One of my machines was recently infected with a worm called XP Antivirus 2008 which was unexpected, seeing as to how I haven’t gotten a virus in well over 5 years. XP Antivirus 2008 was developed in the Russian Republic and it’s purpose is a commercial one: to have you pay about $50 for a fictive antivirus to get your system clean (and it seems a lot of people are falling for that) - which doesn’t even remove their own infection, and to display popup ads and other adware at random times.

There are a lot of guides on the web on how to remove this, and they all differ more or less, and the reason is that this worm gets updated very often, uses a lot of random filenames and comes packed with other trojans. Hence, you may find that no one guide will help you remove XP Antirivus 2008.

If you’re not skilled with computers, you should probably ask for help on the HijackThis forums where they’ll assist you. Otherwise, look for every single oddly-named process, DLL in system32, startup entry (generally you’ll see it in msconfig) and registry key.

The names are many times simply random. HijackThis will find most of these entries, but some DLLs you won’t be able to delete until you’re in Safe Mode w/ command prompt or Recovery Console.

Also note that the worm changes you wallpaper to an error message and the screensaver to a fake BSOD and restart sequence - I don’t know who falls for that because as soon as you move the cursor it goes away, like any screensaver.

The XP Antivirus 2008 worm will change the group policy so that you can’t change the wallpaper or the screensaver, but you can easily disable the invisibility of these functions from gpedit.msc.

Another thing you might notice is that your Google searches are not loading, random URL requests will lead to completely different websites and banner ads on websites are much more racy - it’s typically not the browser that’s infected, because using any browser will yeld the same result. Once you remove all the worm’s processes, DLLs and registry entries, everything should be back to normal - but only after a restart.

• Free Microsoft Software for students
• How to shrink a drive using Vista’s Disk Management

Software, Operating Systems article posted on Monday, August 25th, 2008 at 12:36 pm . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.