Information Technology Services (ITS)

Visit Us · Contact Us

  • Information Technology Services
    Hines Hall 101
    Staff Listing
  • Help Desk Locations
    FSA - Hines Hall 101
    Students - Standish Library

Cleaning the Fake XP Antivirus 2009 Spyware

This spyware has several names:  Antivirus XP 2008, XP Antivirus 2009, Antivirus 360, Network Security, etc.  But the symptoms of an infection are the same. These include

  • Many popup windows claiming you are badly infected with viruses.
  • Difficulties getting onto the Internet
  • Difficulties going to certain websites.
  • Noticing your antivirus or Windows updates are turned off.
The spyware mutates constantly, so it is difficult for antivirus vendors to keep up. In addition, they can hide from antivirus and prevent them from updating. The software uses many different infection routes, but it is essential to get rid of it. This page discusses some methods.
 

Malwarebytes

This is cleaning software that can be found at malwarebytes.org.   It is highly effective and, as such, it is the first choice for fixing the problem.
 
Once you download the software, run it to install it on your computer. As windows display, stick with the default options.  In general, the software will install itself, and then will check for a new version. That will be downloaded and updated before it is finally ready to be run. At all times when attempting to run this program, make sure you check for updates first. Under the Update tab click “Check for updates”
 
Under the Scanner tab, click on "Scan" to scan your computer. This may take some time -- up to a half hour. While scanning, it will keep a running total of all infections found.
 
When the scan is complete, a button will display at the lower-right for removing the detected items.  Click on it.  A list of the files will display. Click on the button to remove the items. You may be prompted to restart your computer.  Do so.
 
Note: You may notice virus warnings popping up as you scan. This is often your regular antivirus notifying you of infections.  The spyware has hidden itself from it, and Malwarebytes makes the files detectable.  Double check it is indeed your regular antivirus software and you can use that to delete the files or just wait and let Malwarebytes do the work.
In some cases, when you try to install Malwarebytes, it will not install, but will rather just die and do nothing.  Some variants of the software do this.  To fix, rename the Malwarebytes file (mbam-setup.exe) to something else (anything is good, as long as it keeps the ".exe").
 
This sometimes fixes the problem. However, if that doesn't work, there are other options.
 

Try it in Safe Mode

If the scan hangs up, or Malwarebytes shuts down, or does not run at all, you can start the computer in Safe Mode and try it from there.  To do this:
  • Shut down the computer.
  • Start it again.
  • When you see your computer’s splash screen (Dell, HP, etc.) press the F8 key repeatedly at one-second intervals until you see a black and white screen displaying a variety of ways of starting Windows.  (If Windows starts normally, restart it again).
  • Use the arrow keys to select "Safe Mode with networking". Click Enter (twice with XP). 
  • If you have a local password, you will have to enter it at some point.
  • In XP, answer Yes to the Safe Mode/System Restore prompt.
Once in Safe Mode, try running Malwarebytes again. When done, reboot into Normal Mode.
 

Other Tools

If that too fails, try some of the other tools found in Free Security Software” under “Spyware Protection”. A particularly good one is “Spybot Search & Destroy”. Then, try running Malwarebytes again.
 

Best Rule of Thumb

Avoid getting infected in the first place. See: Computer Maintenance and Security” under “Spyware”