|
Antivirus XP is a new rogue anti-spyware program - a fake spyware remover, which uses trojans, such as Zlob or Vundo, to enter the system. This parasite is a clone of Antivirus 2008, which has been very popular recently - this is more than evident when you count all the clones Antivirus 2008 has produced over the past few weeks.
Antivirus XP uses popups and fake system notifications as a means to intimidate the user by leading him to believe he is infected. This is usually false information, but this method is used to create a reason for the user to buy an antispyware program (to be more precise - Antivirus XP).
Antivirus XP is a scam and should be treated as such: do NOT download or buy it and block it's homepage using your HOSTS fileAntivirus XP 2008 (Vista Antivirus 2008) Descriptions:
Antivirus XP 2008, or Vista Antivirus 2008, or XP Antivirus 2008, is one of the latest counterfeit antispyware that devastates the wolrd wide web. Antivirus XP 2008 usually come up after you installed a video codec or software patch that come with Trojan, malware and virus. All of these variants are from the same virus family and they are created to make our life miserable. In short, Antivirus XP 2008 normally generates fake and misleading system popup error messages so end-users will be tricked into purchase XP Antivirus 2008, Antivirus 2008 or Vista Antivirus 2008.
Antivirus XP 2008 image:
Antivirus 2008 image:
Vista Antivirus 2008 image:
It is very important to remove all the components of of the XP Antivirus 2008 and all the malware and trojans that it might have come bundle with (such as zlob.trojan, trojan.vundo and Trojan.Downloader). To effectively remove XP Antivirus 2008, we have created a manual removal instructions which is easy to understand. As always, make sure you back up the data before proceeding. Good luck!
Each program is a collection of files. To start the program you launch an executable file that runs the entire program or some of its components.
When you launch an executable, part of its code is being loaded into computer’s memory. This code is the process. It allows the system to run the corresponding program. In simple phrase, every running program is represented by its main process (or task). If such process doesn’t exist, the application doesn’t run at the moment.
Parasites are programs and also have processes. However, unlike regular software, their processes run without user knowledge. You cannot terminate a parasite like a common application by simply closing its window. That’s why you have to learn how to kill malicious processes.
Files
Each program consists of files. Even spyware, a virus or a different parasite - all have their own files. Removing a parasite often means deleting all its files. However, some files cannot be easily erased. You cannot delete the file while it’s used by an active application. Furthermore, some files are "invisible".
Imagine the situation: your anti-spyware program keeps detecting a parasite, and you know where its files reside. You open the corresponding folder, but see nothing in there! The parasite continues performing malicious actions and its files remain in that "empty" directory. You wonder how this happens?
Files can really be "invisible". However, it’s not their exceptional feature - the operating system simply hides them from you. Such OS behavior can be a result of recent malware activity. Fortunately, there are several ways to make your system display such files, and thus allow you to delete them.
In this guide manual process termination methods are described. These methods can be applied to all modern Windows operating system versions. The following instructions also explain how to find a file, make it visible (in case it’s hidden) and completely remove it from the system. This information is also fully applicable to folders (directories).
INSTRUCTIONS
I. Find the process and try terminating it
1. Start Windows Task Manager
Use the following key combination: press CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open the Windows Task Manager.
If that didn’t work, try another way. Press the Start button and click on the Run… option. This will start the Run tool. Type in taskmgr and press OK. This should start the Windows Task Manager.
Image 1. Start the Task Manager
2. Find and terminate the process
Within the Windows Task Manager click on the Processes tab (it is in the red box). This will bring the complete list of all active tasks. Find the process by name. Names are in the first column from the left. Click on the Image Name button (it is designated by the blue box) to sort tasks in alphabetical order. Then scroll the list to find required process. Select it with your mouse or keyboard and click on the End Process button (in the green box). This will kill the process.
Image 2. Terminate the process
+Alternative steps for finding and terminating the process
II. Locate the malicious file and try deleting it
Let’s assume you know the file name or at least a part of it. In such case run Windows default search tool: Start > Search > For Files and Folders. Type in the file name or its part to the search field. Specify search location. For better results select "Look in: Local Hard Drives" or "Look in: My Computer". Now start searching. The file should appear in search results.
Image 6. Search for the file
If you have no idea how to spell a filename, but you know, where it can possibly be, then you should try finding this file manually. Most parasites attempt to hide their tracks, so you will have to enable the displaying of hidden and system protected files. Open Windows Explorer. Click on the Tools menu and select Folder Options.
Image 7. Make hidden files visible
Choose the View tab. In the Advanced Settings list find the option Show hidden files and folders (on Image 8 it is designated by the red box) and select it. Then remove a checkmark next to the line Hide protected operating system files (Recommended) (in the blue box).
Image 8. Change view settings
Some files may still be invisible. To see them, launch the Command Prompt. Press the Start button and then select Run. This should open the Run dialog. Type in cmd and press enter or click on the OK button.
Image 9. Open the Command Prompt
Type in dir /A name_of_the_folder to the console. This will list all the files that reside in that folder. Hidden files will also be displayed.
Image 10. View folder content
Simply delete the file using the Windows Explorer or any other program that you use to browse the file system. Don’t forget to empty the Recycle Bin. If an error message appears saying that file is in use and cannot be removed, try terminating the associated process and then delete the file. To do this you will have to open the Windows Task Manager (press CTRL+ALT+DEL or CTRL+SHIFT+ESCAPE). Then in the Processes tab select the corresponding process and click on the End Process button.
However, some processes will run immediately after you terminate them. In such case you have to reboot your system into Windows Safe Mode . In this mode many system services are disabled and programs do not run automatically on startup. Practically any file can be easily removed.
The malicious file can also be deleted from the Command Prompt. Open the Command Prompt and navigate to the folder, where the harmful file is. To do this issue the following command: cd name_of_the_folder. Then invoke this command: del name_of_the_file. To delete the folder use another command: rmdir /S name_of_the_folder.
Image 11. Delete the folder from the Command Prompt.
|
|
