How to remove XP Antivirus Protection?
Received a call few days ago from my client saying that their PC now load “XP Antivirus Protection” whenever windows start. I’ve no idea what “XP Antivirus Protection” is at that moment. After googling for while, i found out this “XP Antivirus Protection” is another “AntiSpywareShield” or “virprotect” a like software. Generally speaking this “XP Antivirus Protection” is a fake anti virus software.
So, to remove “XP Antivirus Protection” you need to go thru the steps below:-
- Go to Start -> Run -> type “cmd” and enter
- Go to the command prompt and enter this 2 command “regsvr32 /u shlwapi.dll” and “regsvr32 /u wininet.dll” to unregister the dll
- Right Click on your taskbar and select “Task Manager” and go to “Processes” tab
- Look for XPAntivirus.exe and XPAntivirusUpdate.exe then right click on it and click on “End Process” one by one.
You must make sure there is no more XPAntivirus.exe and XPAntivirusUpdate.exe process running
- Now u go to Start -> Search or Start -> Search -> For Files or Folders
- Then type the word below one by one at the “All or part of the filename” and click Search, if the file is found, right click on the file and click Delete:-
- shlwapi.dll
- wininet.dll
- XP antivirus
- XP Antivirus 2008.lnk
- XPAntivirus.lnk
- XPAntivirus.exe
- XPAntivirusUpdate.exe
- XPAntivirus on the Web.lnk
- XPAntivirus.url
- Uninstall XP Antivirus 2008.lnk
- Uninstall XPAntivirus.lnk
- Once u finish remove all the files above, you now go to Start -> Run and type regedit and enter
- Go to “HKEY_USERS\Software\” and delete “XP antivirus“
- Now restart your system. The “XP Antivirus Protection” is now removed!
Posted at April 19th, 2008 by chua
If you think this article helps you to solve your problem and clear your headache, feel free to buy me a drink :)
May 15th, 2008 at 11:40 am
Everytime I type in the regsvr32 /u shlwapi.dll and regsvr32 /u wininet.dll I keep getting taht it was loaded but the server was not found and says to make sure I have a valid dll or oxc. And my computer wont allow me to delete any of those thing keeps saying I don’t have permission even though I’m the only person on this computer.
May 19th, 2008 at 2:31 pm
XP antivirus is actually a new malware which should be avoided. Thanks chua for the removal method.
May 28th, 2008 at 5:26 pm
This is because a computer virus is able to duplicate and spread itself within a computer or computer network, However, you may not even know that your computer has a virus because it can usually hide itself really well within a program, file or document.
June 27th, 2008 at 10:37 am
I don’t even know how this thing got on my computer but I couldn’t get it to stop. I kept getting all kinds of popups while my computer was trying to boot up and then the screen would go all weird, then switch to all blue and give me the microsoft message regarding virus/safe mode. I finally my computer up and tried the steps here but when my computer found shlwapi.dll & wininet.dll and I tried to delete it - it said “access denied”!
July 13th, 2008 at 2:08 am
I found out that many antivirus softwares like Norton, McAfee, SpyHunter etc. don’t even work for this virus. Even yours didn’t help.
Here’s how to do it manually and safely. This is a detailed one.
1. Go to directory list C:\WINDOWS\system32 and sort by date to look for files created since the infection began. In my case there were three suspicious ones:-
blphc1f1j0ev7l.scr
lphc1f1j0ev7l.exe
phc1f1j0ev7l.bmp
Notice that part of the file name is common to all of them (c1f1j0ev7l).
You cannot delete these files immediately because it is still running on your computer so proceed to step 2.
2. Run msconfig, click on the startup tab and untick the startup for the “virus”.exe file (in my case lphc1f1j0ev7l.exe)
3. Restart your computer.
4. This is the time you will continue with step 1. Go to system 32, arrange files by date modified and delete the files with the common name (mine is c1f1j0ev7l).
5. Check that the virus files above have not come back. You may also need to reset the wallpaper in Control Panel Display settings.
6. Run regedit and search for items containing the “common” name (c1f1j0ev7l). Here’s an easy step: On the first panel, click My Computer. Click Edit from the menu bar and click Find.
Type the common name and the computer will automatically show the files containing the common name. You should find at least two (the screensaver and the startup register).
Delete the items found from the registry.
7. Restart your computer again.
8. Go to My Computer, Drive C, Program Files. Arrange icons by Name, then on the folders beginning with “R”, delete the one with the unusual name (on my case, rhcn7cj0ea59). This folder contains
the Antivirus XP 2008.
9. Go to Start, All Programs, and right click “Antivirus XP 2008″, this time, it’s safe to delete it.
10. Go to Control Panel, Add/Remove Programs, then remove Antivirus XP 2008.
11. Finally, remove all contents of the recycle bin.
12. Restart your computer and you can now get back to work!
Hope this helps a lot for freshers in manually removing virus and other malwares.
July 13th, 2008 at 2:26 am
Thanks someone for your solution.
I notice this malware has some new updates or may be there are few different version is running around on the net.
I came across the same malware name but need different solution to solve it.
I think my post only able to solve the early version of the malware but not the hybrid one.
July 17th, 2008 at 1:43 pm
Thanks someone for your solution. It worked immediately and all the xp 2008 virus is gone plus the small window which was saying that my pc was infected with spyware is gone too.
Slight problem; I just can’t get my old background images back. Whenever i right click on the desktop, and try to find different images to set them up as my background image i just can’t find them.
please help.
thanks again