XP-Antivirus Information and Removal

XPAntiVirus For the past few days, I have been following with the latest malware called XP-antispyware. I was of the opinion that this is only spread via its own website and when downloaded and installed. But today it proved me all wrong. I was searching google and when I opened one result, to my surprise, another popup opened breaking all my popup blockers stating that my computer had some spyware and that I needed to scan for spyware using XP-Antivirus. I just closed the Window and another dialog box appeared which I captured:

XP Antivirus Information and Removal

I didn’t press OK. Just clicked the red Cross and everything was fine. I have NOD32 Security Suite and I have the latest definitions installed. It should have caught this dangerous page but it didnt.

XP-Antivirus is still new and can affect even with

your antivirus installed. So be aware of the danger.

How to stay away from XP-Antivirus

As I have already mentioned that the detection of this malware is really very poor, so you should also be careful about what you are doing. Just stay away from the following sites:

  1. XpAntivirusonline.com
  2. XPOnlinescanner.com
  3. XPSecuritycenter.com
  4. XPAntispyware.com
  5. XPAntiviruspro.com
  6. XPAntivirus2008.com
  7. XPAntivirus-scanner.com
  8. XPAntivirus.com
  9. XPAntivirussite.com
  10. XPCleanerpro.com
  11. XPAntivirussecurity.com

In the last one month or so, the creators of this malware have created so many sites and it is expected that the variants will keep on coming. Please note that this malware can install automatically so please DONOT try to open any of the sites above.

How to remove XP-Antivirus

If you are infected with this malware. Please follow the instructions below to remove xp-antivirus:

Remove the following processes:

  • %program_files%xpantivirusxpantivirusupdate.exe
  • xpantivirus.exe
  • download.exe
  • %program_files%xpantivirussysbackupntoskrnl.exe
  • install_xp.exe
  • %program_files%xpantivirussysbackupntoskrnl.exe.md5
  • %program_files%xpantivirussysbackupexplorer.exe.md5
  • %program_files%xpantivirusunins000.exe
  • xpantivirusupdate.exe
  • %program_files%xpantivirussysbackupexplorer.exe
  • %program_files%xpantivirusunins000.exe
  • install_xp.exe
  • %program_files%xpantivirusxpantivirusupdate.exe
  • %program_files%xpantivirussysbackupntoskrnl.exe
  • %program_files%xpantivirussysbackupexplorer.exe
  • %program_files%xpantivirusxpantivirus.exe
  • %program_files%xpantivirusxpantivirus.exe
    Where %program_files% is your Program Files directory e.g, C:Program Files.
    To remove all these processes, open your task manager, go to processes tab and remove all the above processes whichever are running.

Remove the following folder created by XP-Antivirus:

  • %program_files%xpantivirus
  • %common_programs%xp antivirus

    Remove the following registry keys:

  • HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun xp antivirus
  • HKEY_CURRENT_USERsoftwarexp antivirus
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilter displayname
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilter errorcontrol
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions firstrunminimize
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 nno setup: user
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 installdate
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 installlocation
  • HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermenuorderstart menuprogramsxp antivirus
  • HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun xp antivirus
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions autoupdate
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions billingurl
    HKEY_CURRENT_USERsoftwarexp antivirusoptions enableantirootkit
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 urlupdateinfo
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilter
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 displayname
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 helplink
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 inno setup: app path
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 inno setup: icon group
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 inno setup: setup version
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions firstrunurl
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions billingurlapproved
    HKEY_CURRENT_USERsoftwaremicrosoftwindowsshellnoroammuicache c:program filesxpantivirusxpantivirus.exe
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 publisher
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions updateurl
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilter imagepath
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilter start
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilter type
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilterenum
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilterenum count
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 nomodify
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions aff
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions registerurl
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions startminimized
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilterenum initstartfailed
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions enablesysbackup
  • HKEY_CURRENT_USERsoftwarexp antivirus
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions checkhidden
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions enableadvanced
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 norepair
  • HKEY_CURRENT_USERsoftwarexp antivirusoptions versionurl
  • HKEY_CURRENT_USERsoftwarexp antivirusregister
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 quietuninstallstring
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 uninstallstring
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 urlinfoabout
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfilterenum nextinstance
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfiltersecurity
  • HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicesxpantivirusfiltersecurity security
  • HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun xp antivirus
    If your homepage has been changed by XP-Antivirus, please change it to default.
    This will hopefully remove the malware from your system. If you have any queries, please comment.

Got computer/technical problems? Get FREE help from Technize Forums
Posted by Sanix Security, Troubleshooting, Windows Subscribe to RSS feed
« « The Menu Bar Disappears from Windows Explorer

Windows XP Restarts Unexpectedly When Booting » »

7 Comments to “XP-Antivirus Information and Removal”

  1. AntivirusExpert hubpages.com says:
    June 25, 2008 at 5:19 pm

    I think that manual removal is the most effective way to get rid of XP antivirus, though regretfully not the easiest. For ordinary users out there, deleting entries from the Windows registry can quickly become a worse experience than this scam itself. However, it mutates so fast that antimalware programs work on certain PC’s and don’t work on others, so manual check and step-by-step guide is always a better idea than a blind belief in some “powerful remover”.

  2. Techie Bob spyware-techie.com says:
    July 10, 2008 at 12:35 am

    Manual remove does work but i have found you have to double check ourself to get all of the files removed. If some are left behind you end up still getting the popups. Also, be careful with the registry entries, if you are not sure then don’t mess with your registry or you may end up re-installing windows!

  3. Sanix technize.com says:
    July 11, 2008 at 10:36 am

    Thank you AntivirusExpert and Techie Bob for your expert comments. May be we should also work on a removal tool for this malware because it is spreading rapidly. I’ll try to make one removal tool specifically for XP-Antivirus.

  4. Pwhndvve bebo.com says:
    August 9, 2008 at 8:51 pm

    Honi soit the dazzlingly buy cytotec then announced estivities.

  5. Rahul says:
    October 18, 2008 at 8:24 am

    Run smitfraud.exe to remove XP Antivirus. It’s a free download.

  6. Haz says:
    February 13, 2009 at 10:43 pm

    Disable System Restore, Run “SmitFraudFix” & Followed By “RogueFix” (Run Both In Safe Mode)

    Run “Disk Heal: & Lastly “SuperAntiSpyware”.

    Enable System Restore:-)

  7. TechBuzz says:
    May 7, 2009 at 11:27 pm

    Very useful information. Also, you can check a great free tool.

Leave a Reply

Got computer/technical problems? Get FREE help from Technize Forums

Incoming search terms for the article:

RAHULANTIVIRUS vbs, rahulantivirus, how to remove rahul antivirus vbs, how to delete rahulantivirus vbs, how to remove Rahulantivirus vbs, antivirus xp information, smithfraud exe, yahoo redirect virus removal, what is rahulantivirus, what is rahulantivirus vbs, free red cross antivirus removal, xp antivirus info, antivirus xp info, xp antivirus information, removing rahulantivirus vbs, rahulantivirus vbs removal tool, raulantivirus vbs removal, RED cross antivirus removal, rahulvirus, removing xp antivirus 2 5, remove rahulantivirus vb for free, remove rahulantivirus vbs, removing rahulantivirus, REMOVING RAHULANTIVIRUS VIRUS, roguefix exe, xpantiviruspro popup, xpantivirus effect, xp security center2010, xp security center 2010, xp exe Virus Removal, xp antivirus virus removal tool, xp antivirus remove tool, xp antivirus ip address, where is %Program_Files% folder, what is Rahulantivirus?, what is jargon vbs effect, what antivirus remove a jargon, rahulantivirus removal, funny antivirus remove exe setup, free download jargon vbs, free antivirus removal for jargon vbs, download antivirus vbs, Deleted Rahulantivirus vbs, como remover rahulantivirus vbs, cannot find script file rahulantivius vbs, cannot find script file rahulantivirus, cache:JkWDPBbeib8J:www technize com/the-menu-bar-disappears-from-windows-explorer/ menu bars disappear, antivirus xp removal tool, antivirus tool, AD Ware removal XP security center 2010, ??????? ????????? 5 0, Get antivirus info xp, how remove xp removal tool, RAHULANTIVIRUS exe, rahul virus removal tool, Rahul Antivirus vbs, Opiramini com, Opiramini, manual removal of jargon vbs, jargon vbs effect, information antivirus vbs, How to Uninstall XP Antivirus 2 5, How to Remove XP Antivirus, HOW to remove rahul antivirus vbs?, how to remove antivirus vbs, how to get rid of rahulantivirus, ?????? bd ren