Antivirus XP 2008 is a rogue antispyware application that is starting to infect a lot of users. This particular infection is harder to remove. Also Antivirus XP 2008 installed in your Internet Explorer browser that hijacks searches you input into the Google search engine. This program usually installed itself onto your PC without your permission, through trojans (trojan.tdsserv, trojan.agent, trojan.fakealert) and browser security holes.
HijackThis shows infection:
F2 – REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\oembios.exe,
O4 – HKLM\..\Run: [lphc31tj0ev99] C:\WINDOWS\system32\lphc31tj0ev99.exe
How to remove Antivirus XP 2008:
Step 1: Remove TDSServ trojan.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
TDSSserv.sysRegistry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | brastkFiles to delete:
C:\WINDOWS\system32\wini10894.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\karna.dat
C:\WINDOWS\system32\karna.datThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 2: Remove Antivirus XP 2008 and associated malware.
- Download MalwareBytes Anti-malware (MBAM) Close all programs and Windows on your computer.
- Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
If you are still having problems, then I would recommend you follow these instructions and post your logs in the spyware removal forum. Myantispyware team will help you.
After running the arsenel of antivirus and anti-spyware utils such as AVG, SpyBot S&D, SuperAntispyware I still was infected with the Google search hijack. I found a program called SDFIX (sdfix.exe)at Major Geeks (www.majorgeeks.com) and by installing and running it that utility was able to remove the browser hijack that still plaqued Windows XP.
Thank You Very Much for a really good product as a trial/free application. XPAntivirus had corrupted a system and implanted hidden registry API entries. Difficult to remove for sure but Malwarebytes Anti-Malware removed the problem quickly and easily. You are generous to provide a free quality product and it is truly appreciated.
Thank You Again
JK
The auth image below is extremely difficult to read. I believe you may have more positive comments if they were not so difficult to submit.
JK, yes you right. But its war vs spam bot 🙁
It’s taken me nearly 15 hours of work to pinpoint this piece of sh**.
The community needs to institute the death penalty for the people that put this kind of stuff into the wild.
This is a sickening waste of time to try to defeat, isolate and remove. There is no excuse that this is somehow improving the security environment of systems every.
Death to these bast**ds.
I was suspicious that this program might be yet another spy infected program. But, it worked! I can use search engines again and things seem to be backed to order. Thanks for providing this program. I can’t argue with the results. None of the other popular programs came close to detecting all the problems that this one did.
Tim,
I agree, although the death penalty is too harsh. I would like to break that motherfuckers nose since they wasted time I should be studying. I can vouch for MBAM and SDfix. I had an annoying version which hijacked both my browsers, replaced my desktop pic and generally lagged up the system with popups etc and MBAM fixed it. I ran SDfix afterward to get the remaining processes. I currently run McAfee Security center but it did not pick it up in the real time scan which is disappointing.
I can honestly vouch for MBAM. I’m thankful I was able to find it. If you have been infected with TDSSserv trojan or the likes, this should work. I was gonna try SDFix, but MBAM worked for me. UnHackMe first warned me of this, but for some odd reason it could not fix it [gotta let them know this]. After MBAM ran its scan and removed everything, I ran UnHackMe and both logs came back clean.
I’m still unsure as to where the trojan came from .. where the fack did my PreCious contract that ill isht ?
This little $41t has been popping up in lots of normally safe systems I support.
I have some suspicion that it’s coming from the ads on some really mainstream web sites as a drive-by installer. People tell me they went to CNN and left with antivirus2k8.
Couldn’t install anything, and browser kept going to go.google.com.
I opened up Run -> msconfig, disabled everything except AVG.
Went to Control Panel -> System -> Hardware ->Device Manager
Goto view -> show hidden devices
Scroll down to non play and play drivers and disable TDSSserv.sys
Rebooted, and I could install everything I needed.
HI GUYS_____HERE IS SOLUTION>
USe Malwarebytes\’ Anti-Malware. Download it from Download.com If you download and cant install or run it, Go Device Manager (right click My Computer on desktop, Properties, Hardware Tab, Device Manager Button)
Then,
Menus>View>show Hidden Devices look under NoN Plug and Play Drivers for TDSS and disable it. (dont uninstall it). Reboot. Now you can run Malwarebytes\’ Anti-Malware. and it will fix your issues.
Friggenbozo says this thing is safe.
Don’t be angry that people are spending time to create these viruses… there have always been and always will be sick people in this world. The problem I see is how do people on a FREE, user supported forum come up with a working fix before the overpaid Antivirus developers do?
If you don’t see me again, it means that these steps & Apps were clean, for now I’m in trust mode.
THANKS GUYS I owe you one…
Brock
I was a little nervous.. but it worked.. Thanks man.. I thought I had gotten rid of this pesky little burger when I disabled it.. Nope they were still causein all kinds of trouble. This avenger thing worked.. I was afraid I would see the blue screen of death..lol.. My computer rebooted twice and was back to normal..
Thanks again,
Lady
Thank you for the advise about hot to kill that Trojan. I was almost like tonka420 with UnHackMe, McAfee Antivirus and a lot of effort to traced all other viruses that machine was.
The procedure above works !
Again, Thank you a lot !
hey guys thanks so much for the fix to go into device manager and disable TDSS. when i got hit i couldn’t get xoftspy, mcafee to work i did find MbAM but once installed it wouldn’t work either. Now everything is back to normal. thanks again
ONE Quick question from this newbie…
“What do you do with the TDSSserv.sys file after your system is working again…do you Enable it?, un-install it? or just leave it disabled?
All of you who shared your tips are the real deal!!
Thanks
SAS, you should remove TDSSserv.sys. Read more above.
I can’t access to http://swandog46.geekstogo.com/avenger.zip because TDSSserv.sys don’t let me access. What can I do ?
Somebody can help. Great thanks !
youyou, follow these steps.
AWESOME!!! Disabling TDSServer.sys finally allowed me to get malwarebytes running.
I’ve been working on my relative’s computer all day trying to get spybot or malwarebytes running in normal and safe mode windows.
THANK YOU!!
Guys I need help, I am not computer geek.
I am using windows XP and I am infected with TDSSserv and infected with virusremoval2008. I think the procedure to remove this same as removing antivirusxp 2008.
My problem is I can login into safe mode and I cannot able to login into normal mode.
Even in safe mode I cannot able to install or uninstall any antispyware or anitvirus software.
Through safemode I had disabled TDSSserv driver, but I cannot able to run Avenger or Malware bytes.
I dont know what to do?
suresh, follow these steps.
when i right click the TDSSserv, the disable function and all other functions is gray.. and i can`t use them! what should i do to fix this? am i even doing the right thing??
Worked when nothing else seemed to…thanks from a geek wannabee.
Tom
This is particularly nasty, AVG says PC Tools is infected and both fail to find it. MS Malicious SW Removal tool also fails as does Ad-Aware etc.
The solution here is the only one to work for me after 12+ hours of just trying to workout what has been going wrong!
Didn’t work for me.
Eddy, follow these steps.
somehow my norman keeps spamming that it has found this in my explorer.exe and has moved it to quarantine, but i do not have any issues with my search engine, should i bother to get any other programs? :S