Your best source of information and news about windows, drivers and Vista hardware on the internet

Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

W32/XPAntivirus.TF Trojan

You are currently browsing the articles from MS Windows Vista Compatible Software matching the category W32/XPAntivirus.TF Trojan.

Manual Removal of W32/Antivirus2009.EE Trojan

Manual Removal of W32/Antivirus2009.EE Trojan.
W32/Antivirus2009.EE is a trojan. The trojan will infect Windows systems.
This trojan first appeared on February 11, 2009.
Other names of W32/Antivirus2009.EE Trojan:
This trojan is also known as Crypt.BNT, FraudTool.Win32.Antivirus2009.ee, Win32.Adware.Antivirus2008
Damage Level : High/Medium
Distribution Level: Unknown
Auto Removal Tool for W32/Antivirus2009.EE Trojan
W32/Antivirus2009.EE Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
Download W32/Antivirus2009.EE Trojan Known Files Removal Tool

[Run As Administrator [MS Vista], After Execution System Will Restart]
  • %Program Files\Antivirus 2009\av2009.exe
  • %Program Files\Antivirus 2009\Antivirus2009.exe
  • %Program Files\Antivirus 2009\shlwapi.dll
  • %Program Files\Antivirus 2009\wininet.dll
  • %Documents and Settings\Default User\Local Settings\Temporary Internet Files\av_2009glof[1].exe
    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled
    Download the following file [ Right click and select “Save Target as” ]
    Click to Download - Enable Registry.reg
    Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
W32/Antivirus2009.EE Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf, [ Right click and select “Save Target as” ] and then continue with the removal.
Save it to your Windows desktop. Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
 Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]

Delete the registry Key “Antivirus” at “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run”

Delete the registry key “Antivirus” at “HKEY_CURRENT_USER\Software\”
Delete the registry key “Antivirus” at “HKEY_LOCAL_MACHINE\Software\”
HKEY_USERS\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\Software\Microsoft\Windows\CurrentVersion\Run 

Search Registry For W32/Antivirus2009.EE Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
Ultimate Links PC Tips

Written by FireFly on February 15th, 2009 with no comments.
Read more articles on W32/XPAntivirus.TF Trojan and W32/Antivirus2009.EE and W32/AntiMalware2009 and manual removal and otherSoftware and removal of trojan and Windows XP.

Manual Removal of W32/XPAntivirus.TF Trojan

Manual Removal of W32/XPAntivirus.TF Trojan

W32/XPAntivirus.TF is a Trojan. The Trojan will infect Windows systems.
The trojan may be dropped by other malware or may be downloaded from remote website by other malware.
It may also be downloaded unknowingly by a user while visiting malicious Website.
This Trojan first appeared on October 8, 2008.
Other names of W32/XPAntivirus.TF Trojan:
This Trojan is also known as
VirTool:Win32/Obfuscator.BI, Mal/EncPk-CZ, not-a-Virus:FraudTool.Win32.XPAntivirus.tf.
Damage Level : Highly Dangerous
Distribution Level: High/ Medium
There is NO Auto Removal Tool for W32/XPAntivirus.TF Trojan
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

  • %Program Files%\rhcjg7j0e38v\rhcjg7j0e38v.exe
  • %Program Files%\rhcjg7j0e38v\msvcp71.dll
  • %Documents and Settings\[User Name]\Local Settings\Temporary Internet Files\Recent\images of xpantivirus2008.lnk
  • %Documents and Settings\[User Name]\Local Settings\Temporary Internet Files\Recent\New Text Document.txt.lnk
  • Task Manager Running Processes
    XPAntivirus.exe
    xpa.exe
    xpa2008.exe
    XPAntivirusUpdate.exe
  • %Program Files\XPAntivirus\
    xpa.exe
    xpa2008.exe
    XPAntivirus.exe
    XPAntivirusUpdate.exe
    shlwapi.dll
    wininet.dll
    XP antivirus
    XPAntivirus.lnk
    Uninstall XPAntivirus.lnk
    XPAntivirus on the Web.lnk
    XPAntivirus.url
    XPAntivirus2008.lnk
    Uninstall XPAntivirus2008.lnk

    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg

To un-register the .dll Files
Click Start, and then click Run.
Type, or copy and paste, the following text:
regsvr32 /u shlwapi.dll
then click OK.
regsvr32 /u wininet.dll
then click OK.
Manually Remove From Registry 
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.

HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPAntivirusFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP antivirus_is1
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\”XP antivirus” = “C:\Program Files\XPAntivirus\XPAntivirus.exe”
XP antivirus
HKEY_USERS\Software\XP antivirus
_+ Any of the Above Listed Files +_

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.
Exit the Registry Editor,
Restart your Computer.
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)

Written by FireFly on December 15th, 2008 with no comments.
Read more articles on manual removal and trojan removal and W32/XPAntivirus.TF Trojan and Removal and removal of trojan and antivirus and otherSoftware and Windows.