Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

Remove Antivirus 2008 Pro Fake Antivirus

Antivirus2008Pro is another fake antivirus scam that wants your $50. It displays fake virus reports, hogs ups system memory and makes you frustrated. Though it is categorised as dangerous by many websites, it is quite simple to remove. You just need to follow the following to simple steps to remove it.

REMOVAL STEPS

1. Open task manager(Ctrl+Alt+Del). Locate and kill the process Antivirus2008PRO.exe using right click.

2. Now go to C:\program files(Assuming that your windows are installed in C drive).
Locate and delete the folder Antivirus 2008 PRO

3. Now delete the shortcuts made by it on desktop and in start menu.

4. Empty recycle bin

Now we need to do some registry editing. This need to be done carefully, otherwise it can lead to system instability

5. Open registry editing. Start Menu->Run-> Type regedit and press enter

6. Navigate to
HKEY_CURRENT_USER\Software\Antivirus 2008 PRO
and delete the key Antivirus 2008 PRO

7. Now Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Locate string antivirus-2008pro.exe on right side and delete it using the right click.
DONOT DELETE THE RUN KEY

8. Now Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2008 PRO
and delete the key Antivirus 2008 PRO

9 Now if your themes, appearance and settings are missing you can download small tool from here

Now your system is free from this virus

Please post your comments in the comments section or click the CONTACT ME BUTTONPopularity: 3%

Written by magakos. Read more great feeds at is source WEBSITE
11 comments.
Read more articles on otherSoftware.

[+] Digg: Feature this article
[+] Del.icio.us: Bookmark this article
[+] Furl: Bookmark this article

Windows 7 Vulnerability Claims (November 6th, 2009)
Active Directory Fundamentals (November 6th, 2009)
Moving from Windows 7 RC to Windows 7 RTM (November 6th, 2009)
Microsoft College Tour 09: mindblowing natural user interface concept demos from Microsoft Research (November 6th, 2009)
Latest Intel drivers add Windows 7 Virtual WiFi support (November 6th, 2009)

11 comments

Read the comments left by other users below, or:

Alex
#1. July 19th, 2008, at 1:03 PM.

Thank you so much for these step by step instructions! Avast antivirus did not catch this before it infected my computer, and I had been working on the whole antivirus thing all morning before I found this page. Now the whole virus is gone and (hopefully) the porn popups and crap have stopped. One thing, though, is that the program that infected my computer was not under the name mentioned in the instructions, but under VAV.exe.
I found it funny that I had “Vista Antivirus 2008″ when I don’t even use Vista. :]

An interesting thing I just found as I was typing the majority of this comment- some letters and spaces seem to have been deleted. Could this be part of the virus? Maybe the problem is the keyboard or my typing… but it seems interesting that I’m having problems now when I was not having any before the “attack” this morning. So, if there happen to be any errors that I have not caught, I am sorry.
Question… could this virus possibly affect the keyboard? I had turned off the insert function, but as I was just typing this, it turned itself back on!
Oh boy.

Luis
#2. July 30th, 2008, at 5:54 PM.

Gracias
… por su ayuda… buena suerte en todo..

Dieliz
#3. August 1st, 2008, at 5:18 PM.

Juste dire merci
pcq ca faisait 2 semaine que ce WAV 2008 m embetait mais grace vos conseils je l ai eliminer juste en allant sur l icone dans la bar de tache en cliquant ctrl+alt+delete et je n arrivais pas a le voir mais je me suis concentree et je fini par decouvrir que c etait ecris WAV lol
bonne chance a tous

Dave Felt
#4. August 10th, 2008, at 12:15 AM.

These all helped, but did not get rid of the fake AntiVirus warning on the desktop. I found that in System32/phc970j0eef3.bmp and in the registry:

And also have several variations in the registry under ??phc970j0eef3.xxx (various extensions like .scr, .bmp and so on.)

I also hijacked the logon screen, and currently the default user logs on automatically, even though there are several users defined on the system and all have passwords. Still working on that.

Thanks!!

Smith
#5. August 16th, 2008, at 2:35 PM.

I found the spyware in the processes and directory, not under the name noted, but under “rhcgw3j)ej28″. I also downloaded Malware and it found it also. I now have to complete the rest of your steps. Thanks.

Smith
#6. August 16th, 2008, at 2:35 PM.

Sorry that file was “rhcgw3j0ej28?

Kevin
#7. August 19th, 2008, at 1:30 AM.

well i found it and deleted the files. but on the reged… i couldn’t find them afterwards….. and then i tried looking for them but no sign… but when i do msconfig…. i can still see it on my start up… the files of lphcaenj0e1fn and rhceenj031fn are still there…… im not sure if they are doing anything… but i rather rid of them from the start up part of my msconfig. but i just can’t find any trace of them… so why would they still be there? =X

plz help me =[

Beny
#8. August 24th, 2008, at 1:53 PM.

10x a lot…it helped me:D:D

MrMmills
#9. August 30th, 2008, at 2:30 PM.

For those who know how a “hosts” file works (c:\WINDOWS\system32\drivers\etc\hosts), you may want to put in the following entry to try to avoid being infected again.
“127.0.0.1 updatesantivirus.com”

The install on my machine created the following path in the registery:[HKEY_CURRENT_USER\Software\31193903159077776455629754546541\Options] (the # may be auto generated so the # on your pc may be different.

The registry entry above had the following references:
[HKEY_CURRENT_USER\Software\31193903159077776455629754546541\Options]
“Aff”=”880582″
“AdvancedScanType”=”1″
“FirstRunUrl”=”http://updatesantivirus.com/firstrun.php?product=%product%&aff=%aff%&update=%update%”
“AfterRegisterUrl”=”http://updatesantivirus.com/confirm.php?product=%product%&aff=%aff%&email=%email%&update=%update%&cookie_type=%cookie_type%&cookie=%cookie%”
“LabelUrl”=”"
“TermsUrl”=”http://updatesantivirus.com/terms.php”
“HelpURL”=”http://updatesantivirus.com/help.php”
“BillingURL”=”http://updatesantivirus.com/license.php?Email=%email%&AffiliateID=%aff%”
“BillingUrlApproved”=”"
“TransactionKey”=”XsHrUGEutblgVFNM”
“BillingRegURL”=”http://updatesantivirus.com/order_xp.php?ver=%aff%”
“BillingURL2″=”"
“BillingUrlApproved2″=”"
“LastRun”=”8/30/2008″
“InstallDate”=”8/30/2008″
“pPath”=”C:\\Program Files\\XP Antivirus\\xpa_2008.exe”
“pName”=”XP Antivirus 2008″
“SecurityVector”=”222222222222222222222222222222222222222222″
“Scans”=”1″
“LastScan”=”30.08.2008 12:45:09″

I deleted the entire parent key and all subkeys (but as standard practice calls, I made a backup of the key first!)

[HKEY_CURRENT_USER\Software\31193903159077776455629754546541\Options]

Anthony
#10. August 30th, 2008, at 4:41 PM.

I’ve been infected with antivirusxp etc. and I can’t download any of the removal programs. I’ve managed to download AVG but antivirusxp is still there. I even removed a couple of the files recommended but the internet doesn’t work properly; manyk pages won’t open. I will keep trying. If anyone can suggest anything?

Chris
#11. January 20th, 2009, at 12:33 AM.