Quick Fix For “Antivirus XP 2008” Malware

Sunday, 2008-July-27 at 13:39 5 comments

Follow these instructions.

This is how I got rid of Antivirus XP 2008. It is different than the XP Antivirus 2008 most sites refer to.

This is here more as a reminder for me than anything else. That post was not at the top of my search results, and I can change that by only searching here. If you are trying to clean up AvXP2k8, you should go to that forum post and follow those instructions. There are other posts in the thread, but this was the one that worked for me. As always, your mileage may vary, so I am not liable for anything you do to your computer.

At least the user had the good sense to immediately report it, rather than try to self-fix the situation. Also, thanks to co-worker Matt Bussey for his assistance in researching the situation.

Entry filed under: Uncategorized. Tags: .

RMS: It’s not the Gates, it’s the bars Wave Of Spam

5 Comments

  • 1. mike bernardo  |  Wednesday, 2008-August-20 at 17:06

    this is a temporary fix. but it works. i downloaded macs safari browser for windows, and it seems unaffected by the virus.

  • 2. Jennifer Harden  |  Thursday, 2008-August-21 at 11:49

    Thanks so much for the link to the CNET web page. I have read through alot of the forum and the guy named Grif is awesome!! His steps to removing this virus has worked for ,literally, everyone! If anyone wants to know how to get rid of the Antivirus XP 200 virus, this is definitely the solution!
    Thanks again!
    Jen

  • 3. D4m0  |  Sunday, 2008-August-24 at 04:33

    As a tech working for the IT firm in my URL, I have found that the only way to be sure is to format and reload. It’s not worth my clients’ time for me to try to remove it. Boot to Safe mode, run a tool such as Belarc to get product keys, get a ghost of their drive and start again. When restoring data, restore to a spare drive and scan with malware bytes before going near the newly installed machine. The Ultimate Boot CD is useful, as it is relatively easy to get Ghost on to it too. If formatting is not an option, delete all sys restore points until you’re absolutely sure you have rid the system of it, and if the comp comes from a Domain, check msconfig after logging on! I had a newly installed machine try to reinfect from a startup entry in the user’s profile!! Check that it has not scheduled a task that will reinfect, check every reg key in Run, esp ones that show no info in msconfig. Blacklist media dot star, ad dot star, tribal fusion and any other known popups. I list them in longhand just in case. This thing can generate a genuine looking question box with the close button disabled to initiate installation! My own Firefox machine fell victim to it while my kids were playing kids’ games. Any memory key or USB drive you plug into an infected machine must me scanned before subsequent use. Did I miss anything?

  • 4. lnxwalt  |  Tuesday, 2008-August-26 at 21:55

    @D4m0:
    That is good advice for those who have those tools available. I normally DBAN infected computers and then re-image them. But if you have no access to Belarc/Sysprep/Ghost, then you either try to clean it or ship the computer back to your company’s central IT for re-imaging.

    Outside of a company, this would mean (at least) buying a new Windows install CD (most computers come with a restore partition, but if the computer is infected, you cannot trust anything on that partition). One family I know buys a new computer each year when their teen downloads some malware. The quick fix linked is good for that situation, even if all you want to do is back up your data.

    I also want to mention that this product seems to strip out the newer definition files for major antivirus / antispyware products (e.g., Symantec / Norton), preventing them from detecting or removing the malware.

  • 5. Has It Peaked? « Opportunity Knocks  |  Monday, 2008-September-22 at 18:04

    […] Monday, 2008-September-22 This Summer was a challenging one, as Antivirus XP 2008 started popping up everywhere. I have users all over the state, so this could have been a lot worse than it was. Still, I was dealing with it often enough that I made sure I could find the “fix”. […]


RSS Slingshot

  • An error has occurred; the feed is probably down. Try again later.

RSS Unknown Feed

  • An error has occurred; the feed is probably down. Try again later.

RSS Unknown Feed

  • An error has occurred; the feed is probably down. Try again later.

RSS Owner Managed Business

  • An error has occurred; the feed is probably down. Try again later.

Archives

Recent Posts

Blog Stats

  • 596,460 hits

SUBSCRIBE


%d bloggers like this: