The MS Antivirus also named as XP Antivirus, Windows Antivirus, Win Antivirus, Antivirus Pro, Antivirus Pro 2009, Antivirus 2007, 2008, 2009, 2010, Vista Antivirus,  XP AntiSpyware 2009 and Antivirus XP Pro is one of the most famous and notorious Antivirus. Firstly this resembles the familiar Microsoft Windows interface and named itself as a genuine product from Microsoft so people get easily deceived by this program. Though this program claims itself as an Antivirus it is not. This kind of programs are known as Rogue software which is a kind of Spyware. More specifically Rogue software is something that uses malware or malicious tools to advertise or install itself or to force computer users to pay for removal of nonexistent malware/spyware. Rogue software will often install a trojan horse to download a trial version, or it will execute other unwanted actions.

Once the PC is infected with MS Antivirus aka AntiVirus 2009, it issues pop up messages with fake notification of malware infection and encourage you to buy the full version of this program to remove the malware. It is very much important not to believe this fake warning and fall prey to this fake Antispyware program. It hinders the normal working of the PC and reduces the system performance. It comes bundled with many malwares and Trojans like zlob.trojan, trojan.vundo and Trojan. Downloader, so in order to completely get rid off this program you need to remove all these malwares and Trojans as well as the Antivirus 2009 component.

There are some tools developed specifically for automatic removal of AntiVirus 2009.  However we will discuss both automatic and manual removal methods. If you fall into the geek category I would suggest you to use the manual removal instruction as there is no other alternative then manual removal method for completely removing this.

The Antivirus 2009 registers some dlls, create some processes of its own, creates a folder in the program files and create some registry entries. So we need to look into all the aspects while doing a manual removal.

Manual removal steps:

I recommend to start the PC in safe mode. This can be done by restarting the PC and hitting F8 key repeatedly till you see advance startup option. Select Safe mode from the list.

Unregister the dll files

The dll files responsible fro Antivirus 2009 are shlwapi.dll and wininet.dll

To unregister these files do the following:

In Windows XP:

Click on Start > Run and type cmd. Click on Ok

In windows Vista:

Click on Start and type cmd in the search box.

From the result, right click on cmd and select run as administrator.

In command prompt type:

regsvr32 /u shlwapi.dll and hit enter and regsvr32 /u wininet.dll hit enter

It will unregister the dll files.

Stop the Antivirus 2009 processes

The processes that might be created after the PC is infected with Antivirus 2009 are

av2009install.exe

av2009install_0011.exe

av2009[1].exe

av2009install.exe

ieupdates.exe

ieupdates.exe

av2009.exe

av2009install_0011.exe

XPAntivirus2009.exe

In order to stop these processes, press Alt+Ctrl+del key together and click on task manager.

Click on processes tab and look for the above processes.

Right click on the process name and select End process.

Delete the files created by it

Generally Antivirus 2009 installs itself inside the program files folder. So look for a folder called AntiVirus 2009 or anything related to this name (or the list at the beginning of the post) and completely delete that.

Also, do a search by going to Start > Search

Click on All files and folders from left and put the file name as the following and search for each of the files and delete them.

Generally the related files are:

c:\Program Files\XP Antivirus
c:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\XPAntivirus\
C:\Program Files\XPAntivirus\XPAntivirus.exe
c:\WINDOWS\system32\scui.cpl
%UserProfile%\Desktop\XP Antivirus 2008.lnk
%UserProfile%\Start Menu\XP Antivirus 2008
%UserProfile%\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk
%UserProfile%\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk
C:\WINDOWS\krln32.exe
C:\WINDOWS\system32\scvh0st.exe
C:\Program Files\Common Files\trjdwnl.dll
C:\WINDOWS\shlext32.exe

Removing the registry keys

Click on Start and Run type Regedit and click on Ok.

Click on Start and type Regedit in the search box and hit enter. (In Vista)

In registry editor navigate to the following keys:

HKEY_CURRENT_USER\Software\Antivirus and delete this whole folder
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus and delete this whole folder.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Locate ”Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe” and delete it.

Automatic removal instructions

There are a number of genuine AntiSpyware and AntiVirus software those are really fruitful in removing spyware infection like AntiVirus 2009. You can use any of the following AntiSpyware program for helping in removing AntiVirus 2009 as well as other malwares:

Super Antispyware

Smitfraudfix

Malware Byte’s Antimalware

If you enjoyed this post, make sure you subscribe to my RSS feed!