on the date you first experienced problems. Go to search/all files and folders, and enter “.exe”. Then click on ‘when was it modified” and enter that date. All applications created on that day will appear. Then you can use Tom Ts instructions to delete the applications. My version did not have a “xpantivirus” in the registry but did have shlwapi.dll & wininet.dll files so I deleted those, as well as the other applications I found in my search. My computer works fine now.

By esseginz-2 on Jul 13, 2008 | Reply

I got tired of stupid security problems of windows so i removed it and installed linux-ubuntu.I think this is the permanent solution for all kind of bull**** like this At least until they start cracking linux too

By Johnlw on Jul 14, 2008 | Reply

Another aspect of this virus is that it took control of my browsers and won’t let me use either ie or firefox. And it keeps trying to access a website via ie. I’ve disabled my nework connection so at least it can’t get out. The manual instructions in this string work except for the internet access. Any ideas on what to do?

By Ann on Jul 14, 2008 | Reply

I also followed Rhonda’s instructions instead of removing xpantivirus I had to remove VAV. I just followed all her instructions. Thanks everyone for your help. This Vista Antivirus downloaded this morning and I couldn’t stop it. I was sick because this is my work computer but thanks to everyone’s help it’s gone.

By Saga Continues on Jul 14, 2008 | Reply

Hope someone has solution for this: Appears that Antivirus XP 2008 has also disabled ability for SpyHunter, Symantec, and Windows Update to get updates from the Internet. I have tried to install PC Tools Spyware Doctor, and it appears that something is blocking this EXE. Any suggestions??? Thank you!!!

By Jj on Jul 14, 2008 | Reply

Hiya.
My attempts to remove this virus from my system have borrowed from many suggestions all over the internet. I need help to remove the program files folder which contains some of the program. For the following reasons, I have tried to delete it in DOS, but I’m not fluent with DOS, so I don’t understand why it’s not working.

I do not have access to my C drive, thus search does not work. I can see a suspicious directory (”rchmj0e79g”) when I search c:\program files in DOS, but it doesn’t disappear with the “del” command. When I attempt to “find” anything in DOS, nothing happens… after I hit enter, the cursor drops to the next time and blinks forever. I AM running windows on a mac, if that makes a difference, and can also see the files chillin’ in the program files folder, but I can’t delete or alter any files on the windows disk from the MacHD as far as I know.

Many websites are blocked, and what cleanup software I have been able to download will not run.

The virus (”administrator”) has disabled task manager and registry editor, but I have been able to fix that with these commands at the run prompt:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

I have discovered numerous registry entries and deleted them, and they haven’t come back, but I can’t find or delete any .exe or .lnk or anything else. Granted, I don’t REALLY know what I’m doing, but it seems like SOMETHING should be different based on those deletions.

My “IT guy” gets home from a business trip Thursday, and at that point I expect we’ll just reinstall windows, but until then I have to deal with the constant interruption of popups, inability to access my c drive, and limited net access.

Any more suggestions for me? Especially regarding access to my C drive, any help would be appreciated.

By scott on Jul 14, 2008 | Reply

This works, my wife got the virus and I followed the instructions below and it’s gone!! Dont waste your time on any virus scans…

“TomT Says

Rhonda, this ‘virus’ showed up on my PC today 3/2/08 and it was obviously not something I wanted on my PC. To get rid of it I typed ‘regedit’ at the run command, then opened ‘hkey current user, software and deleted ‘xpantivirus’. Then typed msconfig at the run command. Went to startup and unchecked ‘xpa’. Then went to C:\program files and found xpantivirus and deleted it. This took care of it for me. Give this a try.”

Mar 2nd, 2008 at 6:36 pm

By adam on Jul 14, 2008 | Reply

All I did to get rid of this was restart my computer in safe mode and then do a system restore to a day before the incident of the installation of the program. Surprisingly it worked! I hope this works for you too!

By grace on Jul 15, 2008 | Reply

Well, I took Tom T’s advice. Haven’t done a reboot yet, but it seems to have disappeared. I got that virus while downloading codec from a site for donating my old cellphone to battered women. Some ppl are such creeps!

By sdf on Jul 16, 2008 | Reply

Hi

By RAJU on Jul 16, 2008 | Reply

remove virus

By Robert NL on Jul 16, 2008 | Reply

Tom T, I wish i had seen your advise in an earlier stage.Yesterday my PC got infected by Antivirus xp2008 by opening an attachment to a fraud e-mail (sender UPS Packet Service,message:your parcel could not be delivered)I opened the attached document and..bingo !
First I ran Norton 360, than Adaware and SpyDoctor, but nothing worked.Switched of my PC and after lunch wanted to reboot, but didn’t get into Windows.I ended up in a loop, bringing me back to “enter Windows password” all the time.Tried in safe mode, same result.Now I brought it to my PC shop, but they can’t manage either.
Any suggestions?

By LISA K on Jul 16, 2008 | Reply

I DROVE MYSELF CRAZY TRYING TO GET RID IF THIS FEROCIOUS THING…I INSTALLED WEBROOT SPYWARE AFTER EXHAUSTING MYSELF WITH THE MANUAL PROCESS. UNLESS YOUR A COMPUTER GURU, THE INSTRUCTIONS ARE DIFFICULT. ANYHOW, WEBROOT SPYWARE DETECTED IT AND HOPEFULLY WILL REMOVE PERMANETLY. I STILL HAVE MY FINGERS CROSSED. GOOD LUCK!!

By lucy on Jul 16, 2008 | Reply

Hi everyone,
At last I can research about this nasty thing as I have had my laptop wiped,a fresh copy of WINDOWS installed by an engineer!!!! I had no idea that one can do it themselves if they know at least little about PC’s!!! Well, I didntt. And I did not have my back up cd of my laptop, my friend, pc expert could not help me.

However they did in the workshop. Am shocked that I am the only one resorting to that!!!Jeez, Lucy, whats wrong wth u? I contracted this spyware on Sun but was unable to even research about it as it would NOT let me!!! Not sure if it would have worked anyway but still, I feel I had no choice but called a PC RESCUE. This is how much it cost me if anybody is interested:

the first visit, Mo £52- deactivating the virus BUT did not really help, my laptop was omitting letters and was slow.

- 2 hours later, called them back suggesting I am happy with the a fresh copy of WINDOWS installed in order to get it fixed – £105!!

Wed- today, I have it back

AM HAPPY WITH MY LAPTOP PERFORMANCE NOW BUT IT CAME WITH A PRICE!

By Anna on Jul 16, 2008 | Reply

WHO THE F*CK MAKES THIS SH*T?

By tabassum on Jul 17, 2008 | Reply

Dear Tom T,
I ve done as per yourinstructions… and I remove the vista antivirus 2008.Bt now am facing another problem.. As I can’t open any other sites except google.com. Even I cant open yahoomail, gmail… or any of my account.
Please please help me!!! Wat to do… I am gonna crazy!!!

help me pls!!

By Jamie on Jul 17, 2008 | Reply

ok…I’ve followed all the advice to get that crazy Antivirus thing off. Got rid of it, but my background is still blue and I can’t fix it. Also my system restore won’t let me go past the current days date. Any suggestions. I’m not a computer pro, so if you could make it simple for me, I’d appreciate it. Thanks!

By Jj on Jul 17, 2008 | Reply

Hey Jamie, and everybody.

I can’t get rid of the bug entirely — I’m still getting popups that I’m now just leaving open in the corner so they don’t recycle but I DO know how to get the background blue. I have to follow these steps each time I restart, however. Perhaps you’ll be luckier.

First I go to Start>Run and paste the following line and hit enter:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

because “my administrator” disabled registry editing. This gets it running again.

Then, at the Run prompt, I enter ” regedit ”

and navigate through the folders thusly:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Once you have clicked on the “system folder”, you will see a list in the right hand pane, including, “DisableRegistryTools”, “DisableTaskMgr”, etc. If this is your problem, like it was for me, you should see sneaky little (1)s at the end of each value, with the exception of the “DisableRegistryTools” line which you fixed using the command above.

Double click each of these and set the value to zero. I think the blue screen one is the one about the BackgroundPage.

I have to do this each time I restart windows. Luckily, my irreplaceable content is accessible and AOK. I’m just gonna do a clean install of windows myself. Pain in the butt, but while I’ve followed all the above instructions where pertinent, I’m still pretty infected.

Thanks to everybody for your help above.

By Joe Dirt on Jul 18, 2008 | Reply

Thanks for the tips. this thing was a pain in the arse.

By DPackerz on Jul 18, 2008 | Reply

I helped someone get rid of this today. All I did what stop XPA from starting up, manually deleted the XPA folder, then restored the abaility to change the computer wallpaper pattern to get rid of the fake virus message. Now the computers Antivirus program can run and is scanning as I type.
I am combining from many helpful posts from above to give you what should be the quickest way to give you a functioning computer again. I would let a reputable antivirus program examine/remove your DLLs, so I skipped those suggestions for manually removing DLLs.

>>
“…Then typed msconfig at the run command. Went to startup and unchecked ‘xpa’. Then went to C:\program files and found xpantivirus and deleted it. This took care of it for me. Give this a try.”
I tried that,i got to the ‘hkey current user’ but it didn’t say ‘xpantivirus’ it says default…okay i have no idea what i’m doing and this stupid thing is driving me crazy..”

-I did not go into the registry, but ran msconfig. In the startup tab there was a program listed “rhc72cj0e327.exe”. I believe the XPA listing was modified to this random name when the person ran the programs “Uninstall.exe”. If you use “add/remove” in control panel, XPA renames and reinstalls itself, then removes the old version to make you think you got rid of it. The way I was sure I removed the right entry and folder under program files was look at the shortcut to run XPA on the desktop – it points to the name of the program you need to delete.

>>
“Has anyone figured out whether we should ignore the selective startup warnings or launch the restore?”

- Just check the box next to “Don’t show this message…” of the Sytem Config Utility. It is OK to run this way. In fact, this is a great tool to speed up your compter if you have alot of startup icons in the lower right of your screen. Google “Msconfig” for more info.

>>
“What is not normal is my wallpaper which has a message saying I have spyware on my CPU and I need to load antivirus or spyware remover software. I have both. I’ll go into the Display Properties window and the tabs to change wallpaper and screen saver settings are gone. I only have the Themes, Appearance, and Settings tabs. How do I get rid of this wallpaper and get the tabs back?”

-To restore ability to change your desktop settings and select a different wallpaper and screen saver do the following:

Start, run

type Gpedit.msc

Navigate to User configuration, Administrative Templates, Control Panel, Display

Right click on Remove Display in Control Panel
Click on Properties and select Disabled

Do the same steps to change the following attributes to disabled:

Hide Desktop Tab
Prevent changing wallpaper
Hide Apperance and Themes tab
Hide Settings tab
Hide Screen Saver tab

You should now be able to use your computer normally and change the wallpaper to whatever you want.

Hope this helps others …

By Fran on Jul 18, 2008 | Reply

Thanks to Fix it manually and Someone, I was able to remove. I was not able to remove the files from my register because I forgot to write down the “common” file name (duh). I know they had a cv in them. Anyone have any pointers to try and find them?

Thanks to all.

By Svend Juritzen on Jul 18, 2008 | Reply

Thank You!!
I never thought I would find such a wonderful site as you!!
I got rid of that nasty “XP 2008″ right away!!
Thanks again, and for U guys at “XP 2008″, stop it, you are already the most hated guys here!!! Thanks God we have this site here!!!

By Vikas on Jul 18, 2008 | Reply

System Restore worked for me!!

By Jessica on Jul 19, 2008 | Reply

I can’t get this crap off my computer … Can you please have me?

By Wayne on Jul 21, 2008 | Reply

Thanks to this site I got rid of xp 2008 and the blue screen but now my windows automatic update will not enable.Can anybody help

By R.O.B on Jul 21, 2008 | Reply

I had fun with this one this weekend with no help from the internet. i’ve seen where Folks on here said that it would not DEL when trying. Will after i found the name atttached to the “XP Antivirus 2008″ I went into task manager and stoped/end the progam from running. i can not rember the whole name that this HACKER used BUT do rember that it had “j0e” middle on the word. after stopping this i had better luck on getting rid of this program. i also used HIGHJACK this as well. after all was done the only problem i had was when going to DISPLAY to change the walpaper back there were no way to do this. Still working on that before i reformat

By Kevin N on Jul 21, 2008 | Reply

I had to clean my brother-in-laws PC of this spyware on the weekend. In this case, it seems like the program went to a lot of work to lock things down and prevent access to normal windows applications and features so you could not easily remove it. The user that it affected had no access to the RUN command, Task Manager, Regedit, or to change the wallpaper. Because this was on Windows XP Home Edition, there was no gpedit.msc so I had to use a program called XP security console from /www.dougknox.com/xp/utils/xp_securityconsole.htm which sets some similiar policy settings within the registry. I had to stop a couple services to get it to stop setting these policy settings back on every reboot – you can do this with either hijackthis or msconfig. It took going into safe mode with another account, using hijackthis to see what was going on, and stopping the program and services from starting – information from this site helped by giving me an idea where to start looking but I could not find some of the EXE files that were mentioned – in my case I think it was random named EXEs and DLLs that were causing the problems.

I also had to change my regional settings in control panel back as this spyware had added a message about virus alert to the clock display.

By zack on Jul 21, 2008 | Reply

for me, all i did was stop the program with task manager, and then both norton and ad-ware workes to remove t, and i cant find it anyware on my computer, but i still think its there somewhere…

By Dark and Stormy Knight on Jul 22, 2008 | Reply

System Restore seems to have worked…time will tell.

DaSK

By Nick on Jul 22, 2008 | Reply

I used System Restore. It worked momentarily then Vista Antivirus 2008 came back. Now I can’t do anything. I used my 2nd laptop to get online and tried to find a solution for this.

By Zack on Jul 22, 2008 | Reply

wow… im royaly screwed. antivirus xp installed it self under a different name then the ones they tell you above, and its differents on the task manager too, so i cant stop the process of the other programs.

By AdamR on Jul 22, 2008 | Reply

Yep, i think ive got rid of it….

I hope the creator of that crappy program gets caught and put in prison. What does the creator gain out of doing that.. Anyway.. Thanks for the information.. It’s worked great!.

By Mike on Jul 23, 2008 | Reply

I have tried following Tom T’s instructions. I have no search option when I hit start. Also I hit the window and R keys to enter the run command. I typed “Regedit”, but was told that “Registry editing has been disabled by your administrator” What should I do now? Keep in mind that I am computer illiterate and need specific instructions.

By itamar on Jul 24, 2008 | Reply

thanks man! i did all the you told me to do and theres no trace of the god damn thing! horra!

By dross on Jul 24, 2008 | Reply

good call on those registry keys for desktop and screensaver tabs T!

By bud1944 on Jul 24, 2008 | Reply

I contracted this “Disease”-Antivirus XP 2008 7/24/08. I haven’t a clue how it happened. I easily eliminated it through Mike W’s suggestion of May 10th. Started up my computer and continually pressed the “F8″ key until I was able to arrow up to “Safe Mode” hit enter and access in Safe Mode. click start,double click “My Computer”, double click on “Local C:”, double click “Program Files” and hunted for the folder that said “Antivirus XP 2008″ or such. Mine was listed as “rctoej0ea3e.exe”. I double clicked on it and sure enough folders inside were ” listed as Antivirus XP 2008″, “Antivirus XP 2008 Uninstall” ect. So I new I had properly located the correct location. I went up to back in upper left and was back to program file list of folders. I highlited “left clicked” folder rhctoe……then right clicked the folder and selected “delete”. I was prompted “Are you Sure” (Secretly, I wish I could have responded their, “Are you kidding me”, and hit ‘YES”. Files deleted. I went to desktop and deleted (right click on) the DAMN icon for this SOB while I was at it, and restarted and it’s gone. Still am needing help with desktop background solutions etc. Hope this helps others.

By julie on Jul 24, 2008 | Reply

well i got this darn thing today and freaked! i tried Tom T’s way…so many raves and all…but i didn’t have the file under programs…so then i tried bud1944’s and it seems to have worked, but i still have the blue screen desktop…any solution for that yet?

By dross on Jul 25, 2008 | Reply

Try T’s method from July 1 to fix the desktop. It worked for me.

By Angi on Jul 25, 2008 | Reply

oh my god.
this crap is the worst thing i`ve seen in my life. it like completely messed up my computer and the freaking blue crappy desktop picture it put on my desktop is giving me a headache. its overpowering my antivirus and i can`t remove it from the add/remove place and i can`t system restore. i`m about to march up to the white house and slam this stupid laptop in front of their faces.

By Colleen on Jul 26, 2008 | Reply

TomT – I have a new windows Vista computer and can’t find the stinking run command box, it isn’t right there like on my okd puter. Can you tell me where it is so I can follow your steps?
Thanks!

Windows Vista hater

By Garry on Jul 27, 2008 | Reply

Thanks TomT. You speak my language – nice and simple, and most importantly – a very effective remedy. I join the masses in saying thanks.

By bud1944 on Jul 27, 2008 | Reply

Well, all this info has been great. System now ok EXCEPT: I can’t get task manager to load at contl-alt-del. I get a message that says “Task Mang has been disabled by your Administrator”. Heck, I am the admin on this at home, stand alone machine. Any idea’s on how to undo this piece of nonsense?

By Crystal_ChicagoConnect on Jul 27, 2008 | Reply

Whomever wrote this in an earlier post, it WORKED!!!! Thank you very much. Even if you think you are computer illerate, you can follow these steps and it will not only save you money, it will save your sanity.

This is how I got rid of Antivirus XP 2008. It is different than the XP Antivirus 2008 most sites refer to.

First you need to stop the program from loading on startup. This is what you do to stop it:

Start, run

Type msconfig

Go to Startup tab

Uncheck lphc35dj0e1an
Uncheck rhc75dj0e1an

Click apply, then ok
Restart computer

Then you need to delete the main files this program uses. Delete the following files:

C:\windows\system32\lphc35dj0e1an.exe
C:\program files\rhc75dj0e1an\rhc75dj0e1an.exe

This should remove the program from your system but you probably still have a warning message displayed as your wallpaper in Windows and the virus removed the ability to change the wallpaper or your desktop settings.

To restore ability to change your desktop settings and select a different wallpaper and screen saver do the following:

Start, run

type Gpedit.msc

Navigate to User configuration, Administrative Templates, Control Panel, Display

Right click on Remove Display in Control Panel
Click on Properties and select Disabled

Do the same steps to change the following attributes to disabled:

Hide Desktop Tab
Prevent changing wallpaper
Hide Apperance and Themes tab
Hide Settings tab
Hide Screen Saver tab

You should now be able to use your computer normally and change the wallpaper to

something other than the warning message Antivirus XP 2008 set it to.

By dtaylor827 on Jul 28, 2008 | Reply

I think I finally got rid of everything on my computer too, except that when I just performed the instructions above to get my desktop and screen saver back, I noticed the drop down menu of my screen saver has ‘blphcc6rj0e39c’, which if I remember is one of the things related to the Antivirus. Does anyone know how to get rid of that on my screen saver menu or is there nothing to worry about with it being there? Does anyone else have it?

By vano on Jul 29, 2008 | Reply

i was able to delete some files that seemed undeletable. they kept saying ‘access denied’ every time i tried to delete them. in order to solve this problem, i downloaded an application called ‘MoveOnBoot’ which allowed me to reboot the computer and delete those files by following the directions.

By ANDREI on Jul 29, 2008 | Reply

WINDOWS XP ANTIVIRUS GUD

By sophia on Jul 29, 2008 | Reply

dam this gay XP vista antivirus 2008. its fuckin up my comp. how the hell do u uninstall this cuz this thing is always running n i cant even go to my control pannel

By Johnlw on Jul 29, 2008 | Reply

I think i got rid of the bad parts of this thing but not without a lot of sweat and swearing. I found and deleted the primary files, but i had to go through safe mode to do it because it won’t let me access task manager or the c drive through explorer ( you can get there by doing a search and manually typing in c drive). But the damn thing kept reinventing so i followed one of the tips above and searched the *.dll files sorted by date. I had already done that, but then i found three files that showed different mod and create dates than the time i know this hit me. So i opened up properties on each of the files and saw that they came in at the suspect time even though it didn’t show up in the file list detail. I deleted those files and now don’t have any of the pop ups, fake alerts or internet access attempts that were tying up the whole computer. Those files probably change randomly, but just in case, on my computer they were named fdxbameg, sqvgnrpx, fsrpknov, and wbxdpgfeqod. Now i still have a few problems that i need to resolve and that are probably buried in the registry. It won’t let me get to task manager or regedit except through safe mode, i can’t find the control panel, and it has removed any reference to the c drive on my computer. Any ideas to kill these off would be great.

By Sam on Jul 29, 2008 | Reply

All of the above states to type msconfig at the run command. Then to startup and uncheck ‘xpa’. My computer does not have an option to (uncheck) xpa. Cannot locate xpa, perhaps I need to be walked through it s-l-o-w-l-y Tom? What I will tell you is that this virus has attached itself to several things in my computer including my system restore and will not let me back up to an earlier date as others above have suggested. I have removed all “.exe.” files that were modified in July 08, per someone aboves comments as well as any dll file from the same date. Its also apparently attached (or its part of the virus) to a program called NVIDIA, if I uninstall this program, system auto shuts down and on reboot, its back. I tried to Google NVIDIA and received a pop up telling me I was blocked from Google because spyware is on my pc and that I needed to purchase antispyware…hum.. when I clicked on the link it took me straight to this Antivirus PX2008 that we are all cussing….when I went to Yahoo as (again) suggested above.. I clicked on antispyware there, and wow, was redirected to the same Antivirus PX2008 ad, for only $49.95. Whoever built this is really good and should go to work for the CIA, perhaps you can single handedly solve wars? You’ve certainly managed to gain my respect. Bottom line, Tom’s instructions did not work for me and neither did Chrystals from Chicago..I did not have these files on my computer
(C:\windows\system32\lphc35dj0e1an.exe
C:\program files\rhc75dj0e1an\rhc75dj0e1an.exe)
I had a host of others that I deleted… I guess its time to take a hammer to it.

By mitch on Jul 30, 2008 | Reply

please remove me off liss or else cop going chec o

By john on Jul 30, 2008 | Reply

Why can’t microsoft or att/yahoo or one of these other bloodsuckers do something about that crap?

By Samuel on Jul 31, 2008 | Reply

Thank you guys for doing this i had some programs that win antivirus wanted to get rid of as viruses but i cant anyway cause it wants to grab my wallet thanks to you guys now i can surf without the worry!!!!!!

By Rbaird on Jul 31, 2008 | Reply

Om my Pc. with XP Pro SP2, to remove Antivirus XP 2008 I had to find where is was residing. I found it under the file name rhc135j0ev3c it was in C Program Files under this file same and in the Registry HKEY_LOCAL_Machine Software under the same File Name rhc135j0ev3c…
I believe I received it from an E card Email when I opened the email it wanted to down load a new version of Flash Player. I did like a dummy and that is when this started so the morel to this story is DON’T Down unless you know for sure what it is and even Then be weary

Rbaird

By Danny Boy on Jul 31, 2008 | Reply

One of my work computers got this virus “Unknown causes” and after following the directions above I noticed it branched out to 4 different types of file and folder names that I found in the registry you can do a search in your “regedit” under edit find. here are the alias
rhc7nsj0e57c (original)
rhc7npj0ee2a
pphc3npj0ee2a
rhc7npj0ee2a
iph3npj0ee2a
check your registry and maybe ( if invefected more that 72hrs) search for files under these names. at start search

By Stefan on Jul 31, 2008 | Reply

Try Toms Method, then Crystals Chigago the search for new dlls in System32 delete them with move on boot or rename if possible now it works again but seems slower if you are not in a business reinstall is possibly the best
Stefan

By Debbie on Aug 1, 2008 | Reply

I have tried the above but to no avail. i can not find the file under hkey current user so can not delete. whta other name could it be under? i have spent hours on this no to no avail. please help. step by step please.

By Val on Aug 1, 2008 | Reply

Thanks to all the contributors who are so helpful spending hours on this ever changing piece of S***t. I spent myself quite a few hours trying to understand what was going on. I am no geek but fortunately have a few notions of the Windows register…

I got infected presumably through a video or codec on Jul. 30. My Norton Autoprotect did not sniff anything…
So, I tried to clean things manually by myself, found various rch*.* and lrh*.* files but I may have forgotten a few : Norton was sending alerts on Trojans that it was spotting and blocking. I did a complete scan : nothing. My Internet and regedit msconfig were still working, but my desktop properties were changed.The next day the infection started again . This time Norton reacted : it identified and deleted a “downloader misleading application” and antivirus xp.
Things seemed Ok but I still had this blue desktop display. F*** Norton helpdesk proposed me to pay to get full support! So I searched the forums…

I tried the regedit that Tom T’s suggested. It worked perfectly : I got my wallpaper and screensaver back! Thank you so much!

I still have one problem though. I can’t access a System restore point other than today’s. Any idea?

By Uhhh. weird. on Aug 1, 2008 | Reply

So everyone knowns, there is a Mac version of this as well and, even though it definately is fake, some of the viruses it picked up really were on my computer were it said they were. Might want to read over that list.

By Dennis on Aug 1, 2008 | Reply

HELP!
I CANT GET RID OF XP ANTIVIRUS. CAN ANYONE HELP?

By Maria on Aug 2, 2008 | Reply

Hey..
I did it like this:
First I did a virusscan with norton and it found it and I deleted it through norton, but it didnt disapear.
So I read this page and tried TOMT:s way, but it didnt work for me cause it didnt find the files. I went to add and delete programs, and I uninstalled it there. Went in to c:/programs and found it under the name: rhcaejj0e545 and deleted it there. didnt work. Moved it to the desktop and tried to delete, didnt work. Went to “process manager” and process and deleted the process: rhcaejj0e545 and if I found any other weird files there. Then I searched for hidden files, and deleted them. No it is gone. I really hope its gonna stay gone..

Thanks for all your help!

By Bill76 on Aug 2, 2008 | Reply

I cannot find the “xpa” file in the startup under the msconfig. I did what Tom T said but I still have this piece of sh*t on my computer.

By Binky on Aug 2, 2008 | Reply

You little ripper. Thanks to all who put their tips/instructions and suggestions on here. It worked a treat. I used various posts and killed the little bugger off my system. Thanks again. Awesome.

By Mike D on Aug 2, 2008 | Reply

I found something that works.

I tried Tom T’s method but I didn’t find his registry files that he suggested. I tried downloading spyhunter but it cost money to remove items found by the free scan. I don’t recall trying John’s method. I also was willing to try the method of using Antivirus XP 2008’s uninstall but was unable to find the “help” tab.

I found the advise about the similar filenames from Fix it Manually’s post on July 10 2008 3:11PM quite helpful. I didn’t have exactly the same file names but many that were very similar. Most notably in each file there was “j0e” somewhere in the middle of the name.(Thats a zero on a capital oh).

Heres what I did:
1. Opened task manager.

2. Clicked on the processes tab.

3. Ended any process that had “j0e” in it.

Here’s where I got a little lucky:
4. I found a folder by opening My Computer, C:, Program Files. This folder was named something that started with rhc had “j0e” in it and ended with some number. NOTE: I found that I was only able to delete this folder after ending the processes in the previous steps.

5.I then performed a search on the c: drive. (For those of you who don’t know how: open my computer, right click on the c: drive, then click on search). I searched for, you guessed it, j0e. The search turned up a number of items and I deleted them all. NOTE: Before I deleted them all I checked some of them out. One of the files was a picture file that was the same as my desktop background that said something like, your computer is infected with spyware. I also looked at another file that was a screen saver, which turned out to be the Blue Screen of Death. I thought that my computer was really messed up when this message would come up but its only a screen saver that Antivirus XP 2008 puts on your computer. I didn’t bother looking at the rest.

6. I deleted Antispyware XP 2008 from my Add/Remove programs list. NOTE: There is no longer an option to uninstall just the option to remove it from the list.

7. I deleted everything concerning Antispyware XP 2008 from my start menu and desktop.

8. I ran an antispyware program that I purchased a couple of months ago that detected Antispyware XP 2008 and removed it. NOTE: I think these were registry items that it found but I don’t know enough about computers to tell you for sure.

9. I changed the desktop background to something other than the infected spyware message. NOTE: I didn’t do this using the control panel since in do not have the options at the moment, but I went to my computer, C:, Windows and opened one of the images from there, right clicked it, and set as background. I’m imagining that my screen saver needs adjusting as well but I don’t know how to do that without control panel.

10. I created a system restore point. It’s in the start menu, all programs, accessories, system tools, system restore point.

11. I restarted my computer, ran my purchased antispyware again with it finding no traces of the virus. My background is still the one I chose and the system seems to be running normal.

I hope this helps.

By Mike D on Aug 2, 2008 | Reply

I should also mention that I am running Windows XP Home Edition on an IBM Thinkpad Laptop.

I don’t see why it would make much difference but there it is.

Also a typo, I wanted to say that the 0 in j0e is a zero not* a capital oh.

By mike mian on Aug 2, 2008 | Reply

my computer got infected recently. i am not sure when, i got a concerned phone call from my wife that we had a virus alert on the machine. This surprised me as we run McAfee.

Somewhat annoying that McAfee did not detect this malware, however this is the process i used to remove this software off my computer running Vista.

a google on wininit.dll and shlwapi.dll indicates that removing these files may cause your computer to stop working. When I terminated the aprocess running wininit I got a bsod (blue screen of death).

The method described above did not work for me (I guess that malware writers read these posts as well and change file names etc.

1) start the computer and log-on.
2) start the task manager (right click on the tool bar)
3) wait a couple of minutes for the warning dialogue to pop-up.
4) go to the task manager and view applications.
5) right click the one the antivirus app and select “goto process” (this will switch you to the process tab).
6) right click and select open file location.

you now have the intalled location of the malicious software. I noted this file and it’s location on a piece of paper.

I then terminated this process. I then switched to an admin user and lauched regedit (from the windows menu->all programs->accessories->command prompt, then in the command window type “regedit”).

I then deleted the applications directory.

I then scanned (edit->find) the registry for references the program i had identified above and removed all entries that referenced it.

I then rebooted.

By Val on Aug 3, 2008 | Reply

Hi everybody!
Even though I was so proud of solving that Antivirus XP 2008 nightmare, I still have a few glitches.
On restarting my computer, my wallpaper disappears, but the tabs are still here, though. I can put it back manually; it shows that there is still something messing up with my computer.
I did a complete Norton scan : nothing. It only detects and blocks several Trojans (notably Trojan Packed 13), I guess I have a rogue file somewhere trying to open the door for them.
So, I did a manual search throughout Windows explorer and regedit. I found “lphcnl9j0eedv” on several locations (note j0e is here!), deleted them.
When are we going to be rid of it all? I got better things to do on my machine!
Does anybody know about a free antivirus/antispyware program that is really efficient on those files?

By Val on Aug 3, 2008 | Reply

Here is a registry key I found and deleted
HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen Saver\”EULAAccepted” = “1″

By Canon on Aug 3, 2008 | Reply

I got antivirus xp 2008 popup virus. Help!!!

By pico1 on Aug 3, 2008 | Reply

I got rid of the annoying popup when windows starts. the only thing that’s left is every time i go to my computer to browse, i get the stupid window that keeps popping up every 20 seconds that there’s an xp critical error. I use Firefox, but when I try IE, I get that same window. anyone know how to get rid of this???

By kevin_n on Aug 5, 2008 | Reply

Hey. The Antivirus XP 2008 screen didn’t go away. I click on “X” and it comes back relentlessly. How do I end this process permanently?

By taysalot on Aug 5, 2008 | Reply

i dont have those processes

By Kevin on Aug 5, 2008 | Reply

..

By Samantha on Aug 5, 2008 | Reply

I have never been on one of these chat/help sites before and am amazed by how helpful and generous people are with their time. Having spent the morning screaming at one’s computer (and at oneself for being so gullible),one wouldn’t expect people to take additional time to pool their insights. Bless you all.
I have just folowed Mike D’s post of Aug 2 and it still seems to be up-to-date.The others were either too hard to follow for a computer illiterate like myself or wonderfully written for laymen but sadly overtaken by the wily harm-causers.The key in Mike D’s note is finding the j0e files, which are camouflaged on the system. I am left with 2 blphcanmj0er35.scr and lphcanmj0er35.exe that i am unable to delete (the msg i get is: “either protected or already in use”). I hope to be able to get away with not deleting them, but if others have insights as to how to bury them with the rest, I would welcome them! Thanks to all!! I hope this has worked…

By ncoredump on Aug 5, 2008 | Reply

To the creators of Vista AV 08 …you have to be the the biggest MUGS known to gods green earth … not only did you LOOOOOOOSE bitchs, but you are possibly the worst cut of wanabe hacker KID / CHAVE ever, fucking numty type of scum bag!!! NO LIFE 10 TIMES LOOSER SAD BITCH WASTING IN YOUR GROTTY LITTLE BED ROOM which is the full extent of your sad demented world… I wouldnt even give his shit a serverity threat of 0000000.1%

By Val on Aug 5, 2008 | Reply

After many hours trying to undestand what was going on, using Norton Antivirus to no avail and reading various forums, I tried Malwarebytes’Anti-Malware. It is a free antivirus, you can find it on various specialised sites.
I scanned my system, it found lots of rubbish that other programmes had overlooked, notably a Trojan Backdoor residing in the system, which kept reinstalling all that shit (esp. the Blue Screen od Death!)as soon as I started my Internet connection. i spent my time deleting registry keys just like they say on the Symantec website but if you still have the Backdoor, it is no use.
Anyway the scan seemed to be efficient, after resarting my machine I reajusted my Background through the Control Panel. Then I restarted my Internet while keeping my fingers crossed… no BSOD appeared, everything seemed to be working perfectly!
Just for more security, I did another Malwarebytes scan…it found two infected files inside the System rRestore folders! I happily deleted them.
I hope Iam finally done…

By Ivan on Aug 5, 2008 | Reply

well i had the antivirus xp 2008 and i did what mike did but theres 2 j0e’s left, the same samantha said and i cant get em out, anyone know a way?

By N Cabrera.Acosta on Aug 5, 2008 | Reply

I have thankfully gotten rid of the program thanks to Chrystal in Chicago. However. I am unable to run GPEdit.msc. I am on Windows Vista. Is there someway to change my settings for my screen saver and my background and whatever else back to normal. I can attempt to go change them but a screen pops up saying the the administrator or whoever has not allowed access. I am the administrator:(

By Ian on Aug 5, 2008 | Reply

Antivirus XP 2008 got to be the most annoying spyware I have ever seen in my life. Unlike most of you, I am a computer guy myself but somehow I just could not get rid of this bad boy. Now I am so upset!

By Chris on Aug 6, 2008 | Reply

If I just got this on a new computer, am I better off formatting (won’t really lose anything but the re-install time) or will I be able to fix this in less time you think?

By Rory on Aug 6, 2008 | Reply

I’m with Val (see Aug 5, 2008 comments # 306). This seems to have worked for me. Previously I had tried running Ad-aware 2008 and the virus seemed to realize what I was doing and would cause an automatic reboot of my system.

By elmo1015 on Aug 7, 2008 | Reply

In order to fix the Display Properties to have the tabs if the Gpedit does not work go to start then run they type in regedit then navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

If there is a DWoRD Value such “NoDispScrSavPage” with a data value of 1 this will disable the screen saver tab. Change the value to 0 or delete it to
see the tab again.

I changed my values to 0 and that worked for me. Thanks to all who posted the files to delete.

By Pditty on Aug 7, 2008 | Reply

TomT,
you are the best..thanks big homie…it works…

By Carlos on Aug 7, 2008 | Reply

You are a bunch of m*therf**ckers, who give you permissions to install your sh**t on computers.
Go to Hell.

By Allison on Aug 7, 2008 | Reply

Someone in my company trashed their computer with this. I am in the process of removing. I noticed the Desktop in display settings is no longer appearing. Is this something there is a solution for.

By Nicole on Aug 7, 2008 | Reply

Hey if you want a EASIER way to make it dissapear email me at miss_perfect121995@yahoo.com

By your_daddy on Aug 7, 2008 | Reply

u said

“XP Antivirus 2008 usually come up after you installed a video codec or software patch that come with Trojan, malware and virus.”

does that mean my computer is infected with trojans?

By Brian in Indiana on Aug 7, 2008 | Reply

Wow,what an adventure.Without this website and the people
writing in on ways to fix the problem.It would be hell for us simple people.Who ever did create this Virus,I hope you get a virus that no doctor can cure!

By jazlyn on Aug 7, 2008 | Reply

TomT I did everything you said but when I tried to delete it from C:\program files it stayed on there and it’s driving me nuts!! Anything else I can do?

Thanks

By alejandro on Aug 8, 2008 | Reply

First to be grateful to them for all those who helped with this problem I did what he(she) says tomy and jessica but what really I help myself was dallas do this enter to regedit then f3 despues they search in file xpa.exe and throb to enter. The record will reveal if that file is in his(her,your) record. If it is they suppress it. Or also S-1-5-18-, S-1-1-5-19-, S-1-5-20-, and S-1-5-21-with a bunch of numbers after each one. When I pulsated on S-1-5-21-1176-/.
They erase(smear) the whole file then they restart the machine and withdraw the compressed files that estan in secret folders C:\Documents and Settings \ “nombredecarpeta” \SendTo and they remove the file that says compressed files and the same thing in C:\Documents and Settings\Default User\SendTo and I list already this the shit

By Jessica on Aug 8, 2008 | Reply

Thank you to ALL of you!

I browsed through these comments for like 4 hours, did as I was told, double-checked, and now…it is gone. Dead. Vanquished. Deleted.
(Oh, you virus creators…YOU MOTHAFRAKKERS LOSE!! BWAH!)

By Jessica on Aug 8, 2008 | Reply

Thanks to all the suggestions…it worked for me!

By Lars on Aug 8, 2008 | Reply

Ok, so this thing is officially the worst piece of hell that I’ve ever had to deal with on my computer. But it seems to have gone now, here’s what I did:
Followed the TomT method, except that I got my virus earlier tonight (Aug. 8), and under the registry, I had to search for “antivirus” in the find option, and it popped up. I deleted that,and then ran msconfig; now again, I had to llok for suspicious file names, and found two instances of them: “rhcpfrj0ecc1″, one listed under program files and one listed under system 32 folder (which is in the windows folder in c drive);I unchecked these. It then asked me to restart my computer. Once I restarted I could go into the program files folder in C drive, and manually deelte the folder named “rhcpfrj0ecc1″; before unchecking it in the registry it won’t allow you to delete it. Then I went to the System 32 folder and manually deleted the other one.

Afetr this, I followed the advice given here to restore the desktop them, screensaver and display options.

THen I proceeded to remove all shortcuts in start menu and desktop. Finally, it seems that the “j0e” string is common to every changed file name in this malware, so do a search like you would for a normal file and search for “j0e”, and it should show you the remaining instancs of this virus. I personally found it under system 32 (4 differetn ones, each with a j0e element to it), and these included the screensaver and the background image. Delete these and everything should be back to normal.

Hopefully this is a permanent thing, seems fine for now, but it’s just been half an hour or so since I removed it!

By sheena on Aug 8, 2008 | Reply

i hate viruses it makes me feel sick of it i hate hate hate double hate hate

By Jessica on Aug 8, 2008 | Reply

And just for everyone’s reference. These are part of files remained and searched out on my laptop after I deleted the “xp antivirus 2008″ folder. Just looking for “j0e” and deleted files and folders that smell funky.

phc7wkj0ej23 Recycle Bin BMP File
rhc3wkj0ej23 C:\Documents and Settings\Administrator\Application Data File Folder
rhc3wkj0ej23.exe.mdmp C:\Documents and Settings\Administrator\Local Settings\Temp\WERb270.dir00 MDMP file
BLPHC7WKJ0EJ23.SCR-0CBC0872.pf C:\WINDOWS\Prefetch PF File
PPHC7WKJ03J23.EXE-1C11802A.pf C:\WINDOWS\Prefetch PF File
RHC3WKJ0EJ23.EXE-001EF4DE.pf C:\WINDOWS\Prefetch PF File
blphc7wkj0ej23 C:\WINDOWS\system32 Screen Saver
lphc7wkj0ej23 C:\WINDOWS\system32 Application

By don on Aug 8, 2008 | Reply

does anybody know how we can report this to someone and get our money back?

By DINA~TEQUILA on Aug 8, 2008 | Reply

THANK YOU MIKE D.! I DID EXCACLY WHAT YOU SAID AND GUESS WHAT, ITS FINALLY GONE!!!

NOW IM GOING TO POST WHAT MIKE POSTED BECAUSE THIS TOOK CARE OF THE LITTLE MONSTER CALLED ANTIVIRUSXP2008!

I HOPE THAT THIS WORKS FOR EVEYBODY :0)

I found something that works.

Most notably in each file there was “j0e” somewhere in the middle of the name.(Thats a zero on a capital oh).
Heres what I did:

1. Opened task manager.
2. Clicked on the processes tab.
3. Ended any process that had “j0e” in it.
Here’s where I got a little lucky:

4. I found a folder by opening My Computer, C:, Program Files. This folder was named something that started with rhc had “j0e” in it and ended with some number. NOTE: I found that I was only able to delete this folder after ending the processes in the previous steps.

5.I then performed a search on the c: drive. (For those of you who don’t know how: open my computer, right click on the c: drive, then click on search). I searched for, you guessed it, j0e. The search turned up a number of items and I deleted them all. NOTE: Before I deleted them all I checked some of them out. One of the files was a picture file that was the same as my desktop background that said something like, your computer is infected with spyware. I also looked at another file that was a screen saver, which turned out to be the Blue Screen of Death. I thought that my computer was really messed up when this message would come up but its only a screen saver that Antivirus XP 2008 puts on your computer. I didn’t bother looking at the rest.

6. I deleted Antispyware XP 2008 from my Add/Remove programs list. NOTE: There is no longer an option to uninstall just the option to remove it from the list.

7. I deleted everything concerning Antispyware XP 2008 from my start menu and desktop.

8. I ran an antispyware program that I purchased a couple of months ago that detected Antispyware XP 2008 and removed it. NOTE: I think these were registry items that it found but I don’t know enough about computers to tell you for sure.

9. I changed the desktop background to something other than the infected spyware message. NOTE: I didn’t do this using the control panel since in do not have the options at the moment, but I went to my computer, C:, Windows and opened one of the images from there, right clicked it, and set as background. I’m imagining that my screen saver needs adjusting as well but I don’t know how to do that without control panel.

10. I created a system restore point. It’s in the start menu, all programs, accessories, system tools, system restore point.

11. I restarted my computer, ran my purchased antispyware again with it finding no traces of the virus. My background is still the one I chose and the system seems to be running normal.

GOOD LUCK!

By lenny on Aug 8, 2008 | Reply

I have been working on this for 3 days! I got it when I opend an email that said CNN Top10 list and the video didn’t load. About 5 minutes later…BAM!

I have gotten rid of most of it on my own. Weird thing is it won’t let me access this website on the infected computer.

Other thing is that it just keeps uploading data when connected to the internet. Watch the lights on your modem if you think you are completely rid of it. they just continually flash until you physically disconnet or turn off your software, wired or wireless.

By Rose on Aug 9, 2008 | Reply

Dina~Tequila!

Thanks a lot!!! I followed your directions and it seems that the menace is gone….

Rose

By Rodney on Aug 9, 2008 | Reply

TomT’s idea worked.
Perfectly.

I’m glad I found that, man.

By imtired on Aug 9, 2008 | Reply

Hi Lenny, I have the same problem…. no internet access and no indication of a cd rom drive on the infected computer. I have been also working on this for 3 days… and found this list of info and am going to try what tom and several others said to do… crossing my fingers! It took me awhile before I found this site to figure out the names obviously keep changing… If anyone knows how to help me get access to the cd rom drive and internet please HELP! Thanks

By dj_chinkxx on Aug 9, 2008 | Reply

Does this virus removes our System restore points also ? I tried restoring my PC to an earlier time and i could not see any system restore points but just my date today. (ie:10th aug 2008) And i had removed the folder from my program files manually, does that means the virus is still there , i have unregistered all the files and removed the registry entries .. of ones i could find. Please Help… this virus is annoying.

By Rain on Aug 9, 2008 | Reply

Thanks to everyone here, I managed to remove it! And Dina’s right, it is hiding under a bunch of random letters and numbers with “j0e” in it. When i was running regedit I can’t see it as “xpantivirus” but I saw the name with “j0e”, that’s how I found and deleted it.

I also managed to bring back the wallpaper and screensaver tabs.

Now the only problem I have is that when I search for something on Yahoo I keep getting redirected to a bunch of useless websites…Google search works fine though.

By Natalie on Aug 9, 2008 | Reply

ok, i really hope i got rid of this shit. it was accidently installed when someone opened IE on my computer. IE makes my computer freeze.

anyway, i followed John’s instructions and when i restarted my wallpaper was back to normal. i followed a bunch of other people’s instructions and couldn’t see what they were talking about, so THANK YOU JOHN!!

By Mike on Aug 9, 2008 | Reply

OMG I had a website up on my screen and had to run to the store real quick and I came back and this XP Antivirus 2008 was running and Norton was going nuts popping up in my task tray that it was blocking a virus. Thanks to this site that I found through yahoo search engine I was able to get rid of it all. Just simply going to add/remove programs didn’t get rid of it. I’m going to email everyone I know about this.

By xmilkxhoneyx on Aug 9, 2008 | Reply

HEY GUYS!! For those of you having difficulties finding it in the locations mentioned on this site, (I was panicing for a bit because the directions weren’t working for me!) I found the virus located under C:\Program Files\rhca3ej0ec9r

First, I folloed the registry directions. File>Edit… XPAntiSpyware> Delete

Then I closed all my programs, and in the task manager, I just turned off rhca3ej0ec9r.exe to shut of. I also turned off EXPLORER.EXE, minimize (do not close) the task manager.

Then I just typed in “cd C:\Program Files” into the command prompt. From there I typed “del rhca3ej0ec9r”. Worked like a charm! ALT TAB back into the task manager and I restarted EXPLORER.EXE.

Basically, the rules are the same. I didn’t even individually remove the .dlls, all I had to do was remove the folder that they were in.

The rotten dirty little file was hidden on my desktop!! So I used SHIFT DELETE to delete that sucker off, and just double checked my C:\Program Files\ to double check everything was cleared.

I HIGHLY recommend using SHIFT DELETE if you are running Norton’s Recycle Bin. SHIFT DELETE will bypass anything going to the recycle bin, and deletes straight off the computer.

I’m not a tech-wiz or anything, but I hope that helps some of you out!!

By Mike on Aug 10, 2008 | Reply

After I “thought” I had gotten rid of this problem I had the computer running and I went to lay down on my bed to watch tv and all of a sudden it went to the windows login screen. I got up and logged back in and right clicked the desktop to click properties to see what happened in the screen savers tab to see what happened and 2 tabs in that window are gone. Screen Saver and Desktop are missing. I don’t know how I’m supposed to fix that so if someone has an answer for me I’d love to hear it.

By Mike on Aug 10, 2008 | Reply

Moderator please remove my last post, I finally found out how to get the screen saver and desktop tabs back. Thanks

By Joe Chow on Aug 10, 2008 | Reply

I am not a computer-knowledgeable guy and I was “attacked” by this “Antivirus 2008 xp” for 2 days until I found this web site for help.
I followed Tom T’s (March 2nd 2008 at 6:36 p.m.)recommedation/advice and have successfully REMOVE/DELETE
this unpleasant “Antivirus 2008 xp”.
Thank you Tom T and hope more “victims” can be saved.
Well done Tom T.

By Helen on Aug 10, 2008 | Reply

Tom, I need your help!!

I tried the solution you gave that made everyone successful in removing this monster. However it didn’t work for me. I followed your instructions:

Keyed in ‘regedit’ on the run command, opened ‘hkey current user. There was no ‘xpantivirus’ to delete. I continued on hoping ‘msconfig’ would reveal something. Went to ’startup’ but there was no ‘xpa’ to uncheck. Finally went to C:program files, but there was no ‘xpantivirus’ to delete.

Earlier when I realized I had this bear and before I checked out this forum, I had gone to the control panel and removed it. I’m wondering that when I did this, I may have only removed some of the components that you reference, but not the entire program.

I installed a Webroot Spy Sweeper With Antivirus hoping this would get rid of it, but it didn’t.

I know so very little about this stuff…can you please help???

By LMSOD on Aug 10, 2008 | Reply

My mom got this virus and I think we have tried everything that has been posted. System restore only went back a few days, but we did that anyway. Now when the computer starts up, a blue screen comes up that “a problem has been detected and windows has been shut down to prevent damage to your computer”, then a bunch of stuff about things to check, and then it says “beginning dump of physical memory”. The computer will start in safe mode, but we don’t know what to do once it is in safe mode… Does anyone have any suggestions?? PLEASE, PLEASE HELP!!

By Kat on Aug 10, 2008 | Reply

I need help! That shit Avtivirus XP 2008 downloaded itself on my parents computer and I can’t get it off. This is what I have done so far: went to ran and typed in ‘regedit’ then I opened up ‘hkey current user’ BUT I CAN”T find that damn virus in the software key. Some one please help out! Thanks!

By Anuj on Aug 10, 2008 | Reply

Well I got the Antivirus XP 2008 on my system. After lots and lots of google I finally manager to remove it. Thanks to John I got the background picture back too !! but the resolution is still not the one that I used to work on. It still shows 1028 X 728 but looks like 800 X 628. Did I miss something ? Any clues on that one ? Thanks

By Jeremy on Aug 10, 2008 | Reply

Every time I try to search for “xp antivirus” or “j0e” or anything like that the virus shuts down the search…

Therefore, I can’t find it??

Now after restarting my pc I get a blue screen of death and can only start up in safe mode

Please help!

By amir on Aug 11, 2008 | Reply

i can,t uninstall antivirus 2008 xp
please help me
Thank,s

By Matt on Aug 11, 2008 | Reply

I think I defeated xpantivirus2008! I went with DINA~TEQUILA’s advice from August 8th. Restarted comp. and all is clean . . . so far. It was pretty easy!

By Julie on Aug 11, 2008 | Reply

I had this horrible thing on my computer, after following numberous instructions I think I have got rid of it but the settings on my computer have all changed and I can not change them back. The system restore will not let me access it before the day the”horrible thing” arrived. I have managed to change the wallpaper though. Anyone got any ideas??

By JJ on Aug 11, 2008 | Reply

Worse case call Microsoft, they can atleast advise and help u get your data off, best case would be to format the machine. Unfortunatly these have been changing frequently, and even the MD5 hash has been changing.

By Amy on Aug 11, 2008 | Reply

TomT- I read that you are the man! Plz help me! I’m trying to follow your intructions but I can’t find the ‘xpantivirus’ after I get into ‘hkey current user’ What I’m I doing wrong?

By Art on Aug 11, 2008 | Reply

Hey – I got this stupid virus yesterday and followed various instructions above. It seems to have worked. Computer is back to normal, wallpaper back, etc. However there is one last issue if someone can helps –

After searching on Google or Yahoo, sometimes when I click the link it Redirects me and takes me to random search websites. Anyone know how to remove this? Please assist.

By Brenda on Aug 11, 2008 | Reply

It probably stops the search because a pop-up is occuring. As soon as the pop-up ’stalls’, put your cursor at the place you are typing and continue to type. It is as if the VIRUS is monitoring your every move!!! It has, in fact, invaded your ability to control your computer. The blue screen of death is just the VIRUS’ screen saver…and that will go away once you can restore your tabs. T’s reply of 7/1 will tell you how to do that. It does work! Be patient and this will all be like a bad dream…..and over.

By socrates on Aug 11, 2008 | Reply

do system restore , if you got the virus lets say…. today, do system restore to yesterday and it will work

By Kimberly on Aug 11, 2008 | Reply

=D I followed TomT’s directions (which were a God-send, thank you!!!) and it worked. However, my virus was not listed as “xpantivirus” but rather as “rhclejj0ej5e”. Perhaps these jerks are getting trickier…

How I found that label was by trying to uninstall it though Start-Program Files-Antivirus XP 2008-Uninstall, which firstly did not work in getting rid of it but gave me the name that the folder was listed under. That was the name/folder that I deleted from the registry, as well as under Program Files in My Computer.

I hope this helps others… It’s a scary thing to have happen. People who create these things are evil, but I know their karma will tap them on the shoulder again (and punches them in the face!!).

By 4Legacy on Aug 11, 2008 | Reply

Okay, I went to everything (regedit, current user, software…) but couldn’t find a folder actually named xpantivirus 2008. I have one that doesn’t look promising or safe though (XBg3fkqpCj). I don’t want to delete it simply becuase I don’t know what it is, but I’m wondering is that a harmful folder and are there any other steps I can take to be rid of this curse?

I originally tried going to ‘msconfig’ and stopping everything with random letters then restared, and tried to backup using restore point. It only had one; an automaic from the day before, but I KNOW I set a restore point about 2 weeks ago. I have the MB set to max (for most available R.P.s) and am out of ideas.

I’ve also been reading a lot of what other people have been saying, but I don’t know who to trust after seeing something like this infecting my pc. Please help if you can. Thank you,

By 4Legacy on Aug 11, 2008 | Reply

Alright, I risked it after reading ‘Kimberly’s’ comment, but it’s still not gone after the restart. I don’t see a pop-up yet, but I still have the “Warning! Spyware” screen that I can’t change.

Aa-s I’m just noticing, the “xpanti” folder is currently in my recycle bin. I’ll delete it and restart again. -praying-

By Marko on Aug 12, 2008 | Reply

Dear all,

I had this Antivirus 2008 problem and since I couldn’t even get to my control panel, I restarted my PC into safe mode and I restored the system to the previous day.

For now, it seems like I solved the problem since everything appears normal.

However, can somebody tell me if I actually removed the stupid thing, coz I’m afraid that its gonna pop up every moment

Thanks in advance to anybody that is willing to help…

By KevinK on Aug 12, 2008 | Reply

I got this problem on my laptop yesterday it appears that these guys have gotten trickier because the virus actually took my admin rights away so I couldn’t even bring up the display properties, never mind using regedit and as other users have said, no search engines would even come up. So I ended up doing a back up of my files and doing a compelete system re-install. Sorry, I wish there was a better way but it seems that this is the only way to makesure it’s compeletly gone.

By LucM on Aug 12, 2008 | Reply

With a twist. I’ve got the XP Antivirus 2008 thing. Would love to try some of the things listed above. Can’t keep my PC on long enough to try though. Something keeps shutting it down after roughly 3-4 minutes from powering on – it then just keeps going through a Restart/shut down down/Restart loop. I think it’s the virus doing it. Am able to eliminate any applications with j0e in the name from task manager as indicated above, but PC still shuts down. Tried disabling Norton but no change. Any advice?

By Chris on Aug 12, 2008 | Reply

I agree with the last post. If you look through the posts on this page over the last few months it looks like this spyware has been changed several times. The version I got starts with rhc, but it seems like a lot people earlier had xpanti something. I deleted the rhc file from the programs folder. You have to enter in the properties and turn off the read only label to do this. This was why I could not delete it from the control panel remove programs screen. Good luck to everyone, and hope whomever was involved in developing this obnoxious spyware is prosecuted.

By Mike on Aug 12, 2008 | Reply

I’ve tried everything and I think I thought I’d gotten rid of the virus, but when I tried to do a system restore, it will not let me change the date to a time when I didn’t have the virus. Any suggestions? The computer itself does seem to be running fine though.

By keith on Aug 12, 2008 | Reply

Thanks for all the info. This was a pain in the arse, but I was able to get rid of this f..ker by starting in safe mode, and folowing the above advice pertaining to RUN..regedit and msconfig. Then delete all files with j0e, as stated. Background and screen saver fix is above too! THANKS!!

By Carl Wenz on Aug 12, 2008 | Reply

Forgot to tell you how to regain access to missing Desktop and Screen Saver Tabs in the Display properties.

Copy / Paste into a txt file and rename it to Show Desktop.reg and run:
———————————————
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“NoDispBackgroundPage”=dword:00000000

;Removes restriction for Local Machine
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“NoDispBackgroundPage”=dword:00000000
——————————————–

Copy / Paste into a txt file and rename it to Show Screen Saver.reg and run:
———————————————
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“NoDispScrSavPage”=dword:00000000

:Show the Screen Saver tab for the LOcal Machine
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“NoDispScrSavPage”=dword:00000000

By mdshell on Aug 12, 2008 | Reply

To get my money back I went to my bank to disput the charges, said “I think my teenage son played on my computer and that I didnt authorize this charge.” it worked!!!
TO GET RID OF ANTIVIRUS XP 2008 I PURCHASED SPYHUINTER3. IT KILLED IT THE FIRST TIME ONLY COST 29.99 WORTH EVERY PENNY.

By Kristie on Aug 12, 2008 | Reply

We got this on our computer from a pop up window, not knowing what it was, of course we downloaded it. Spent several hours trying to get rid of it, the System Restore idea to the day before is what worked for us. Thanks for the help.

By HK on Aug 12, 2008 | Reply

Well, I got this virus on 8/10/08 and have been working like a dog to get it removed. Norton 360 is a joke and only pulls some of it out. At this point, I did all the program file removal, system 32 removals, registry removals and the only remnant is a file named el32.dll and I can’t get the damn thing off. I am committed to beating this thing and will not do a system restore (btw, I can’t, the virus immediately dumped all my restore points) or reload of the OS. Also, what only one person has mentioned is how this bastard virus hijacks your browser ever so slightly. If you do a google or yahoo search and click on your findings, you are taken to some crappy site. That is what is bugging me now. Oh, BTW, did I mention that I can’t do a Windows Update!! I think the virus is gone but is screwing with the browser. Any help would be appreciated. Feel free to e-mail me at kutzler@yahoo.com if you wish. Someone ought to catch and execute the pricks that start this stuff.

The following is what Norton 360 found and resolved. Maybe it will help some of you to find what you are looking for. But, as mentioned, I am still having the browser problem. I will run another scan.

Scan Stats:
Scan Time: 3,441 seconds
Counts:
Total items scanned: 770,285
– Files & Directories: 765,853
– Registry Entries: 489
– Processes & Start-up Items: 3,793
– Network & Browser Items: 125
– Other: 25

Total security risks detected: 4
Total items resolved: 4
Total items that require attention: 0

Resolved Threats:
MalwareProtector2008
Virus ID: 4294907370
Type: Anomaly
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Misleading Application
State: Fully Resolved
———–
12 Files
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\documents and settings\all users\start menu\programs\antivirus xp 2008\antivirus xp 2008.lnk
c:\documents and settings\all users\start menu\programs\antivirus xp 2008\how to register antivirus xp 2008.lnk
c:\documents and settings\all users\start menu\programs\antivirus xp 2008\license agreement.lnk
c:\documents and settings\all users\start menu\programs\antivirus xp 2008\register antivirus xp 2008.lnk
c:\documents and settings\all users\start menu\programs\antivirus xp 2008\uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
69 Registry Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcev9j0e1b1
HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesResolve:…
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->Favorites:…
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\->FavoritesChanges:1
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malware Protector 2008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform->AntivirXP08
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion->rhccv9j0e1b1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhccv9j0e1b1
HKEY_LOCAL_MACHINE\SOFTWARE\rhccv9j0e1b1

Joke.Blusod
Virus ID: 4294909939
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Security Risk
State: Fully Resolved
———–
1 File
c:\windows\system32\blphcj74j0ee8g.scr
1 Registry Entry
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Control Panel\Desktop->SCRNSAVE.EXE
1 Browser Cache

AntiVirus2008
Virus ID: 4294907346
Type: Anomaly
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Misleading Application
State: Fully Resolved
———–
2 Services
XPAntivirusFilter
XPAntivirusFilter
2 Processes
C:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\XP Antivirus\xpa.exe
37 Files
c:\recycler\s-1-5-21-242016712-111795371-1958816670-500\dc2\rhcn74j0ee8g.exe
C:\WINDOWS\system32\config\systemprofile\Desktop\Ultimate Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\SafeStrip.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\SafeStrip.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\XPAntivirus.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\XPAntivirus.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\XP Antivirus 2008.lnk
C:\xpa_log.txt
C:\WINDOWS\system32\config\systemprofile\Start Menu\Antivirus\Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Start Menu\Antivirus\Uninstall Antivirus.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\antivirus-2008pro.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\System Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\WinAntivirusPro.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\Windows Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\WinAntivirusPro.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\Antivirus 2009.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\Ultimate Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\SafeStrip.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\SafeStrip.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\XPAntivirus.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\XPAntivirus.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\XP Antivirus 2008.lnk
C:\xpa_log.txt
C:\WINDOWS\system32\config\systemprofile\Start Menu\Antivirus\Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Start Menu\Antivirus\Uninstall Antivirus.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\antivirus-2008pro.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\System Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\WinAntivirusPro.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\Windows Antivirus 2008.lnk
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\WinAntivirusPro.lnk
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\WINDOWS\system32\config\systemprofile\Desktop\Antivirus 2009.lnk
186 Registry Entries
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->PIDsrc
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Controls Folder\->wmsrcpid
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_USERS\S-1-5-19\Software\Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Antivirus2008y
HKEY_USERS\S-1-5-20\Software\Antivirus2008y
HKEY_USERS\.DEFAULT\Software\Antivirus2008y
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->Antivirus2008y
HKEY_USERS\S-1-5-19\Software\WinAntivirusPro
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\WinAntivirusPro
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\WinAntivirusPro
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\WinAntivirusPro
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\WinAntivirusPro
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\WinAntivirusPro
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\WinAntivirusPro
HKEY_USERS\S-1-5-20\Software\WinAntivirusPro
HKEY_USERS\.DEFAULT\Software\WinAntivirusPro
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus2008y
HKEY_USERS\S-1-5-19\Software\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\SafeStrip
HKEY_USERS\S-1-5-20\Software\SafeStrip
HKEY_USERS\.DEFAULT\Software\SafeStrip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafeStrip_is1
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStrip
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->SafeStripReminder
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SafeStrip
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SafeStrip
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->XP antivirus
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\->XPAntivirus
HKEY_USERS\S-1-5-19\Software\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\XP antivirus
HKEY_USERS\S-1-5-20\Software\XP antivirus
HKEY_USERS\.DEFAULT\Software\XP antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP antivirus_is1
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XP antivirus
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\XP antivirus
HKEY_USERS\S-1-5-19\Software\Antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Antivirus
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Antivirus
HKEY_USERS\S-1-5-20\Software\Antivirus
HKEY_USERS\.DEFAULT\Software\Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
HKEY_USERS\S-1-5-19\Software\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Antivirus 2008 PRO
HKEY_USERS\S-1-5-20\Software\Antivirus 2008 PRO
HKEY_USERS\.DEFAULT\Software\Antivirus 2008 PRO
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-501\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-21-242016712-111795371-1958816670-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
1 Browser Cache

Trojan.Blusod
Virus ID: 17634
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
State: Fully Resolved
———–
1 File
c:\windows\system32\phcj74j0ee8g.bmp
1 Browser Cache

Unresolved Threats:

By Jaz on Aug 12, 2008 | Reply

Well.. I too have been victimized by this piece of crap & Unlike the lucky person above me.. I can’t open ANY of my antivirus programs to even ATTEMPT getting rid of it! No hope for restoring anything.. & I just reinstalled my OS but that’s giving me sh*t too so I give up… I’m about to try the method of throwing my laptop against the wall.. maybe that’ll do it..?

By remtomah on Aug 12, 2008 | Reply

got it Saturday nite and finnaly got rid of it Monday nite used search for files with “j0e” in the name and deleted them. seems to have worked, except now when i power on my laptop i get small screen that says unkown publisher do you want to install I hit cancel and it goes away with no problems. anyone now how to stop this cause it is kinda a pain.

OLYMPIC TEAM USA #1

By Steve in distress on Aug 12, 2008 | Reply

Alright, I see this seems very effective but.. there’s only one problem in my case.. My computer goes into bluescreen right after load and restarts itself resulting in me never getting to the desktop. I got to the desktop a few times before and it seemed as if it stopped my task manager. Halps would be appreciated. D:

By Carzon on Aug 12, 2008 | Reply

Thanks Mike!!!

It really works for me man the stupid farking spyware is totally gone!!!

Way to go!!!!!

By Frank on Aug 13, 2008 | Reply

Andrew, unistall your smart mouth……you hav e NO CLUE. I hope you enjoy it when it gets yours.

By jacki on Aug 13, 2008 | Reply

I am completely computer stupid, but I tried system restore and so far it seems to be working. I hope there is a special place in hell for the jerks who did this!!!!

By ivan on Aug 13, 2008 | Reply

Antivirus XP 2008 took over my computer. I tried your method and I tried system restore but there’s no restore points. This nasty virus erased it and I couldn’t backdate to a good restore point I created last week. Now I am absolutely frustrated.

By jane on Aug 13, 2008 | Reply

what are Tom’s instructions to remove this virus? i cannot find his instructions and need to desperately. can someone tell me please?

By Fat Bastard on Aug 13, 2008 | Reply

I have become a victim of this stupid xp virus. I need help pleazzzze.

By Valli on Aug 13, 2008 | Reply

I couldn’t find any of those entries when I did what you said. Any other ideas?

By Pete on Aug 13, 2008 | Reply

Ive got this stupid anitvirus on my pc now. I have tried to follow TomT’s instructions but couldnt find “xpantivirus” anywhere. I would appreciate some help for a techno phobe please, please, please!

By Paul on Aug 13, 2008 | Reply

I found alot of the little bugger in here…
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP

By Del on Aug 13, 2008 | Reply

After the initial attack, Has anyone also experienced a redirect on a webpage when trying to go to Microsoft’s website, or Norton’s website. I also found that the system tray’s clock has changed as well (24hr display instead of am/pm). I think the attack is worse than before. Regedit entries that need to be deleted have changed to what has been posted here. Oh well, the fight continues…….

By Scott on Aug 13, 2008 | Reply

I recently bought a computer and it came with a trial version of Norton Antivirus for windows vista. The store i bought it from gave me a copy of McAfee total protection, when I went to install McAfee it told me I must remove Norton first. So I went into my add/ remove files program and tried to get rid of Norton but when I did it said it could not find the path and i checked and my firewall says i have no antivirus system but when i try to install McAfee it says to remove Norton still.

By Bob on Aug 13, 2008 | Reply

Damnit. I KNEW this was a fake…I mean, it said I had over 2000 viruses…what?

By georgia on Aug 14, 2008 | Reply

TomT, I tried what you said yet I could not find the files that you stated.

What should I do?

Thank you.

By SUNNY on Aug 14, 2008 | Reply

hey if anybody can help me in getting rid of this antivirus xp 2008 plz mail me.. its really making me worried…from a long time im trying to uninstall it but im unable to do it.everytime i try to do something i get the same dialogue box for every 5 min

By ADENIYI GRILLO on Aug 14, 2008 | Reply

Please take my advice. Any time you buy a computer, BACKUP immidately and very often. Please do an image backup to an external hard drive. BACKUP WHILE DISCONECTED OFF THE INTERNET. BACKUP, BACKUP PLEASE BACKUP.

By Smartblonde on Aug 14, 2008 | Reply

Anyone else recognized that some of these posts right here could be posted by the people who made the virus?.. Clearly they monitor these blogs and change their programs so our solutions do not work. A few false instructions (but which ones?) and we all run in circles picking away at it till we finally buy the frickin’ program from the S.O.B’s… out of sheer frustration… Cheaper than a new computer eh?

Lord I used to be so innocent and trusting… Now I’m suspicious of all… It’s a wicked world out there.

By cammy on Aug 14, 2008 | Reply

T- if you are talking about that “joke bluescreen” that says you have spy ware, this is how I got rid of it.
1.in your hkey_current_users/software/ and delete the sysinternals & bluescreen files.
2. in Task manager see if you locate lphcv1cj0er1q.exe in your processes.
3. run your find program for the same file. put it on your desktop.
4. end it in your processes. then delete from desktop.
DONE!!!!

By Loretta on Aug 14, 2008 | Reply

This is probably overkill but… I’m not sure exactly WHICH one of these helpful tips finally resolved the darn problem! In my case, I think it was a combination of them but I think I FINALLY killed this stupid Antivirus XL 2008 that was really screwing with my computer!

1) Turn off System Restore
Start – All Programs – Accessories – System Tools – System Restore

2) Go to Task Manager
Hit Alt-Control-Delete to bring it up.
Under Applications, end the antivirus application if it is running.
Under Processes, end the antivirus processes if any are running.
*** You may have to go through all 366+ comments to find exactly what it is called and where it is on your computer. I had originally tried to uninstall using the Add/Remove programs function but it just renamed it to rhcab2j0ejbj. I also had other similar .exe files — I could identify them by the ejbj in the name.

3) Right click on Start and click on Explore.
Locate the infected file. Mine was in C:\Program Files.
Select all the infected files and delete them. If you haven’t stopped the processes in the Task Manager. All of my infected files (.exe and .dll) were in a folder in program files named rhcab2j0ejbj.

4) Left click on Start and select Run.
Type in regedit and delete the infected file from there. *** See TomT’s comment #11 dated 3/2/08 and Tina’s comment #52 dated 3/27/08.

5) Left click on Start and select Run.
Type in ‘msconfig’and go to the Startup tab.
Find the infected file(s) and uncheck them so they won’t run at startup.
*** See also Tom T’s comment #11 dated 3/2/08 and Tina’s comment #52 dated 3/27/08.

6) Look for other .dll files causing the problem. Per Kevin Binkley, 4/4/07, under “How to unregister a .dll file in Windows XP or Vista”, comment #17 — Perform a system-wide search for .dll files and locate the infected files. Narrow down your search by date. I looked for all .dll files with changes dated today (when I got the virus). I found setupap1.dll that was created at the time my computer was infected with the virus. I dragged it to my desktop and renamed it with a file extension of .doc. This completely shut down anything that may have still been running.

7) If you have lost your display and can’t get it back… See comment #274 from Crystal_Chicago Connect (7/27/08). (Actually, her comments from start to finish may have worked on my problem if I had seen them before I tried other stuff.) You will need to use Gpedit.msc.

Note: If Gpedit.msc won’t work for you (as it did not work for me), see recommendation from elmo1015 dated 8/7/08 (comment #313). Go to Start – Run and type in regedit. Then navigate to:
HKEY_CURRENT_User\Software\Microsoft\Windows\CurrentVersion\Policies\System.
I had TWO files that I needed to fix:
NoDispBackgroundPage
NoDispScrSavPage
I changed the data value for both of them from 1 to 0.

Turn System Restore back on. See step #1.

I haven’t seen anything this messed up since I got a trojan horse virus about a year ago. And that one was much easier to fix. I think I got rid of everything associated with the Antivirus XP 2008. My display is back, I’m not getting popups and my programs all seem to be working fine now.

Good luck and thank you EVERYONE who made comments. I printed off the removal instructions and comments from another pc today and it was literally an 85 page instruction manual. All of you were very, very helpful!

By Jayhound on Aug 14, 2008 | Reply

OMG! Thank you so much T & Tina, I was pulling out what hair I have left. Having the same trouble as u r Tina on start up, but I’ll take it opposed to the “So called ANTIVIRUS 2008″, more like a “TRIPLE TROJAN/TREMOR WORM MONSTER VIRUS”! Once again THANKS A BUNCH!!!!
Tina on Mar 27, 2008 | Reply
Rip-I’m getting the same thing on my computer too…the system config thingy….I’m sure that happened when we took the xpa off but I don’t know how to fix it.

Also thought I’d share exactly how to do Tom T’s directions:
1. type regedit in the run command
2. open hkey current user and look for xpantivirus, it you don’t see it go to edit and to find and type it in. It was hidden in this area so that is the best way to find the dirty little sucker. then delete that file
3. type msconfig in the run command, then go to startup tab and uncheck ‘xpa’. only thing is when you do this it brings up the system config thing when computer starts up and I don’t know how to fix that.
4. type C:/program files and find xpantivirus and delete it there.
Now that is where Tom leaves it but I wanted to make sure I got it all….go to the search engine in start and look in all files (hidden especially). I found one last xpanitvirus hidden in there and deleted that one.

the only thing that I have left is the xp antivirus in the start and the system config.

By Jayhound on Aug 14, 2008 | Reply

T or Tina, I do have a question. Another problem I’m having on start up, Install Wizard pops up & states there’s a PCI Simple Communications Controller device that needs to be installed, only thing is, i have no new plug/plays or any other type devices. How can this be stopped? lol, it’s been doing this for about 2 to 3 months now. Thanks in advance! I’m running Windows XP

By bignewyorker1169 on Aug 14, 2008 | Reply

THanks to everyone who posts things like this so wwe can help one another. I wish i could find out who started this virus so i could make them pay for all the time and agravation they caused me!!

By Shane-Rico on Aug 14, 2008 | Reply

There are actually different names for the file folder for this virus. In every file containing files for this virus, there is a readme file. To find these files, click on start, and open My Computer, or Open My Computer on your Desktop. In My Computer, click on C: and then click Program Files. The file is some where in the Program Files. Open every folder and look for a Readme file or a text file. Once you open the file, read through it thouroughly to see if it says Antivirus XP 2008 or something along those lines. If it does, then that is the name of the file. Once you find the file that it is in, click start, and then run. In the space next to where it says open, type regedit. In the registry editor, there will be a folder labeled HKEY_LOCAL_MACHINE. Click the + sign next to that folder and then look for software and click the + next to that folder. In the Software folder, look for the name of the file that you found in Program Files. Delete that file and delete the file in the Program Files folder. Restart your computer and then run a virus scan. If you do not have “REAL” anti-virus software, you can sign up for a free AOL account, and then get McAfee. Otherwise, you can download the software from reputable sites. When you run the virus scan, make sure that you are disconnected from the internet. I hope this helps the people that can’t find the suggestion that Tom T gave us.

By kel on Aug 14, 2008 | Reply

hey can someone help me out? i tried to do what TomT said to do but for some reason i cant find the xpantivirus under software and for some reason i dont have ‘xpa’ in the startup. helpp please T______T

By Hali on Aug 14, 2008 | Reply

THANK YOU

I JUST GOT THIS STUPID THING TODAY, WENT DIRECTYYL TO THIS WEBSITE AND ALL OF YOU HELPED ME SOOOMUCH!!!
I WOULD HAVE BEEN IN SOOO MUCH TROUBLE IF I HAD GOTTEN A VIRUS ON MY COMPUTER!!!!
THANKSSSSSSSS AGAIN!!!!!

By Mo on Aug 15, 2008 | Reply

Thank you all so much! With your help (specifically TomT, Crystal_ChicagoConnect & Loretta)! Your help saved me many tears and a nervous breakdown. As far as I can tell everything had been removed and my computer is its old self again!

By Jayhound on Aug 15, 2008 | Reply

I haven’t read all posts/replies, but does a’one know why Norton doesn’t detect the Antivirus 2008 virus? I have the latest version of Norton 360 & I’m disappointed it didn’t detect this.

By Jack S on Aug 15, 2008 | Reply

I’ve tried Tom’s way, I’ve tried the task manager way. Neither of them seem to work. Is there any other way to get rid of it without downloading anything?

By Naz on Aug 15, 2008 | Reply

Hey TomT,

Ur our saviour!!! Thanks so much- I finally got rid of the of it all! For everone who cannot find XPA- try looking for WAV[short for Windows AntiVirus] and UAV[Short for Ultimate Antivirus] in your start up. You need to look for same in C: Program file as well. I guess these are the latest versions since Tom’s Suggestions were posted. Good Luck!! And Cheers to TomT again!

By gary on Aug 15, 2008 | Reply

This virus sucks bad. Easiest thing to do is remove the startup files, they will be a couple of random strings.exe’s located in windows/system32 and then you might have one located in program files\r34256lkjsadhg nonsense. unmark them, boot, run malwarebytes from malwarebytes.org (best software i’ve found so far), and it usually kills it, then restart and see if it deleted the program files\2346;lkjhdsf;g random string folder, it should. run malwarebytes again to make sure that’s the only thing infected, everything should come up clean, it will clean out the registry too.

By John on Aug 15, 2008 | Reply

I had this problem pop up today and can’t fix it! I’ve tried (i’m not good with computers) what TomT said and what others said, but it’s not working. can someone help?

By AndySKane on Aug 15, 2008 | Reply

If you can’t change your desktop possibly your
desktop tab in display properties is missing.

From the Microsoft website:

to restore it, in the registry, goto
HKCU\Software\Microsoft\Windows\Current Version\Policies\System

Check that none of the keys have a value of 1. They should all be 0

NoDispAppearancePage
NoDispBackgroundPage
NoDispScrSavPage
NoDispSettingsPage

By Shane-Rico on Aug 15, 2008 | Reply

There are actually different names for the file folder for this virus. In every file containing files for this virus, there is a readme file. To find these files, click on start, and open My Computer, or Open My Computer on your Desktop. In My Computer, click on C: and then click Program Files. The file is some where in the Program Files. Open every folder and look for a Readme file or a text file. Once you open the file, read through it thouroughly to see if it says Antivirus XP 2008 or something along those lines. If it does, then that is the name of the file. Once you find the file that it is in, click start, and then run. In the space next to where it says open, type regedit. In the registry editor, there will be a folder labeled HKEY_LOCAL_MACHINE. Click the + sign next to that folder and then look for software and click the + next to that folder. In the Software folder, look for the name of the file that you found in Program Files. Delete that file and delete the file in the Program Files folder. Restart your computer and then run a virus scan. If you do not have “REAL” anti-virus software, you can sign up for a free AOL account, and then get McAfee. Otherwise, you can download the software from reputable sites. When you run the virus scan, make sure that you are disconnected from the internet. I hope this helps the people that can’t find the suggestion that Tom T gave us.

By John on Aug 15, 2008 | Reply

Can someone help a non-computer person with this problem? I’m trying the different solutions but having no luck

By andrea on Aug 15, 2008 | Reply

This thing is wicked. What do you do when you can’t get past the desktop and system tools is no longer listed. This is my laptop and I am ready to go postal. When I can get to the add/remove programs, it doesn’t seem that there is anything there that shouldn’t be. Where is it? I’m seriously going nuts, please help!!!

By kellie on Aug 15, 2008 | Reply

Help I cant find Tom’s posting to get rid of this virus

By bignewyorker1169 on Aug 15, 2008 | Reply

how do yo uget your background and screensavers back???

By Peter on Aug 16, 2008 | Reply

Kellie, it is from the 2nd of March, checck the top of this long list. However, It seems like the lately attacks from this “antivirus 2008″ is more clever. Toms helpful lines does not work in my computer. I have no such files to erase.
Rgds
Peter – Sweden

By maricris soltura on Aug 16, 2008 | Reply

i try another anti virus

By Shane-Rico on Aug 16, 2008 | Reply

I’m telling you guys, use mine. The creators of the virus made it so Tom’s solution does not work.

By B on Aug 16, 2008 | Reply

Hey all, I just did Tom T’s advice and it worked, however there was no xpantivirus in the current users. It had renamed itself as rhc75dj0elac. I hope that helps you.

By Loretta on Aug 16, 2008 | Reply

I only have one problem left and I’m not sure I’ll get it to go away but I figured if anyone could tell me how, it was y’all.

When I’m not using my pc, it goes to the “blue” DOS screen and tells me that I have something configured wrong because of installation or uninstallation of a file in my configuration and I need to go into Safe Mode to change the files to what they were. Obviously, I don’t want to do that!

My system is working fine now but does anyone have any suggestions on how to fix the error message I’m getting to get rid of the blue DOS screen?

By Loretta on Aug 16, 2008 | Reply

When Tom T’s advice from 3/2/08 doesn’t work, try instructions from Crystal_Chicago Comment dated 7/27/08. And if your display or other “Appearance” tabs don’t return, see comments from AndySKane dated 8/15/08. If you just look at comments from these guys, you should be able to get rid of the XP Antivirus.

And I agree with JayHound…
more like a “TRIPLE TROJAN/TREMOR WORM MONSTER VIRUS”!

By gabe on Aug 16, 2008 | Reply

Hi, i was recently infected with the antivirusxp and i just went through this forum and the older posted info doesn’t apply to this version of the virus. Can someone tell me how do I get rid of the program and restore my background to its original state. A help from Tom T or something who understand the virus would be great. Also, what B said about the virus renaming itself is true but now its calling itself or itselves “rhc1g6j0er0l” and “lphc5g6j0er0l”.

By Michael on Aug 16, 2008 | Reply

I’ve done some research, because it seemed like a lot of people were having issues with this virus. There are multiple version of the virus with the same front end. That’s where the confusion is. If you contracted the virus and the above doesn’t work, try this:

Right click on the desktop icon for XP Antivirus 2008. Go to properties and look at what the target field that the shortcut is opening. Now it’s simply a matter of opening a command prompt and typing “del “c:\program files\[folder from target]” and it should resolve the problem. There will still be registry values though, but the virus is “gone” so to speak.

By Laura on Aug 16, 2008 | Reply

Thanks to all of you for these posts. I actually have SpyHunter 3 and it deleted it. However – for the life of me, I cannot figure out how to change my background and KEEP it that way without it going back to the white screen with the virus message. I have tried everything mentioned here and as soon as I think I have it… no. It’s very frustrating!!!!

By RobC on Aug 16, 2008 | Reply

I just followed Shane-Rico’s instructions from yesterday and they worked fine. I’m virus free,(lost a couple hours of my life but it’s better than a kick in the face I guess). they were pretty easy instructions to follow. Thanks Shane!

By John Dickson on Aug 17, 2008 | Reply

I’m not a computer geek but there is a program call HijackThis With this program you should be able to delete some of the unwanted files. I hope this helps

By Vlady on Aug 17, 2008 | Reply

Antivirus 2008 XP got into my computer this morning. I tried almost all the advices here. The result is still the same. I need help badly.

By kel on Aug 17, 2008 | Reply

hey guys i had the same problem and for now it has disappeared or it hasnt popped up again. anyway i just wanted to inform u guys that the file containing the antivirus scam was a little different becuase mine was named: rhc5ofj0ee3g. there was also another file named lphc1ofj0ee3g but im not so sure about that one.

By Bob K on Aug 17, 2008 | Reply

This horrible thing came up yesterday while I was reading olympic news and I was jumping between sites cnn, MSN and USA Today. Not sure exactly what I hit that started it but I ended up with a constant big block on my computer that said I needed to fix a virus. Antivirus XP 2008 would run every time I restarted my computer and some other iritating items would pop up every minute or two. Its gone now but I did a few things. First, thanks to Tom T and Shane-Rico and other who left info. here about what to do. My virus was in a c: program file called rhcvc6joej59. It was about 2.64 meg in size and when I looked at the file Icon it looked likethe Icon that came up on my lower right coner of my screen from which the (fake virus program) virus would tell me I had 1331 problems. I used the advice on this site and unchecked the block I got to with the msconfig and run command. Thus, I unchecked rhcvc6j0ej59. I ran Norton 360 which got rid of some parts of the problem, something called Tojan Horse and Trojan bytes and Trojan.vundo. There were four items found when I ran Norton ofrf line and another 5 when I downloaded new updates to Norton and ranit again offline. But as folks here have said Norton isn’t the complete answer by a long shot and the advice of Tom T and Shane-Rico in this comment string were essential for me to get things back to almost normal again. I still don’t have my screen saver back to normal but the virus is not causing any problems now. I do have a block checked in msconfig that is similar to what “Gabe” mentioned yesterday as a problem area, I have iphcr6joej59 checked and I wonder if that is part of antivirus XP 2008, even though I don’t have problems at the moment. Well thank God for sites with comments like this that were able to help me work this out. Bob

By rouzbeh on Aug 17, 2008 | Reply

pl. sen info

By themodefanatic on Aug 17, 2008 | Reply

DAMN PROGRAM. NON of those files are on my computer. NONE. and still won’t get rid of screen when you start up that says “your computer is infected please install program” HELP. Downloaded all programs listed and didn’t help the only exe file that keeps loading every time I start windows is some lch…..8j0111.exe file HELP>

By Bebeep on Aug 17, 2008 | Reply

This thread worked great. I have one additional problem I can’t solve. When I hit CTRL – ALT – DEL I do not get the tabs on the top of the box which shows performance etc.

Can someone tell em what I can do to restore that?

Thanks

By Antwan on Aug 17, 2008 | Reply

whoevr made this stupid program is a real idiot., stupid prick >:@

By Laura on Aug 17, 2008 | Reply

I am now dealing with the blue screen popping up. That and everytime I turn the computer off, I lose my tabs again when I click on display. That doesn’t bother me though. My computer seems to getting back to normal though… anyone have any info on how to get rid of the blue screen that pops up?

By alaina on Aug 17, 2008 | Reply

I am trying to follow Shane’s directions. When I go to “Program Files” it tells me that they are all hidden.

By Ben on Aug 17, 2008 | Reply

THANK YOU Shane-Rico!!!! It worked. My problem was in a rhc…j0e… file also (like BOB K.) It only took 2 hours to fix. Someone needs to hunt down these a-holes and string them up

By Peggy on Aug 17, 2008 | Reply

The best advise for me in getting rid of this problem was Mike W May 10 and Mike June 26th.

I started my computer in safe mode, clicked on program files and then did a search for the file antispyware 2008 xp, then I deleted the file and restarted my computer in normal mode and so far the antispyware is gone. Thank God. Try this way as the other ways did not work for me.

By dee on Aug 18, 2008 | Reply

ok i was having trouble to look in the registry and the new filename was rhcc something or other.

By james on Aug 18, 2008 | Reply

can anyone help me by getting this blue screen that says “warning” off and my orginal screen saver back?

By eric on Aug 18, 2008 | Reply

i dont even have a run under start. i cant even get to my programs. what can i do. a lot of my files on the desk top are missing and virus warning every second. My pc time also has the time and VIRUS ALERT! Please help

By Stan on Aug 18, 2008 | Reply

Right click anyplace on your desktop where there aren’t any icons. Then click on ‘properties’, then click on ‘desktop’. Select any one in the list or click on ‘browse’ to go to a folder on your computer where you have pictures that you may want to have for a desktop. Click ‘ok’ & the Antivirus XP 2008 bogus warning should be gone.

By Dan on Aug 18, 2008 | Reply

Ya, get a new computer. Good advice stupid.

By Denis on Aug 18, 2008 | Reply

XP antivirus 2008 conceals its presence by copying files unto your hard drive under a bogus directory name. Open your C:\ProgramFiles directory. If you find a folder whose name is a string of characters starting with the letters “rhc” , that’s the XP Antirus directory. Delete it. I had to boot up in Safe Mode to be able to access and delete this directory. You get into Safe Mode on booting up. In the right hand cornder of the screen as soon as you see F2 and F12 appear, tap your F8 key once or twice. This will take you to a boot up menu where you can select Safe Mode. Also before you try locating this “rhc…..” folder (periods are variable characters, the folder always starts with rhc). make sure hidden files and folders are viewable. To do this open any folder on your C:\ drive, then click on “tools” then “folder options” and finally click on the “View” tab. Check to see that under files and folders that the “Show hidden files and folders” is selected. After deleting the rhc… directory you might want to get rid of it in your registry, too (although it’s harmless there once you’ve deleted its home directory. Click on your start button, then click on “run.” Type in “regedit” (without quotation marks) and press enter. Click on HKEY_LOCAL_MACHINE then click on Software, you’ll find the rhc… directory key listed there. Delete it. Hope this helps.

By marissa on Aug 18, 2008 | Reply

the ‘desktop’ tab under properties is missing.

how do i change the wallpaper?

By kkoki on Aug 18, 2008 | Reply

I also got the antivirus xp 2008 virus today. I got rid of it by Ctrl+Alt+Del and under processes deleted a file called “rhccpqj0ee0n” and then found the a folder by the same name in program files and then deleted that. I don’t have the little pop up that tells me to scan my computer 2983479284732 every second. Hope this helps for those that read the entire post and was going crazy for not being able to find the “antivirus” file and/or the “xpa” file.

By Derek on Aug 18, 2008 | Reply

I can’t use task manager (ctrl+alt+delete) because it says the administrator has disabled it. I can’t add Adaware spyware protection and removal because of the same reason. I can’t go to control panel because when I hit Start it shows a window significantly smaller than before and without the control panel option. Pretty much all I can do is turn the computer off from the Start menu. Now what?

By Derek on Aug 18, 2008 | Reply

Also, I cannot access my hard drive through My Computer – it’s missing. And there are no Program Files to go into because that option is also missing.

By AORA on Aug 18, 2008 | Reply

A computer in my company fell to the Antivirus XP 2008 today, it came in trough an email saying “a friend has send you an e-card …”.
I fount and removed the entries from the registry and deleted the folder created in the “c:\program files\rhc7nsj0e57c”. The actual virus was hiding in “c:\windows\system32″, it had the file name lphcp7fj0e9d9.exe

By Calin on Aug 18, 2008 | Reply

Kill process, delete files then registry keys in safe mode. Also remove any entries from startup (msconfig).
There is no way to uninstall this program with traditional methods (IE: through the add remove programs).
There is no uninstall, you must be brutal.

By Lee on Aug 19, 2008 | Reply

I have spent over 2 hours to read and print all the experts’ comments so that I can start doing the fixes on how to get rid of this evil and get my system back to normal. I wish one of experts would be kindly enough to write a complete fix instruction how to remove, get back the background and screensaver tabs, get back original wallpaper instead of the blue screen and etc.

Restore will give a clean system but it may not be a good option for some user with a lot of applications/programs.

By Dil Bahra on Aug 19, 2008 | Reply

I can’t seem to get Antivirus xp 2008 off my computer.

Can someone tell us please if purchasing Spyhunter software mentioned on this page is reliable and will do the job for me.

Thanks

By cte on Aug 19, 2008 | Reply

how do i uninstall it?
since it was installed n my pc, a lot of virus were detected…and its giving me really a headache…

By Misty on Aug 19, 2008 | Reply

Can someone please talk me through the removal of vista antivirus 2008.I have tried different things and its not working.Honestly do not have the money to get my pc fixed so if anyone can help me I would appreciate it.

By cheryl on Aug 19, 2008 | Reply

You have to pay for spy hunter because ive just tried it. I tried Tom T’s solution..didnt work. Im trying everything and no solution and its making me angry. Can anyone help me get rid of it?

By Lindsey S. on Aug 19, 2008 | Reply

VIRUS REMOVAL FOR DUMMIES LIKE ME!

Ok everyone, I appreciate all of your comments on how to help remove this crazy thing! Not one alone worked, a combination. I will try and help everyone else out! So, go to your start menu and mouse over the XP program that was “installed”. It will tell you where it is located. Mine was at C:/Programs/Files/rhc7aoj0ea8g. It was a hidden file for me when I was trying to find it on the registry and I don’t know how to find hidden files. After this, hit ctrl+alt+delete. It will show you the task manager. Click on the processes tab. End every process with that similar extension. Mine was rhc7aoj0ea8g.exe, lphc3oj0ea8g.exe and one other file. It will tell you that you can harm your computer by ending the process, but do it anyway (I honestly thought I couldn’t mess the computer up any more by doing it!). Now, hit the “start” button and search. Hit “All Files and Folders”. In “All or part of file name” copy and paste or type that file extension. For me it was “aoj0ea8g”. Hit “more advanced options” and make sure “search hidden files and folders” is checked. Hit “search”. You’ll now want to right-click and delete every file that the search found. Now, go to the recycle bin and empty the trash – right click on the recycle bin. Next, hit “start” and control panel. Hit remove XPAnti and it will let you remove it. Now, go to the “start menu” and remove the icons for the program. Do the same thing on the desktop. Next, empty the recycle bin one more time. Retart your computer and run a virus check. This will have removed everything and you are good to go! Your Desktop might still be Microsoft Blue, but you can change the desktop. Good Luck Everyone!

By Ryonez on Aug 20, 2008 | Reply

It seams that they have started using a folder called vav in programfiles,

P.S. you should explain how to restore some of the sys functions, i.e. I lost the use of cmd, tmg, accesse to My comp, etc.
This is a very nasty virus.

By Sam on Aug 20, 2008 | Reply

I’ve deleted xp antivirus but still have a windows warning message on my desktop, does anyone know how to remove this?

Thanks

By Drew on Aug 20, 2008 | Reply

Lindsey, I followed your advice but I still can not remove “antivirXP08″ in the add/remove programs window.

I still have problems here.

By barb on Aug 20, 2008 | Reply

how did you rid your computer of antivirus xp2008

By Emily on Aug 20, 2008 | Reply

Has anyone else figured out how to fix the background? AndySKane gave one, but that didnt work for me… Any more ideas?

By Erik on Aug 20, 2008 | Reply

Wtf, how come this isn’t working?

By Drew on Aug 20, 2008 | Reply

Seems like i have most of the virus gone.

I still have pop up internet browsers and Istill have a little icon down by the clock.

What did I miss?

By Lindsey S. on Aug 20, 2008 | Reply

Drew,

Did you search all of your hidden folders? If not, it may not have gotten everything. Let me know if this works and I’ll check back tommorrow. Also, check the the process tab as well on ctrl+alt+delete, maybe you didn’t get all the processes ended?

By Jordan on Aug 20, 2008 | Reply

Hey Tom I read your post and well ive been trying to get rid of Xp Antivirus for a while and ive dealt with viruses before so i just Search And Delete and it didnt work this time so i tried your way but since i deleted the registry file it didnt show up in software so do you have any ideas what i can do?

By Jordan on Aug 21, 2008 | Reply

I did the same thing as you and i tried deleting all the files before hand and now i cant activate the “Help” thing so im wondering where you re-downloaded this b**ch of a virus?

By Jordan on Aug 21, 2008 | Reply

I’m really pissed at this virus and I may have to get my hardrive wiped because a. I’ve tried all methods listed here and they haven’t worked for me. b. I didn’t know about system restore on my computer so it was enabled. c. I’ve wanted to wipe my hardrive so that i could start over again on my comp and start with a lot of space instead of having all these extra files that programs leave behind they are removed. If anyone else has any ideas on what i should do than please tell me.

By girish on Aug 21, 2008 | Reply

is it good to download coz in my pc i c viruz every 5days

By girish on Aug 21, 2008 | Reply

hey is the antivirus is good to download

By A Purcell on Aug 21, 2008 | Reply

I have perchased antivirus xp 2008 not been sent license yet Ihave sent about 15 Emails no reply just keep geting stupid xp popups every 5 seconds to sighn up right away its a joke

By Hank on Aug 21, 2008 | Reply

These people should be in jail. How do we find them.
I finally got rid of it by restoring my puter to an earlier time.

By Jan on Aug 21, 2008 | Reply

Whoever invented this should be tarred and feathered! It appeared out of nowhere on my system this past Monday evening. It totally locked up my system – I couldn’t end task, remove it, or even connect to the internet – my only recourse was to do a PC restore (luckily its built into my PC) or re-image! It took over six hours to run that, and then Disk Defrag and cleanup and then try to recover lost apps and lost configurations. Talk about a pain – I’m just grateful I didn’t have any information that I needed or I’d have been in big trouble

I don’t know where this came from or how I got it, but I have taken precautions so that this doesn’t happen again. BEWARE!!!

By PO’ed Web Developer on Aug 21, 2008 | Reply

I have this pesky virus, too. I will lick this thing but since these f’ers caused me this hassle I will be launching an attack on them in an attempt to bring their site down. If I hammer out a method I’ll post it here so we can overrun their server. Gotta go pull wireshark out now…

By PO’ed Web Developer on Aug 21, 2008 | Reply

Hank, If I find them, i’ll let you know how. I am going to launch an attack on them of my own – i suspect they have set up a proxy that is doing the browser redirect…

By Nath T. on Aug 21, 2008 | Reply

when I open regedit and HKey current user, there is not xpantivirus and when I type misconfig no xpa at startup, HELP
These bastards should be cruxified

By Lugano on Aug 21, 2008 | Reply

Tom T’s suggestion worked for me but then a couple of days later the virus came back with a vengeance. I tried Tom D’s/Dina Tequila’s suggestions and it has worked thus far! Thanks for all who have take the time out to vanquish the electronic demons from my thinking machine. It is much appreciated. I hope everyone has a virus free life and remembers to take their electronic vitamins!!

By Lugano on Aug 21, 2008 | Reply

One question guys: when I’m on the internet my sound does not work since this whole debacle. Anyone know of any useful tricks? (The sounds is perfectly fine off-line)

Thanks

By eileen Miller on Aug 21, 2008 | Reply

this virus totally infected my hard drive and destroyed it. Luckily I have an external hard drive as a back up, but it still cost me approximately $400 to get back and running. I was forced or tricked into buying the XP08 antivirus with a credit card, so now that and my entire credit file has been compromised. I stopped payment and can you believe that they have actually been calling me from XP 08 to see what the problem is? Has anyone sent their report to the Dept. of Justice?

By danny millan on Aug 21, 2008 | Reply

lmfao so today or yesterday for thsat fact i got the antivirus 2008 idk how i got it… i got it for the second time… last time i just re did my WHOLE comp cuz it wiped out my internet my win32 wudnt load lol
so ima have to do the same grr lol one weekend down owell lol
i guess its worth it lol cuz i cant even turn on my computer for 10 minutes without it crashing if ur wondering why or how im on atm its cuz im on safe mode lmfao

By Maizy Star on Aug 21, 2008 | Reply

FUP U ANTIVIRUS S**T!!!!! My mom opened Anti-Virus XP 2008 and scanned her compy without asking her computer wizard almost 11 yrs old daughter. Excuse me 4 the bad lingo. Anyway, notice how Vista Anti has the top (or where they have the closing and stuff buttons) as an XP, and Anti XP 2008 has the top of a vista. I have NOOOO idea of the other oneeee. Anyway, my Mom and I had the Freak scared outta us. BTW, PLZZZ NO SPAM IF U GO TO MY SITE!

By Aimee on Aug 21, 2008 | Reply

I need lots of help. Okay, I have NOT downloaded Antivirus 2008. However, there are pop ups on my computer urging me to in addition to an icon on my toolbar telling me that I need to install it. I’ve tried everything, included all of the above suggestions. I cant unregister the dll files through any of the methods listed above. I have been going crazy!

I did find the dll files w/in my computer but it wont let me modify them at all. There is nothing in my task manager that looks like it could be Antivirus 2008 and no programs to be removed (that I could find at least). Please help!

By Bob O on Aug 21, 2008 | Reply

Denis’ solution has apparently worked. I have been also able to uninstall Antivirus xp 2008 in the add or remove operation. I have removed the rhc program from the recycle bin.

I stoill get a yellow and blue alert on my desk top so something is still lurking somewhere.

Any other suggestions?

By Tom L on Aug 22, 2008 | Reply

I killed some weird processes from windows task manager, then run yahoo Anti-Spy and removed all detected virus, and it WORKED!

By Tom L on Aug 22, 2008 | Reply

Please tell me if my information worked thank you!

By Bob O on Aug 22, 2008 | Reply

In trying to get rid of a file beginning with lphc I get an error message:
“anot complete delete lhc…cess denied. Make sure the disk is not full or write protected and that the file is not in current use.”

How do I override that? Bob O

By Bob O on Aug 22, 2008 | Reply

Task Manager: I hate to ask this but what is that??? -Bob

By Bob O on Aug 22, 2008 | Reply

Someone said they spent four hours getting rid of this damned thing. I’ve spent at least that. Tom’s directions on June 23 were very helpful. Fix It Manually on July 10 were very helpful in finally getting rid of the blue yellow warning box on the desk top which many have had difficulty finally removing. As Tom, I think, suggested I also downloaded the free Yahoo Anti Spy program.

One suggestion: For those who are advanced in your understanding of the Windows Operating System. Please use language that we who are less knoledgeable can understand. Be very specific. Thanks to all of you who we a help to me. I gained a little something from many of you. Bob O

By Tom L on Aug 22, 2008 | Reply

I am a professional computer engineer. YOu can ask me any questions about this, my daughters computer had this virus, and i immediently removed it using theTask Manager with some weird looking things that I didn’t see before.

Please ask me any questions, as I will be checking this everydy/

By Tom L on Aug 22, 2008 | Reply

moderator, please remove my previous message, thanks!

>By Tom L on Aug 22, 2008
> I am a professional computer engineer

By Ann A on Aug 22, 2008 | Reply

Tom and Dina, your directions were very helpful. Between you and two virus/anti-spyware programs I think I finally got rid of this.

This is going to seem minor, but has anyone figured out how to get the wallpaper and screensaver back?

I had system restore on my computer, but somehow all the restore dates were erased. I’m wondering if this is a new feature of this virus.

By Ann A on Aug 22, 2008 | Reply

Hey, just found my answer on another part of this site!

Thanks to all for posting this information!

http://www.xp-vista.com/spyware-removal/warning-spyware-detected-error-message

By goomoon37 on Aug 23, 2008 | Reply

i just deleted Antivirus 2008 XP but a “You gave security problem thing is still keep on appearing.. this is where i got Antivirus 2008 XP do anyone know how can i get rid with this crap.. tnx

By Hannah on Aug 23, 2008 | Reply

Hi

I’ve got the antivirus thing popping up on my laptop and was going to follow your manual deleting process but hit a problem. I can’t find the back slash key on my keyboard! I know this sounds dumb but my HP dv1005 has a wierd keyboard setup and I’ve tried to change the language and I don’t know how to make the keys do what they say! I’ve tried googling the problem and can’t work our what to do. My keyboard is set to US and when I change it it doesn’t make the keys change! totally irrelevant to this threas but I really don’t know what else to do!

x

By Dark Star on Aug 23, 2008 | Reply

So far as I can tell I’ve managed to get rid of XPAV (with the help of this Board) except for one lingering effect That I know of): the “search result redirection” issue.
This occur(ed) with Google using Firefox (Yahoo & AltaVista aren’t affected).

But wait…
Then I brought up IE and got the exact same result.

But NOW, I don’t get the result with FireFox.

So at this moment, only Google’s search results are redirected and only with IE.

Note: I’m not sure “redirected” is and accurate term here. When copy/paste the actual url from the search result(s)item the actual urls all begin with, “go.google.com/?u=…” and end with “11.691.111.46″ but they all end up landing on a different ’seach page’ of one sort or another.

Does this information narrow anything down to a more specific remedy?

By Dark Star on Aug 23, 2008 | Reply

Wrong -

The end result of my last post was apparently due to both browsers (FF & IE) running at the same time.

Now that IE is closed the original result remains with Google using FF.

???

Any ideas?

By Stan on Aug 23, 2008 | Reply

Antivirus XP 2008. I picked the malware by reading the Seattle times Newspaper without knowing.It was a pain in the rear. Tried everything,No help. I have Norton 360 all in one. Tech support wanted $100.00 to fix issue.
I just installed 360 a week before.To get rid of it I firgured it out on my own. It was in the start-up menu. XP i have. Run,open Msconfig only check mark’s RECGUARD,KBD,CCAPP,CTFMON. Reboot, that got rid of it without buying a program.
Stan

By Stan on Aug 23, 2008 | Reply

Explain myself better. I have the xp system.Go to start,run. Type in msconfig,click on start-up, uncheck everything but Recguard,KBD,CCAPP,Ctfmon then reboot system. I hope this will work for you. It did for me.
Stan

By Ray on Aug 23, 2008 | Reply

Did you find out how to get back all the tabs on your display properties dialog box and did you find away to restore “System Restore” so that you could roll back your system. I was able to remove the BSOD.SCR’s and fake background but, my General and Background tabs haven’t come back.

By Brian on Aug 23, 2008 | Reply

hey i got the windows xp antivirus 2008 and i own windows xp professional on my laptop and i’ve deleted all things related to it and i still have the blue background saying i have spyware/malware (how do i get rid of this ugly background)[also everytime i boot up a pop-up shows saying ithat it tried to install something and it's already installed! Help with these topics please!(preferably TomT)[but anyone may help if you know what you are doing!] Thanks contact me here or on my myspace or on my e-mail: monster123@netscape. com

By gabriela on Aug 23, 2008 | Reply

het tom i can’t find the xpantivirus thing in the registry……..is there another name…….please help.i’ve tried everything but nothing has worked……

By Andrew on Aug 24, 2008 | Reply

I searched for any files with “antivirus xp” in the search for files. I found 6 total, I could only delete all but 1. Once they were gone I did a system restore to a time I knew I did not have the virus. Then I did a system restart and it was gone. It took about 10 minutes….. Good Luck

By Lou on Aug 24, 2008 | Reply

I need help removing antivirus XP

By Ball Kicker on Aug 24, 2008 | Reply

You ought stand in the line and get kicked in the balls buy everyone one who has this headache like the guys who made this BS

By Mike on Aug 24, 2008 | Reply

oh I paid him $25.00 and it took him about an hour to finish

By Katherine S. on Aug 24, 2008 | Reply

I followed the instructions on Lindsey S. post on Aug 19, 2008 and it worked I’m so happy.
but in my program files I still have the rhctlrj0e5dt file, I didn’t know if I was suppose to delete that or leave it. If anyone knows and I mean actually knows not guessing please help………Thanx

By Stan on Aug 24, 2008 | Reply

GO TO START MENUE. RUN msconfig check start-up and uncheck everything but RECGUARD,KBD,CCapp,Ctfmon. see if that helps.
Stan

By billybo on Aug 25, 2008 | Reply

i tried all this but my program files disappeared altogether

By Brian on Aug 25, 2008 | Reply

Tom’s notes worked for me, but with a couple of exceptions. In the registry, because I was in safe mode under administrator, I had to choose HKEY Local Machine instead of Local user. Also in programs, it wasn’t xp antivirus, but some random name it called itself. I also found that name plus one almost identical in MSCONFIG, and I uncheked them… otherwise all good! I would also recommend running a legit antivirus and antispyware after doing this. Also being in safe mode is critical. I would also consider running ccleaner after you are done… you can get that from File hippo.. it will help clean up the registry mess and any other broken links left over… probably clean up some space on your hard drive too. I have been using it for years and no problem, but I always backup first!

By denwc on Aug 25, 2008 | Reply

got the antivirus today after a power outage! embarq said to remove manually the files, i can’t find them………? (this will take forever!)

By PK on Aug 25, 2008 | Reply

I did a systemrestore to a few days before I got AntiVirus08, like an hour after I got the virus. It seems to have worked. But have anyone noticed any “leftovers” or reoccuring problems after systemrestore?

Please, take som time and answer a fellow man.

Thanx.

By Dave on Aug 25, 2008 | Reply

The Antivirus XP 2008 has driven nuts all week. I think I elimated it, however, when I start up my PC all I have is my favorite wallpaper. The Application Files are missing from the left side of my screen and the tool bar on the bottom is missing.

I have had a little direct help and was told to go to the Task Manager, then through the CMD

I am able to run files through Windows Explorer only.

Any suggestions.

By shafeeq on Aug 25, 2008 | Reply

antivirus xp 2008 is f**k…somebody help me how 2 remove antivirus xp 2008….

anything manner to remove manual or automatic

email me

redzaeishafeeq@yahoo.com.my

By CST on Aug 26, 2008 | Reply

AND MAKE SURE YOU TURN OFF SYSTEM RESTORE! You can delete it in safe mode, but if your still having problems, download a freeware uninstaller for windows.

By JM on Aug 26, 2008 | Reply

Thanks this worked for me too.

By joan on Aug 27, 2008 | Reply

Please help.
I have not downloaded antivirus xp 2008 but I have the Spyware pop up on the screen and my wallpaper has dissapeared (got this mon 25th aug).I get the blue screen first then it turns white. In order to do any of your suggestions do I have to install it first? The licence message says install now.
So I have the pop up and the licence message.
I have tried Toms suggestions but cannot find the xpantivirus file?
I did try to restore but it will only let me restore the current day. If I can download spyware or Mcafee does this get rid of it?

By Arjayty on Aug 27, 2008 | Reply

Hi,

I followed the instructions and removed the files, amened the registry etc. Now all I get when I start my computer is a blue screen – no icons, no task bar nothing. I can get task manager with ctrl, alt, del. Has anyone got any idea how I can get my desktop back.

Thanks

By Dave on Aug 27, 2008 | Reply

I am having the same issues as ARJAYTY, the only way I can operate my PC is through the Task Manager. My Taskbar and Start Menu is not accessable through the Control Panel.

Any suggestions.

Dave

By lovexo on Aug 27, 2008 | Reply

okay so i already got rid of the program through safe mode.. but i cant seem to get rid of the desktop background…

By Chris on Aug 27, 2008 | Reply

@ Dave, If you havent Figured out whats wrong, it sounds like Explorer has Stopped running.

If after a restart, it looks the same, try this

Open your Taskmanager (Ctrl + Alt + Delete)
On top click File > New Task (Run…)
Type “explorer” without the Quotes, and press enter.

Something got unchecked somewhere, or you deleted too much somewhere.

By Car on Aug 27, 2008 | Reply

I am having the same problem as dave and when I try to run explorer it says Windows cannot access the specified device, path, or file. That I may not have permission to access the item. I have admin rights so I dont know what’s wrong any help would be appreciated.

thanks

By Meg Amor on Aug 28, 2008 | Reply

Aloha and thanks to everyone who has put up suggestions. I have used several of them and got most of it off – I hope. I also ran a cleaner and that got some more of but like a lot of people I couldn’t get rid of the ‘box’ with the ‘ad’ in it. Grrr.

I finally went to My Pictures, right clicked a picture and selected Use as Desktop Background or similar and now have a picture I can live with. For how long… I don’t know but at least the box is not there and causing me to go red with rage everytime I see it.

By Doug on Aug 28, 2008 | Reply

To get rid of the fake wallpaper the easiest thing to do is creat a new user account. Copy your “my documents” contents to the new user account, log on as the new user and delete the old account. This will let you change your wall paper again.

By num on Aug 28, 2008 | Reply

what i did is. GO to taskmanager and end process of anitivirus and anything that relate to. Then I start to delete them from C:/ after that clean your recycle bin. It seem to work

By Meg Amor on Aug 28, 2008 | Reply

On the wallpaper issue. I did manage to change it for a while but it kept comverting back and doing odd things with a code screen warning coming up etc. On this site, on the top right hand side, there are RECENT POSTS. Go to the one on ‘Warning spyware, wallpaper error removal message…’.

Thanks so much to Fix it Manually, I finally fixed the last bit with the screeensaver etc, the lurking bits were the screensaver and application. His fix fixed it completely!

I had gotten all the other bits but my computer still had the ‘ad’ on the screen and no screensavers etc. Although I could put my new pic up but it kept reverting on startup and also the odd code screen. My computer was acting really weird, throwing up a warning black and white code screen that some programs were not working properly, dumping the main page screen etc. Very frustrating. Earlier in the day I had found 2 files I couldn’t delete and went back to find them last night. Fix It Manually had the answer. THANKS.

I found the lurking files in Search and putting in phc – which seemed to be the common thread. They wouldn’t let me delete them – coming up with the – check this file is not a read only or copy protected etc. I then went to the msconfig file that Fix It said and unchecked them. Then went back to the search, found the phc again and deleted them and emptied the trash immediately.

Voila!!! All fixed now. THANK YOU!!!

By Jeff on Aug 29, 2008 | Reply

managed to fix this after a great deal of frustration. After stopping any process i didnt know in task manager (had to get to it through ctrl shift esc – ctrl alt del wouldn’t work) Went through my regrstry and deleted the folder under HKEY_LOCAL_MACHINE\software\rhc….something, then did a search in files and folders and deleted them again

Then i did he same thing (reg delete and file delete of all the ppcp (i think)

to get rid of the original file just rename it to something else then delete it.

Hope this works, this was a real barstard (im sure not all of it is gone but no problems as yet so fingers crossed.

By Wendell McShan on Aug 29, 2008 | Reply

I fix computer problems for people and I have found the easiest thing to do is to restore the computer or reformat the hard drive and reinstall windows. I always encourage my clients to keep copies of their files on a secondary storage device and backup frequantly.

P.S. I have had about 10 encounters with Antivirus 2008 within the last 6 months.

By David on Aug 29, 2008 | Reply

Well, this virus hit me on Sunday (Aug 24th) and it was because of trying to download a missing codec…I am staying away from those in the future. A friend (my computer expert) ran the roguefix file and it appeared to do the trick but once the machine restarted it was still there. So we had to reformat the computer. Did anyone else see the fake ‘blue screen’ of death? Whoever came up with this really pulled out all of the stops….they should die a thousand deaths. But I am glad I encountered this site with all of the comments and helpful hints. So thanks to all…

By toms noypi on Aug 29, 2008 | Reply

guys just dont continue to download applications which lesser than 1 to 2 mb
this Anitivirus2008 is only 336kb
it is so obvious that its a malware or any…
well i hope this helps and thanks to this site!!

By Heidi on Aug 30, 2008 | Reply

I think I have removed all the infected files but now I have a problem with my browsers (both FF and IE). It takes a looooong time to load and sometimes it just stops loading. Is any file listed here affects the network connection?

I’m using the Japanese version WindowsXP. Now, characters cannot be shown properly in the NotePad. Please help!

By Aaron on Aug 30, 2008 | Reply

This little bug seems to have not only prevented me from using task manager and disabling the wallpaper ta in display, but they seem to have adapted it to ALSO disable/get rid of msconfig or gpedit.msc. Anyone know how to get those back?

By jon on Aug 30, 2008 | Reply

i’ve got the same problem as heidi now, my firefox is screwing up. it takes super long to load, and weirdest of all, google has changed so that whenever i search for anything, no matter what, the link is replaced with a new tab opening of some shitty/shady virus site or another shady search engine. this is obviously this thing’s fault and it seems like no one else is even mentioning it? what’s the deal?

By Anonymus on Aug 30, 2008 | Reply

OK i got the pop up and stuff for xpa but i manged to beat the virus to the task manger and end its processes. I am now stuck with the annoying back ground. any help?.

By Louise on Aug 30, 2008 | Reply

hi ok so iv been looking on the blog and i have this virus too i have tried everything but i really dont know how to get rid of this virus!! its doin my head in! someone please help me! email me on ichlebear@hotmail.co.uk

thanks

By Jason on Aug 31, 2008 | Reply

Hi,
I almost have all of the virus off of my laptop by using different methods that have been suggested here. But now I am stuck at the same place “518 By jon August 30th, 2008″ is. My browser is acting strange when i try to use google or update my anti virus/spyware applications and it blocks me from most tech support websites. Any ideas?
Thanx in advance.

By Louise on Aug 31, 2008 | Reply

ok i think i have sorted it, u need tuneup utillities 2007 once u have downloaded it go onto it and go to customize and analyze administer and control then tune up system information then click continue and unclick the antivirus xp 2008 [its under a different name but its got the same icon so u should recognise it] then right click it and click properties to find out where the file is hidden, [keep this up whilst u do the next step as u will come back to is in a second]
now go to administer and control then tuneup process manager then terminate the program under the same name that antivirus xp 2008 was under when we found it earlier. now that u have done that u can successfully uninstall the program in the file that u found it in earlier. after this delete every icon link to it u can find. once this is done close tunup and restart ur computer and it shud be gone.
after this u need to get ur desktop and screensaver tab back. you go to start then run then type in regedit the click HKEY_CURRENT_USER> Software> microsoft> windows> current version> policies> system. then where it says nodispbackgroundpage right click then click modify and change it to 0, now do the same to nodispscrsavpage after this you should have full functions to your background properties. i know this is long winded but this is the only way i could do it. hope this helps. if ur lost at any point or need help lemme know! louise

By Shawna on Aug 31, 2008 | Reply

Well, I have been fighting this stupid thing all night. I just managed to do a system restore, going back to last Friday, but I still can’t search the web through Firefox right. When I do a search for something on Goggle, it goes to whatever site it wants. Any ideas how to get rid of that? and it opens a new tab too when my search usually stays in the same tab. Any help would be wonderful! Thanks y’all!

By Erik on Aug 31, 2008 | Reply

I have spent almost 24 hours on this PIA. The file names are changing and NOTHING on my computer (other than the fake EULA pop up on start up) read as “Antivirus XP 2008.” This thing is actively changing to make removal more difficult.

After much reading on support sites, I copied to disk the Malware Removal software from bleepingcomputer.com and then ran it on my computer.

The virus appears to be eliminated. I can use IM programs, ping websites from command prompt, BUT I CAN NO LONGER OPEN INTERNET EXPLORER! Before I used the Malware removal software, I was able to use explorer.

The hourglass spins for a moment, but then nothing happens, and internet explorer is not active in task manager.

I think the Malware removal deleted a registry key I need to operate internet explorer.

Can anyone help me recreate the registry key? Or do I need to reformat and reinstall the OS?

The registry keys I think I may need for it to work are all:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet(either 001,002 or 003)\Services\sysrest.sys

and the log file in the Malware removal software indicated they were “Rootkit.Agent”

Any help would be appreciated.

By Shawna on Sep 1, 2008 | Reply

I also can’t download anything…I was hoping to try some of the free scanners that some of you folks suggested, but I can’t download anything. Any ideas?

By rhyan on Sep 1, 2008 | Reply

Hi, ive been infected with this virus before and i thought i got rid of it all, i followed all the manual instructions to get trid off it last time and worked…… for awhile. Till now!!!! its back and better then ever (not) i cant access task manager, my c: drive, system tools, run, cmd prompt or anything. the stupid virus has limited me to nothing….

Where do i start to get rid of this thing?

By Angelo Ig on Sep 1, 2008 | Reply

Thanks to all your information. But the only fix that worked for me is; go to pictures and select your favorite, and “set as desktop background.” And the pesky xp 2008 virus just dissapeared, but I lost most of my themes, that’s okay, I’m back to normal. Whew! I almost toss my computer in the dumpster.

By Keith on Sep 1, 2008 | Reply

Woops! Totally missed Erik’s post (524)!

I am not having any problems opening explorer or using Google after using that particular software. Sorry, can’t help you with the reg key!

By Shawna on Sep 2, 2008 | Reply

Please, can anyone help me so I can search the web again. I have tried Internet Explorer, and Firefox, and I have tried many search engines and it goes to whatever site that the antivirus xp 2008 wants to. I also can’t go to websites, such as homedepot.com as an example. I can’t download anything either. Please help! I got rid of the main virus, as far as I can tell, and I just need some help with this. I have backed up my files and I’m willing to strip my computer if I have to, but I also don’t know how to do that really lol Please, if someone can help, I’d really appreciate it! Thank you!

By Saxon on Sep 2, 2008 | Reply

I have 3 computers, a Dual core pentium Q6600, an AMD Athlon 3000+ and an old POS IBM 2.4ghz. My first 2 computers are fine, untouched by the AV2008 virus. My IBM on the other hand keeps getting this virus, no matter how many times I remove it and reformat my hard drive (I wonder if it leaves traces in my Bios/flash memory). Just having the IBM hooked up to the net will inffect it.
I removed the virus the first time myself, then reformatted my hard drive, and updated XP. I went to the store and when I came back my comp was infected, AV2008 was running a scan, I hadn’t even been using it, but it was hooked up to the net. (I doubt I got it from SP1a or SP2.)

If you load up into safe mode it makes it 10X easier to remove the virus, you can change your background and get the name of the file they used for their background picture. Search for the first four to six letters of that name and you should find 6 to 10 other files with roughly the same name. These files will be located in your WINDOWS/PREFETCH folder and in your WINDOWS/SYSTEM32 folders.
I use Zone alarm Pro, which lets you shut down every executable (file) program on your computer with it’s program control feature. Find the AV2008, and kill the program…will remove the registry entries and most of the other spyware files that came along with AV2008.
If you need to do it manually, load up into safe mode and follow the instructions found at the top of the page. Safe mode doesn’t load AV2008 or any of it’s components and lets you remove the files without getting any errors.

Thank you for providing this manual removal site.

By Shawna on Sep 2, 2008 | Reply

Hi Saxon,
Thanks for the info, but you said to “Search for the first four to six letters of that name”…which name do you mean? Thanks again!

By Daniela on Sep 2, 2008 | Reply

eu gostaria de saber qual é o serial number..que ele pede quando vou remover os virus….estou com 2958 virus no PC..

By Jared on Sep 2, 2008 | Reply

This crazy thing is totally screwing with my main computer i didnt even get it from the site it was attached now my desktop backround is the stupid XP antivurs thing and i cant open any folders or even my Recycle Bin i tried delteding the processes and i even tried reinstalling my OS but it wouldnt even let me do that i really dont want to have to spend hunderds of dollars on a 200$ pc it just wouldnt make sense ive read alot of these and i still havent gotten any closer to fixxing my computer my 60$ antvirus cant even find this thing…

By james on Sep 2, 2008 | Reply

Lindsey, you rock! It worked like a charm (I think).

By enriquesplace2 on Sep 2, 2008 | Reply

all good

By derek on Sep 3, 2008 | Reply

i am not much of the computer wiz but my security system did pick up a little something that caused the little tray on my desk top to go away(i have xp) and well, it was fixed. im still doing a last minute scan to make sure everything on here was COMPLETELY elimated from coming to my CPU again(so far so good). i used this antivirus system *am i allowed to name it or will i get in trouble?*(it might have to be payed for *sorry*). its a legit system because its been in business for an amount of years that it even tracked down the old version of the same software but of what u are witnessing here(it was like 2001 or something). anyhow, i believe it will solve a great precentage of the problems. im not saying that u HAVE to buy it or anything, but it worked for and i believed it only because a family member of mine told me(who could u trust better than family=). all in all, it will remove that pesky wallpaper and clear up the same pop up over and over again.

By derek on Sep 3, 2008 | Reply

i forgot to say that itll stop lagging at what not to ur CPU too.

By mike on Sep 3, 2008 | Reply

My daughter got this crap off of a redirector from my space watching a funny video. I can’t uninstall it out of my programs. This is my first dealings with this monster and norton 360 can’t get it out of my programs.

By Ed on Sep 4, 2008 | Reply

Please help! I need advice. I also got this anitvirusXP2008 i think from a link on allfreelogo.com. AVG detected it, so i moved it to vault but then noticed it had installed itself anyway. The picture from the desktop dissapeared it was blank white, I did a search and deleted all the files I thought pertained to it. I removed it from add/remove prog., then I tried to do a system restore to a couple days back which I had made a restore point… heres the thing, It didn’t let me go back to other dates, the calendar was there but with the only restore point being right after antivirusxp08 was installed. I did an AVG complete scan and nothing was found, then I restarted the computer. So here is where I’m at and what I need help with…

My screensaver and desktop tab is missing from the desktop properties, my desktop is brightblue but my icons are there, and I can’t restore to a certain date at all! Please help.

By Zero on Sep 4, 2008 | Reply

Crap… this thing install itself without me knowing while I was online… By the time I realize it, I can’t uninstall it and it keep scanning my laptop. crap. I’m not a computer expert so I don’t really sure I can use the instructions without killing the laptop by accident. now I have to reformat the whole damn thing since it’s better and furthermore this is my dad’s laptop!!!

By skinhead on Sep 4, 2008 | Reply

if it is installing by itself after rebooting, go to program files and delete the folder sav it contains sav.exe that autostart the program

By help me on Sep 4, 2008 | Reply

help me this thing has taken over my computer and i cant stop it and dont understand what to do so please help me

By Aaron on Sep 4, 2008 | Reply

Saxon,

If the thing is reinstalling after you format your HD, then I would guess this ^$#^$%^ thing has made its way to your boot sector which you can do nothing about. There was a virus a couple/few years ago that would install to the boot sector, and then do the same on any additional HDs you had connected to the system…the fix there was 2 new HDs for a buddy of mine. Hopefully that is not what you have. If you have a RAID setup, do 2 low level formats…

By trevor on Sep 5, 2008 | Reply

i remove 10 of thease everyday , i think $69.99 is reasonable for the complete removal and people are always bitching that that is too much. its not really hard to remove but care must be taken to get all of it or it will come back.

take your computer to the local shop and tell them to remove and pay if you dont want to learn. it took me 11 years to learn to remove viruses and now i can remove anything.

By xt on Sep 6, 2008 | Reply

I spent 5 hours to combat Antivirus XP 2008 and now it’s completely gone. (hopefully!!) Thanks for the tips everybody!

By Hafiz_RBFG on Sep 8, 2008 | Reply

Does the Evilware™:

- Slows down the internet?
- Prevents user from accessing the secondary hard drive?
- Crash the system whenever “Search” is opened?
- Mess up font sizes on Firefox?

These happened after the cursed Evilware™ pop up on my computer. The fake BSOD (which appears to replace your screensaver) is very frustrating.

By JACQUES on Sep 9, 2008 | Reply

Hi,

I’m sorry to speach englihs cause i’m a french canadian but, i want tou remove Vista Antivirus 2008 as soon as possible.

Could you explain the way i have to take to removed this site.

Thank,

Jacques Belanger

By Jevaughn Campbell on Sep 10, 2008 | Reply

HI GUYS I KNOW IM JUST A 14 YEAR OLD KID BUT LISTEN… I FIGURED IT OUT… WITHOUT THE COMPLACATED ADULT STUFF… WHAT I DIDI IS MAKE A NEW ACCOUNT ON MY COMPUTER AND GIVE IT ADMIN PRIVILAGES…. AFTER THAT I AUTOMATICALLY AS SOON AS I LOGGED INTO THE NEW ACCOUNT I PRESS CTRL + ALT + DELETE. THEN JUST END THE PROGRAM (sooo sorry guys i forgot the name but it starts with R and hs a lot of other number and letters behind it.) AND YOUR CURED!! I THINK… IT WORKED FOR ME (=

By Rob on Sep 13, 2008 | Reply

To Jevaughn (#548)

Sorry my friend, but that will only stop it temporarily, next time you restart, it will be back.

By Ted on Sep 14, 2008 | Reply

You can put Ubuntu on your computer and you wont have to worry about viruses ever again!!!!!!!

By Lehman on Sep 14, 2008 | Reply

I hate antivirus xp 2008!!!!!

By Ryan Coughlin on Sep 15, 2008 | Reply

OK guys.Jevaughn Campbell, You are my hero. He is correct. The file name is rhc53uj0ev7u.exe. It does exactly what Jevaughn said. Once you end the process, go to My Computer, C:, Program files and a folder rhc53uj0ev7u.exe should be there. DELETE IT. And youre g2g. Thanks so much Jevaughn.
Ryan Coughlin,
12 yrs of age

By kathy on Sep 17, 2008 | Reply

I got it on my Sony VAIO. I have adware software and avast antivirus. It kept coming back.
Finally I went to Task Manager Window then clicked Processes Tab and saw an .exe file that just had lowercase letters like jpheklrdkld.exe so I deleted it. This is day 2 and it is not there anymore. But I cant uninstall the Program window where it says to Add/Remove Programs window. I delete desktop icon and everything else is gone.

By mr220 on Sep 17, 2008 | Reply

Jevaughn Campbell good looking out dude!
I have yet to restart my cpu , but it’s gone and i can type again.

1st end the process of anything with low case ending .exe (i had two next to each other)

2nd go to program files in C drive. look for same folders. delete them.

3rd i ran norton and it wiped out the remaining junk. (cookies)

G2Go now. good luck!

By Madman on Sep 17, 2008 | Reply

I lost all my money in the market, and now I am losing my computer on Antivirus XP 2008!!! I am so mad!!!!!!!!!!!!!!!

By JoJo on Sep 18, 2008 | Reply

It took me a good one day to get rid of Antivirus XP 2008. Thanks for everybody’s advice. I read through almost every comment and they are indeed very helpful. Thanks again.

By rich on Sep 19, 2008 | Reply

I have this crazy virus but following the instructions here to do a manual fix I DO NOT have any of the processes running that need to be ended. So far I haven’t found any of the files that need to be deleted. HELP…

By CrazyMan on Sep 20, 2008 | Reply

Antivirus XP 2008 is killing me!!!! I clicked on “x” to close it and it came back. It’s faster than what I am capable of doing. The wallaper is like fixed in the background and in no way could I reset it to my pic. It’s so f*cking annoying!!

By okay on Sep 20, 2008 | Reply

I can’t seem to end the process – antivirus xp 2008 disabled and removed any permission that i have on my windows xp machine. How do remove antivirus xp 2008 permanently? thanks.

By Jane on Sep 21, 2008 | Reply

I am lucky enough that I have a very good IT friend who cleaned this mess in less than an hour. Hope you guys are as lucky. Good luck!

By haha on Sep 22, 2008 | Reply

LoL! I fixed it!!!!!!!!!!!!!!

By Larry on Sep 22, 2008 | Reply

I don’t have xpa.exe. Does Antivirus XP hide in any hidden folders? I found some random files that look suspecious. Not sure if they are related.

By Mike on Sep 24, 2008 | Reply

I hate Antivirus XP 2008!!!!

By Jack on Sep 24, 2008 | Reply

It’s impossible to delete antivirus xp 2008. I have so many randomly generated files. I stopped the processes like you say here, then they came right back. I am lost

By MarkE on Sep 24, 2008 | Reply

I had Antivirus XP 2008 and was able to get rid of it pretty easily using the following approach:

Run Windows Task Manager {CTRL ALT DEL] soon after booting up windows. Go to the resources tab.

Look for the program that is using all of your cpu resources (>90%, but not the System Idle Process of course). Write down the name of the program – it is likely in all lower case letters. Look for other programs in the list that have a similar name. On my system, the main cpu hog was rhc5ajj0ep0l.exe. Another program was running with this name: lphc1ajj0ep0i.exe. NOTE that these names are randomly generated.

Both of these programs are part of the problem. Highlight each one and then click the End Process button at the bottom right corner of the screen.

Note the similarities in the file names: both have ajj0ep in the name. I focused on this similarity in doing the rest of the searches on my system.

Now, before rebooting your computer, but after halting the processes above, search your entire computer including system and hidden files for the programs you halted. When you find them, delete them using SHIFT + DELete key sequence.

Sort your the diorectories where you found these files by date and look for other suspicious files with the same dates as those identified earlier.

There were several files in the Windows\system32 directory that ran a screensaver and hijacked my background, but these were easily identified by the date stamp.

There was also a directory in my Programs folder that held most of the program. I renamed this and then deleted it when I was sure it was not a valid program.

Lastly, I searched my registry for entries that had the file names identified earlier and deleted all entries that corresponded to this damn program.

Rebooted and all was well.

BIG NOTE – but keep this in perspective – editing your registry or deleting programs can harm your computer. But, if you use some common sense and do not delete real Windows components or registry entries, you should be A-OK.

Good Luck!

By Tina on Sep 24, 2008 | Reply

MarkE, you are awesome! Thanks for your helps!

By Kevin A on Sep 25, 2008 | Reply

If you read down through the postings the names change slightly several times. xp antivirus was not listed anywhere on my computer except the short cut icon. Right clicking the icon, then properties, then shortcut, then find target gave me the name xp antivirus was called on in my prgram files. Then I was able to follow some of the instructions above to get rid of it. In my case it was called rhc33dj0ee8p. No one can do anyting about the people spreading this because they are not in the USA.

By Jasik on Sep 25, 2008 | Reply

Your’e a f*cking dipshit.

By Robert on Sep 25, 2008 | Reply

ANTIVIRUS XP 2008 IS A VIRUS. Check out Norton’s website or any other antivirus website!!! DO NOT DOWN LOAD THIS PROGRAM , IT IS A VIRUS!!!!!!I had to pay Symantech’s virus removal group $100 to remove Antivirus XP 2008 from my PC

By Sal P on Sep 26, 2008 | Reply

Mark E IS RIGHT!

Not only did it work but it made a lot of sense.

GOD BLESS MARK E!!

I had Antivirus XP 2008 and was able to get rid of it pretty easily using the following approach:

Run Windows Task Manager {CTRL ALT DEL] soon after booting up windows. Go to the resources tab.

Look for the program that is using all of your cpu resources (>90%, but not the System Idle Process of course). Write down the name of the program – it is likely in all lower case letters. Look for other programs in the list that have a similar name. On my system, the main cpu hog was rhc5ajj0ep0l.exe. Another program was running with this name: lphc1ajj0ep0i.exe. NOTE that these names are randomly generated.

Both of these programs are part of the problem. Highlight each one and then click the End Process button at the bottom right corner of the screen.

Note the similarities in the file names: both have ajj0ep in the name. I focused on this similarity in doing the rest of the searches on my system.

Now, before rebooting your computer, but after halting the processes above, search your entire computer including system and hidden files for the programs you halted. When you find them, delete them using SHIFT + DELete key sequence.

Sort your the diorectories where you found these files by date and look for other suspicious files with the same dates as those identified earlier.

There were several files in the Windows\system32 directory that ran a screensaver and hijacked my background, but these were easily identified by the date stamp.

There was also a directory in my Programs folder that held most of the program. I renamed this and then deleted it when I was sure it was not a valid program.

Lastly, I searched my registry for entries that had the file names identified earlier and deleted all entries that corresponded to this damn program.

Rebooted and all was well.

BIG NOTE – but keep this in perspective – editing your registry or deleting programs can harm your computer. But, if you use some common sense and do not delete real Windows components or registry entries, you should be A-OK.

Good Luck!

By mike on Sep 27, 2008 | Reply

how do i remove the security toolbar

By sarah on Oct 1, 2008 | Reply

Antivirus XP 2008 is one of the worst spyware I have purchased in my life. It does not work the way it advertises. It does not remove spywares. It does not protect against viruses. It is itself indeed a terrible virus. If I have read this website a few hours earlier, I would not have run into this scam. Antivirus XP 2008 is a mess. Don’t fall into the scam.

By Luis on Oct 1, 2008 | Reply

I have this xpantivirus 2008 and it is prompting me to install. Looking at all the posts, namely Tom T, I can’t locate any fo those files. Is this because I have not actually agreed to the terms? Do I need to accept it and let it install before I can find the file names?

Ant advice would be appreciative.

By sara on Oct 1, 2008 | Reply

the same thing happened to me today, and I ran my normal anti-virus software and it detected this virus and quarantined it. When I restarted my computer, it would restart by itself after loading. Safe mode does not work and either does debugging. How can I fix it, if it just restarts.

By Charlie on Oct 2, 2008 | Reply

The quickest and easiest fix and ultimate prevention tool? Buy a Mac and forget about viruses.

This is why PC’s suck.

Mac’s don’t get them.

By Peter on Oct 3, 2008 | Reply

Hi ive somehow downloaded antivirus 2008, Can you help me remove it please

By carlo on Oct 3, 2008 | Reply

Not two months ago a warning popped up my computer screen and immediately after it was an offer of Antivirus 2008 XP and Cryptdrive. I downloaded both; now I hesitate using my computer to access my e-mail because everytime I try to, a warning pops up saying my computer is infected with a spyware, trojan, etc. Prompts to activate Antivirus 2008 XP proved futile and I was supposed to have bought a six-months license. I want these removed. Please help!

By virus hater on Oct 4, 2008 | Reply

the name of that virus was rhccopj0et3c.exe

By Gretchen on Oct 7, 2008 | Reply

Try on line help which is free from micro soft.
I did it through chat but still had to let the tech take remote control to remove XP 08 Antivirus which is not antivirus at all.
My clock still shows 24 time and I am here to try to fix that but all other problems are fixed!

By heekii on Oct 9, 2008 | Reply

can anyone tell me the licence of Xp antivuris???

By Sahaj on Oct 10, 2008 | Reply

TomT….YOURRRR THE MANNNN!!!!! Thank you so much….you are awesome!! Keep up the good work!!

By justin on Oct 18, 2008 | Reply

hmmm i posted a comment not long ago but dont see it, oh well im antivirus free now.

i used my birthday money to pay for that that shit.

I hope he uses it for some protection because if somebody who installed this crap finds him they will be relentless i bet.

The way i did it ( i cant see my comment so i apologize if im repeating myself ) rename any icon related with the antivirus crap to anything else and delete it and empty recycle bin.

go to computer, c drive, programs, find the antivirus file, right click choose rename and delete and empty recycle bin.

if this works or doesnt work the thing that worked for me, i was really thinking my computer was going to shutdown for good this time so i was desperate,

Restore your system! go to start search for it in toolbar or if you have vista just type in system under search and look for restore system.

wait the 2-7 min for it to complete because it’s almost as if this antivirus bullshit never existed on my computer, it’s totally wiped out.

I really hope this helps because i know how fucking frustrating it is.

By Elena on Oct 18, 2008 | Reply

Just a note to say that I ran a McCaffee scan while AntiVirus 2009 was actually popping up on my computer and McCaffee DIDN’T FIND IT. Symantec or Norton from the Symantec site, I am not sure if they are the same, found it.
Elena

By adrian on Oct 19, 2008 | Reply

I tried to do as ‘Tom T’ suggested earlier but a window pops up to say that this function has been dissabled meaning I can’t do a damn thing about it:-( new puter by the sounds of things

sob sob sob

By JON on Oct 21, 2008 | Reply

Not only do i have antivirus xp 2008 ive got registry doctor 2008 and many more r they related or the same please help ive spent hundreds on my comp and no 1 knows how 2 get rid of my prob they tell me 2 get a new pc

By Louise on Oct 25, 2008 | Reply

Hi Tomt,

I have the 2009 version and have tried what you said. It doesn’t seem to work.
Any other suggestions would be welcome

Louise

By CG on Oct 30, 2008 | Reply

FORMAT!

By v connect on Nov 3, 2008 | Reply

PlZ help me to remove the virus in my system

By Emi on Nov 4, 2008 | Reply

After following Tom T’s instructions ,I got rid of those that I could find.I then went on to Manual removal and removed the rest except the screen saver so I decided to install “e’scan”antivirus since it had none, upon completion it askedto reboot to complete installtion. After rebooting, it doesn’t have a taskbar,no time bar nor anything else on the desktop except the stupid warning the caused this stuff up.I tried safe mode ,but came up with a blank sreen with safe mode…. CAN SOMEBODY PLEASE HELP ME???????

By Pamela on Nov 13, 2008 | Reply

I had this problem several months ago and saved this page in my bookmarks just in case I needed it again.

I’m glad I did. I thought I removed everything and followed all the great advice here.

My question is can this thing come back?

I recently loaded WoW (an online game) and had to turn off my firewall to do so. The problem is I now see icons on my “start” up tab, that reference this virus again. The virus is not running as far as I can tell, but I’m worried it may be back.

I am searching files now to see if any mentioned above show up.

Is it possible I’m not reinfected? How did the icons get on my start up page?

By hafidzuddin on Nov 24, 2008 | Reply

my computer has been infected by 2873 virus and my computer can’t access any web site to download any software to heal this virus.actualy,only this antivirus xp 2008 can detect the virus so i want to ask you what should i do to solve this problem.if i need to buy this software how much i pay

By Guruli on Dec 4, 2008 | Reply

- dont’ ever give your money to something that you did not install yourself! … you will have to scan the system from a clean OS; so you will have to either have an updated BartPE CD or remove the hard drive then install it as a slave in another system (that is clean and protected +++) then scan/clean it there … most of the times that removes these threats … i have done this many times as i do this for a living. …

By stan on Dec 6, 2008 | Reply

this is like full on scam, totally run by russian mafia , no bull got inside on this one

By Gretchen on Dec 7, 2008 | Reply

Still running with no problems after haveing microsoft tech taking remote control and removing the xp antivirus.

By leonora on Dec 15, 2008 | Reply

DO NOT UNDERSTAND HOW TO REMOVE THE VIRUS. CAN YOU PLEASE TELL ME WHAT I HAVE TO DO.
THANK YOU

By jeff on Dec 30, 2008 | Reply

Why are the makers of this XP virus not in front of a firing squad as we speak?

I woul dlike an answer.

It is like they have broken into a million plus homes…

That is pretty serious if you ask me….

By Bob on Jan 28, 2009 | Reply

Go here and run this scanner. It belongs to Microsoft. I don’t know why they don’t advertise this more. This not only removes XPAntivirus but also optimizes your PC. Mine is running much better now that I ran the Full Service Scan. Hey – maybe Microsoft did something right.

By Pitir Manuel Dongala on Feb 2, 2009 | Reply

Download Antivirus Windows xp

By lokman on Feb 9, 2009 | Reply

hi

By Hunt on Feb 15, 2009 | Reply

Thanks Tom
appreciate your help and guidance with this matter.

By Mr. Daenk on Feb 23, 2009 | Reply

can I get free licensi key ie-security@antivirus

By Brian Peppers on Mar 17, 2009 | Reply

I accidentally the whole Antivirus XP.

Is this bad?

By Nigel on Apr 14, 2009 | Reply

Hi

I have the XP antivirus virus – I have read the instructions on how to delete all the applicable files, however, I can’t even access the start menu in order to use the ‘run’ cmd? I can’t even access Task Manager as that has also been disabled? Even in safe mode!

Any suggestions would be most welcome

Thanks in advance

N

By nIGEL on Apr 14, 2009 | Reply

Hi

How can I delete all of the aforementioned files associated with the XP antivirus virus if I can’t access the start menu?

I have tried safe mode etc. but all say that my Task Manager is disabled. Can I access the ‘run’ cmd in any other way e.g. through the bios?

I’m stuck any help would be much appreciated

Thanks in advance

N

By mohamadkunhi on Apr 25, 2009 | Reply

this virus system isgood one.

By mohamadkunhi on Apr 25, 2009 | Reply

antivirusxpvista isagood systemin p.c.

By Marcia on May 23, 2009 | Reply

Tom T: Wow I was searching and found you; tried it and wow…thank you! marcia

By Marcia on May 23, 2009 | Reply

OOps! Sorry guys; I forgot to ask if the techs can turn the blogs so the newest come first. My friends gave up and I had to show them to scroll way down to find Tom T’s help. Thanks again. marcia

By MELVIN WHITESIDE on Jun 22, 2009 | Reply

Trojan.Win32.Agent.azsy And it won’t let me bring up programs in my favorites blocking my access too it what will work to get the program back working, any information will be very helpful, thank you very much for your response.

By king cobra on Dec 4, 2009 | Reply

hey if there is anyone who can help me by sending me a program that can get this antivir completely off my pc it would be very appreciated cuz my credit card has been cancelled since i lost my job. the email is gaza_realkilla@hotmail.com

By jennifer on Mar 12, 2010 | Reply

Ok… soo it seems this little devil has been around for some time… well now i have it in 2010… i am such a computer dummy and i really couldn’t follow ur instructions…could someone please email me specilific instructions on how to do this… and i need detailed instructions.. sorry to be such a pain but im not really computer savay…but this thing is not allowing me to even open up programs..it asks me what program do u want to use..even when its somthing that i have opened often… someone please help and i do greatly appreciate it!! Thanks