XP Antivirus Lies! – Fake Anti-malware Software

There seems to be an epidemic of rogue security software on the Internet at the moment; much of it using social engineering to convince users’ to download an unsafe product.

The message here is: do not click on unsolicited invitations to download software of any kind.

To expand on that point; you need to be sure that any security application you are considering installing on your computer is recognized as legitimate by industry experts. To do that, visit Spyware Warrior, an excellent web site that will advise you what products work and have a deserved reputation for quality performance.

Rogue security software such as XP Antivirus 2008, is software that uses malware, or malicious tools, to advertise or install itself. Unless you have had the bad experience of installing this type of malicious software, you may not be aware that such a class of software even exists. But it does.

This particular rogue security software’s installer is usually found on adult websites, or it can be installed manually from rogue security software websites.

After the installation of XP Antivirus 2008 be prepared for false positives; fake or false malware detection warnings. As with all rogue security applications, XP Antivirus 2008 was developed to mislead unaware computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

If the full program fee is not paid, XP Antivirus 2008 continues to run as a background process incessantly reporting those fake or false malware detection warnings discussed earlier. To really try your patience, this rogue security software cannot be uninstalled using the Windows Add/Remove Programs tool.

There have been some reports indicating that XP Antivirus 2008 has the potential to capture and transmit personal and financial information, although this remains largely unverified.

Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire 3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis, to identify newer threats.

As well, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover (latest version released May 30/08), will safely remove a number of rogue security applications.

A further resource worth noting is the Bleeping Computer web site where help is available for many computer related problems, including the removal of rogue software.

What you can do to reduce the chances of infecting your system with rogue security software.

  • Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
  • Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
  • Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
  • Do not click on unsolicited invitations to download software of any kind.


Filed under Anti-Malware Tools, Firefox Add-ons, Free Security Programs, Freeware, Interconnectivity, Internet Explorer Add-ons, Internet Safety Tools, internet scams, Malware Advisories, Online Safety, Rogue Software, Safe Surfing, Spyware - Adware Protection, System Security, Windows Tips and Tools

44 responses to “XP Antivirus Lies! – Fake Anti-malware Software

  1. Another home run, Bill.

    Folks, I invite you to share this article with anyone you know who surfs the Web. These bogus pop-ups can appear from visiting practically anywhere (any site) these days…

  2. Great posting, Bill! Spyware seems to be the one of most rapidly growing types of Internet threats. When we studied this at Web of Trust, I noticed that the easiest way to get spyware on your computer is to install a free anti-spyware software!

  3. Hey Bill, Thanks so much for the mention. Nice writeup. This stuff continues to be massively present, run on users’ systems, and not all that reliably detected by traditional AV.

    We’ve got a couple recent writeups here http://blog.threatfire.com/2008/05/antivirus-fraud-2008.html
    and here

    I’ve got to say that I have not yet seen activity or components from AV2008 that confirms some of the suspicions in the post. We’ll take a closer look:
    “There have been some reports indicating that XP Antivirus 2008 has the potential to capture and transmit personal and financial information, although this remains largely unverified.”

    You’re really doing well by your readers to provide this current information.

  4. G K Thompson

    Bill, thanks for the information. I was just on the web looking for a picture of a septic filter and the XP Antivirus partially installed itself. I am now trying to get rid of it. Damn, I hate those virus creators.

  5. Pingback: detective

  6. Thanks for the info, will keep that in mind.

    @ Esa

    I noticed that the easiest way to get spyware on your computer is to install a free anti-spyware software

    While there are lots of crappy free spyware removal tools there are a number of really good ones as well. Same can be said about Antivirus Tools.

  7. B. Beesten

    I unfortunately fell for the “virus attack” after trying to remove it , gave in and bought the XPAntivirus.
    they charged me not only for what I had bought but charged me again, $ 78.83 for something which I hadn’t ordered, nor ever received. It was a nightmare trying to get in touch with anybody, and I finally connected with a guy with an accent, who told me to E-mail the billing service re. my problem. I wrote them tried to call , its been a week, and they still won’t contact me to clarify what occured. I printed off a purchase order from them when I bought the XP which verifies what I received. Anybody know what state their in, I’ll notify the states attorneys office . These people are crooks.

  8. R

    What do you do if you were dupped into buying the XP Antivirus software? Should I take any precautions such as canceling credit card and/or email passwords etc.? Is my home edition of avast! 4.8 antivirus enough to keep me safe from bogus and/or rogue software???? Please help…my computer is my life! Thank you.

  9. Pat

    I managed to get this cleaned off someones laptop. Whilst I’m satisfied that its removed, theres is one thing that I cant put back in order. Under ‘my computer’, the c: and d: drives are not listed. How can I get them to list again??

  10. Pingback: antivirus 2008 remove

  11. Pingback: antivirus for windows me

  12. Brett

    Thanks Bill! I have that stupid XP program. I’m going to download a protection program now! Thanks!

  13. June

    I was exhorted into buying winspywareprotect. Just as you say, pop-up windows showed critical threats to my computer and the only way out was to buy winspywareprotect for $93. I could not get to any webpage requiring a sign-on; winspywareprotect would issue a warning disguised as, ie – yahoo.com; under the source I found winspywareprotect. Unfortunately for them one of their dll’s is missing and I don’t think their garbage is running on my machine. I intend to contest to Bank of America to get my $93 back. I feel like I was exhorted by the mafia into paying protection money only to find out I’ll be exhorted from now on.

    Any ideas for discussions with Bank of America? They already closed my credit card when I called to contest the charge.

  14. TFB

    Got me too. Stopped Defender from running… I am using Avast! and things are all better 🙂

    My suggestion for those that paid and getting no response. Call your credit card company and decline the charge. Forget trying to work directly with the company. They installed Malware on your computer…. do you really think they will ever refund your money? Call your credit card company and decline the charge. They must remove it.

  15. kxdixon

    Thanks for the post. I just recently got tangled up in this XP Virus and I am using the suggestions you gave above.

    If there is anyone who has removed the virus and has restored their computer to normal, please tell me how you did it.

    I can’t find my C: drive and my time and date stamp read “06:45 VIRUS ALERT!”.

    Please help:-(

  16. kxdixon

    Oh, I almost forgot, the XP Antivirus 2008 Virus also hid all my programs on the start menu.

    I’ve never seen anything like that before.

    Thanks to anyone who has some experience in solving this problem.

  17. I can conclude that XP antivirus is constantly improved to make it more immune to conventional security software suites. Yesterday I helped out a guy whose PC was infected with this scam, and even though he scanned it in Safe Mode with half a dozen of antivirus programs, the malware was still there! McAfee, Lavasoft, Spybot – all of them failed the fight with XP antivirus. It seems that manual removal is the most effective way to get rid of it.

  18. James Johnson

    Hello. First I have just come across your site and would like to tell you how much I really appreciate it. There is so much information here that I wasn’t aware of. My problem is this: A friend of mine told me her computer was not working properly and she wanted me take a look at it. I found she has XP Antivirus 2008 on it and I just can’t seem to get rid of it. Please tell me which, in any, software programs could help me get rid of this ugly parasite. Many thanks

  19. Matt

    It’d be nice if you could track these people down and shoot them.

  20. Joe

    another infection here, I’m just going to reload the whole machine…. windows defender… what a piece of garbage

  21. Pingback: XP Antivirus 2008 - Social Engineering at Wahyu Mahardian

  22. Pingback: XP Antivirus 2008 / Antivirus XP 2008 - Social Engineering at Wahyu Mahardian

  23. ii honestly don’t know what some people do to get so many viruses. i download a crap load of programs and torrents everyday without any anti anything and have yet gotten anything.

    You cant blame the people who make this stuff for your actions, they cant put this on your comp without your permission.

    pay attention people to what you do online.

  24. Pingback: Top Posts « WordPress.com

  25. Pingback: XP Antivirus 2008 / Antivirus XP 2008 - Social Engineering at Wahyu Mahardian

  26. Bharat Menon

    For those averse to the manual method of removal, please try this uninstall program which completely eliminated the infection for me . Go to http://www.revouninstaller.com and download their software. Follow the instructions carefully and you should have no problem. For uninstalling Antivirus XP 2008 , I suggest you use advanced mode option which will track for all entries created by this malware in registry , files and folders and whatever bits and pieces left behind.

    Personally, I find this software to be the finest in uninstalling downloaded programs. Try it and give a post on the results.

  27. I DELETED program files “ISecurity” and got rid of 90% of the pop ups and alerts after rebooting. But it has messed up visibility of C drive and SETTINGS visibility ans I’ve still got VIRUS ALERT! by my time on taskbar and on all my files and emails. Anyone know how to get rid of this last part? Ken

  28. this did the job


    put directorys back and got rid of VIRUS ALERT! message

  29. Travis

    Its sound like this thing is getting nastier i my case. I can’t do a system restore, it hid my programs on my start menu, my C drive access is gone, it doesn’t work to go to Add and remove programs Now for the kicker I can’t even get to my Start–>Run to manually get rid of this thing. What else can I do I am to the point of wiping the hole thing. Please help

  30. lady who lunches

    Thanks so much for this most helpful website. I am a bit of an ignoramus about these things but I think I have got rid of the bloody thing, using the Smitfraud.exe recommended by Ken Waller. My appreciation to you.

    FYI my bank in the UK has refused to take action, but I think I am going to write and complain to their Head office. They have had loads of requests for help, so much that they gav e me a number in the US to try.

  31. RB


    Thank you for the excellent article. I spent a good part of last Saturday afternoon helping a friend rid himself of Antivirus 2008, which required deleting a passel of files and eventually recovering the operating system on his computer.

    I am forwarding your article to him for future reference.


  32. Calen

    Thank you so much for the great responses and the free downloads to fix my comp. With out stumbling into here I don’t think I could have fixed my problems. I still have one problem, even after using http://siri.urz.free.fr/Fix/SmitfraudFix.exe I can’t get my properties back to normal or my background picture if anyone has any ideas let me know please 😦

  33. Calen

    Never mind my last post, It did fix the problem, Again thanks Ken Waller and bill mullins for all the help you have given.

  34. Calen

    After working all day I came home to see that my comp is still infected, and has downloaded something called malware 2008 since I had deleted the antivirus 2008 earlier today. Is there any way to remove this stuff, and to hold those who create it responsible for their actions lawfully?

  35. Calen

    I gave a long search on this topic and found another free malware removal program and found Malwarebytes’ its also freeware and it finished off what was left on my system of antivirus 2008 and malware 2008 unfortuneatly I lost the link to the program but a quick google search should bring it up for anyone still haveing problems.

  36. Yousuke

    Hi, I just saw this site because i installed this stupid fake security system even though I had a real security software. Since then, some virus warning comes up over and over again. Also, on internet, the security site suddenly comes up on the window and goes into the adult site.

    Seriously, if anyone know how to solve this problem, I’d appriciate you will tell me about it. Otherwise, I don’t know how to stop this!1

  37. Christian Francis

    I was looking to purchase a copy of Nero 8 and found a ‘free trial’ which I downloaded – not from the Nero site stupidly and I AM kicking myself. Anyway, it came with XP Antivirus 2008. I’ve downloaded Spyware Terminator which found some files but it can’t delete everything. Even Kaspersky finds certain files and won’t delete them. I ran Spyware Terminatore in ‘Safe Mode’. Now, I have re-booted and I’m not getting an option for ‘safe mode’. Has this virus been created to be intelligent enough to track what you are trying to do in order to get rid of it and then counteract what you try (ie stopping the safe mode option?).

    damn, I’m pretty savvy when it comes to computers but this one has got me!

    any help???

  38. Quickclay

    I would suggest a system restore to a point before you installed the program as the easiest solution first. (THEN run the virus scan). Failing that, do a google search for xp antivirus 2008 removal and follow the steps.

  39. Steven Falken

    The only way I was able to really effectively remove it required a second computer, a router, and about 3 hours. It’s a little involved, but this method has been used to completely eradicate even the most stubborn viruses. I call it the “Global Thermonuclear Option”:

    1) On a good computer, download the Knoppix CD version and burn it onto CD.
    2) Shutdown the bad computer the “right” way (start / shutdown / shutdown computer).
    3) Start the bad computer with the Knoppix CD.
    4) While waiting on the computer to start, go to the good computer, and make sure the virus scanner on it is up to date (if it doesn’t have one, use Avast from http://www.avast.com ). Be aware that there is a malware site called www-avast.com (note the dash rather than the dot), so make sure you’re at the right one.
    5) Connect both your computers into your router. It is possible to do this wirelessly, but it will be slower.
    6) On the infected computer, open up all the Hard drives by double-clicking on them from the desktop in Knoppix. Close the windows that open up, then right-click on each of the hard drives and click on “Change Read/Write mode”. When knoppix asks if you want to make each drive writable, click on “yes”.
    7) While still on the infected computer, go to the “K” icon (lower left), then “KNOPPIX”, then “Services”, then click on “Start Samba Server”.
    7) If it asks to set a password for the knoppix user, use something simple like “knoppix123” — this is not a permanent username being created — after you reboot the bad computer, this will all be gone.
    8) when it says “export all harddrives…”, click on “Yes”.
    9) On the good computer, go to Start, then Run, then type \\KNOPPIX and hit ENTER.
    10) The computer will ask for a name and password. Use “knoppix” as the username, and then the password you set up in step 7.
    11) For any share that looks like “hda1”, “sda1”, “hdb1”, “hda2”, etc. (starts with hd, then a letter, then a number, or “sd”, then a letter, then a number), right-click on it, then click on “Map Network Drive”. Windows will assign a drive letter for you, you just need to click “Finish”.
    12) Start your virus scanner and tell it to scan the remote drives. In this case, we’ll assume you use Avast, and that the network drive . you’re trying to scan are Z: and Y:. You would open Avast, then click on “Folder Selection” on the right in the middle (looks like a folder icon), then check the boxes for Y: and Z: (or all the network drives). You’ll be able to tell which ones are network drives because they identify themselves as “knoppix”. Click “OK”, then the “play” icon from avast, which will start the scan. Check the instructions on how to use your virus scanner program for more details. Essentially, you want to scan archives, and you want the scan to be as thorough as possible.
    13) After the virus scan is done, download the installer for Avast on the good computer, and copy it to the previously infected computer, in the root directory. If the computer has as more than one hard drive, copy it to all the hard drives, if it will fit.
    13) Close avast on the good computer, then go to the “My Computer” icon and disconnect the network drives that you just scanned.
    14) Go to the previously infected computer, click on the “K” icon, then “Log out”, then “shut down”. Follow the instructions on removing the CD-ROM, and reboot the computer into safe mode.
    15) As soon as the previously infected computer starts, go to Start, then Run, and type “C:\Setupeng.exe” (or whatever the filename of the avast installer was). Allow avast to install. It is not necessary to run a boot-time scan, as you’ve essentially just done that over the network. Reboot the computer into normal Windows.
    16) The previously infected computer will have no trace of the viruses that Avast found and deleted during the network scan.

  40. Nyanco

    I saw a friend of mine installed and purchased Antivirus XP 2008 on Tuesday when I visited her. At home, I did a research and found that it was a fake software. I told her to call the credit card company to cancel the transaction as soon as possible.
    On Thursday, I went to her place, and helped uninstall it. Her OS is Windows 2000 and the command “msconfig” did not work. But this software seemed to have worked;

    Also, if you already have purchased this bogus, you can file a complaint here;

  41. Shirley Whittemore

    Anti-Virus Xp 2008 popped up on my screen and said that there were “severe” threats and I should download the software in order to be protected. I was a sap and took the bait, to the tune of $49.95. I was nervous knowing that they had my credit card info and called my cc company. They informed me that the company is in GIBRALTAR! She gave me a phone # to call : 866-905-5125. Not sure what to do from here.
    Shirley, New Jersey

  42. tom

    seems to like internet explorer the best.
    microsux could fix this…. disallow popups and a bunch of other crap

  43. Pingback: Memulai Sukses dari awal »  ADA YG PENAH KENA VIRUS ???