How to Remove a Fraud XP Antivirus
XP Antivirus, sometimes known as XPAntivirus 2009, XP Antivirus 2008 and other variations, is a malicious software program that claims to be an anti-virus program but really harms your computer. To remove the program, you need either an anti-virus program or an anti-spyware program. You also have the option to manually remove the program. Even if it is a long and involved process, you will remove all remnants of the XP Antivirus.
Other People Are Reading
Instructions
-
End Processes
-
1
Press "Ctrl" + "Shift" + "Esc" to open the Task manager.
-
2
Click the "Processes" tab in the Task Manager window. Look for the following processes in the displayed list:
XPAntivirus.exe
XPAntivirusUpdate.exe
av2009.exe
av2009install.exe
av2009install_0011.exe
av2009[1].exe
XPAntivirus2009.exe
ieupdates.exe
%program_files%\\XP Antivirus 2009\\av2009.exe
krln32.exe
scvh0st.exe
shlext32.exe
xpa.exe
xpa2009.exe
-
-
3
Highlight each process and click the "End Process" button. You must do this for each individual process.
-
4
Close the Task Manager.
Delete Registry Values
-
5
Click the "Start" button and select "Run." Type "regedit" and click "OK."
-
6
Step 2
Locate the following registry values in the left-hand side of the window:
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\"XP antivirus" = "C:\Program Files\XPAntivirus\XPAntivirus.exe"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\"XPAntivirus" = "C:\Program Files\XPAntivirus\XPAntivirus.exe"
HKEY_USERS\Software\XP antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPAntivirusFilter
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run ieupdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionExplorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-dcf7-f96da086b434}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionExplorer\Browser Helper Objects\{6C6B8C69-9285-4D94-8492-9E920C8C2B65}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionExplorer\Browser Helper Objects\{74f25a2c-22b3-4023-8f1a-ca616c30a8b5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionExplorer\Browser Helper Objects\{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionExplorer\Browser Helper Objects\{D714A94F-123A-45CC-8F03-040BCAF82AD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionUninstall\XP antivirus_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersionRun "XP Antivirus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRun "mmnext06"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRun "shellbn"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRun "System"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRun "Windows Framework"
-
7
Right-click each value and select "Delete." You must do this for each individual registry value.
-
8
Close the Registry Editor.
Delete Files
-
9
Click "Start" and select "Search."
-
10
Search for each of the following files one at a time:
XPAntivirus.exe
XPAntivirusUpdate.exe
XPAntivirus_log.txt
backup.lst
helper.sys
pn.cfg
spyware.dat
explorer.exe
explorer.exe.md5
ntoskrnl.exe
ntoskrnl.exe.md5
shlwapi.dll
shlwapi.dll.md5
wininet.dll
wininet.dll.md5
unins000.dat
unins000.exe
ver.dat
whitelist.cfg
scui.cpl
krln32.exe
scvh0st.exe
trjdwnl.dll
shlext32.exe
xpa.exe
xpa2009.exe
-
11
Right-click each file and select "Delete." Click "Yes" in the confirmation box that opens.
-
12
Click the "Recycle Bin" icon on your desktop. Click "File" and select the "Empty Recycle Bin" option. Click "Yes" in the confirmation window that opens.
-
1
Tips & Warnings
If you cannot manually remove the program, run an anti-virus or anti-spyware program to remove it (see Resources.) You also have the option of performing a repair install of the Windows operating system.
Deleting the wrong files from the registry can cause damage to your Windows operating system.
