Helping people with computers... one answer at a time.

Every so often malware comes along that the current crop of anti-malware tools don't remove. We'll look at why, and what steps you should take.

I got hit with some sort of adware / spyware/ malware that keeps popping up a task bar icon telling me i have security problem and then it keeps trying to download XPAnti-virus or some other type of spyware blocker. I have MacAfee, Windows Defender, Ad-Aware, and Spybot S&D all loaded in my machine, yet I can't seem to get rid of this problem. It keeps popping up every 5 to 10 seconds, making doing ANYTHING almost impossible. I have even tried to do a system restore, and I can't do that either. Any suggestions?

I'm actually starting to hear this a lot more frequently in recent days.

As always, it's the never-ending race between the malware creators and the anti-malware tool creators.

If I found myself in your shoes, there are a few things I would look into.

The single, first and most important thing I would make sure of is that the anti-spyware and ant-virus software you are running is up-to-date. By that I don't necessarily mean that the program versions are the latest and greatest, though that's also a good thing. I mean instead that the databases of information they use to identify malware are as up-to-date as possible.

Most anti-malware programs have the ability to update their databases of information automatically, and you should make sure that's enabled. Updating daily is recommended, and that's no joke: new malware is being created every day. If the databases are out of date then the anti-malware tools you have won't be able to detect and deal with the latest threats.

"The single, first and most important thing I would make sure of is that the anti-spyware and ant-virus software you are running is up-to-date."

(I'll also mention that running at least three, if not more, anti-spyware programs simultaneously concerns me. If the real time components for all are enabled, it's possible that they could conflict with each other in odd ways.)

System restore was a good idea, even though I'm not a huge fan of it. It doesn't restore everything most people think it does. It's worth a try, though it's important to realize that chances are even if it does make the problem go away, the infected files that lead to the problem in the first place are likely still around.

My next step would be to look for information specific to the product or threat that you're experiencing. Google is your friend, and searching for specific terms, names and messages that you might be experiencing can often lead you to resources and solutions.

As it turns out "XP Antivirus", "Antivirus XP 2008", "Antivirus XP 2009" are apparently relatively new, very annoying, and very difficult to remove. Anti-malware vendors are struggling to keep up, but this is clearly a case where keeping your anti-malware software up-to-date as mentioned above is a critical first step.

There are also various sites that list step-by-step manual removal procedures, or have tools specifically for this threat. My earlier article How can an infection like Antivirus XP 2008 happen? has links to some of the more reputable sources.

Finally, with increasing levels of severity, I would try:

  • The System File Checker - in case the malware affected system files that can be repaired or replaced.

  • A Repair Install of Windows - which would, essentially, replace all of Windows system files and Windows registry entries.

  • A reformat and reinstall of Windows from scratch.

Yep, that last one's pretty painful. Unfortunately, in the very strictest sense, it's the only solution that is guaranteed to rid you of any and all pests. In fact, there's a philosophy that that says once you've been infected by anything it's not your machine any more - no matter what you do you have no idea what the infection left behind. You don't know that the anti-malware tools you may have run have cleaned it off, because malware's very purpose is to avoid detection. Once infected the only way to be 100% sure that you're clean is to erase everything and start from scratch.

As you might imagine, that's not a particularly practical solution in many cases, and most people are satisfied to live with the risk of simply letting anti-malware tools do their job and assume that they are successful.

But it's also perhaps the biggest argument for prevention being much more important than most people realize.

Article C3536 - October 18, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

18 Comments
vincent
October 18, 2008 1:01 PM

Go through all the steps on this list:
http://forums.majorgeeks.com/showthread.php?t=35407

It will remove virtually anything "mal" from your computer.

good luck!

Ken B
October 18, 2008 7:15 PM

Go to http://www.bleepingcomputer.com/malware-removal/remove-xp-antispyware-2009 and scroll down to the link for Malwarebytes Anti-malware. It will remove this particular infection quite nicely. My wife uses this to remove it from the students' computers are a local college.

Geoff
October 21, 2008 8:25 AM

I used Bit Defender (free version) to remove this problem from a frien's computer last week.

Don Top
October 21, 2008 8:26 AM

Here's a program that's free and it clean up some nasty stuff for me that several other programs missed. http://www.download.com/Trojan-Remover/3000-2239_4-10038982.html

Steve Lajzer
October 21, 2008 8:34 AM

I agree with Ken B.. Malwarebytes does the job very quick and easy. I have been seeing this alot on computers that download a lot of music.

Greg Wilson
October 21, 2008 9:00 AM

I have used Malwarebytes Anit-malware on several computers and it worked very well. On the Home page, navagate thru the adversitising and look for the free malwarebytes pages. Update and Run it often, at least once a week.

Roy Brophy
October 21, 2008 9:44 AM

I had the same thing and Malwarebytes got rid of it. I bought the program just to say "Thanks!"

Marty Miller
October 21, 2008 10:02 AM

As an IT Manager, I've seen lots of the XP Antivirus on our system. Malwarebytes is the solution I have reached for again and again. It has always gotten rid of this annoying pest of a problem.

Richard
October 21, 2008 10:04 AM

I agree with Ken, Steve, Greg and Ron... I had the antivirus 2008 virus and Malawarebytes, not only found it ( it was being quarintined by windows defender) it ripped it out of quarintine and deleted it, something other programs I tried could not do....one powerful program...try it !!!!!

MARK
October 21, 2008 1:10 PM

Superantispyware also removes this junk as well as Smitfraud fix and malwarebytes. The old stand-by adaware doesn't seem to get some of these new threats.

Paul Higgins
October 21, 2008 2:10 PM

Malwarebytes, as recommended. I had this. Tried the complicated manual instructions variously suggested, but Malwarebytes finally got it.
If you have icons missing, this malware moves and hides them, different folders on different infections. You just have to look/search for them.

John Pen
October 21, 2008 4:32 PM

In addition to regular scanning by various up to date prevention programs I run a weekly automated backup using Acronis TrueImage, so that the latest available image is never more than a few days old and slightly older versions are also available should the infection have arrived a while ago. Sometimes restoring a backup image is quicker and easier than routing out a pest, and certainly quicker and simpler than reinstalling Windows. Restoring from a clean image file also ensures that all traces of the pest are gone.

peter Springsteen
October 21, 2008 4:48 PM

I run SpybotSD, Avast corporate edition,and use Spyware blaster,rogue remover and Malwarebytes. So far they have clobbered anything the net throws at me,I use memeo auto sync and Active disk image [ a heap easier to use than Acronis - which is a technicians nightmare]

Linda White
October 21, 2008 4:55 PM

I find that Spyware Blaster is the best thing to use. I used to also use Lavasoft's Adaware and Spybot Search & Destroy, but for years all they found were cookies. I came to realize that Spyware Blaster was doing the job, and I've been using it with a good firewall (hardware & software) and antivirus for about 3 years now with not a single problem. I have the newest version of AVG and it has some antispyware components and it hasn't found anything yet. Not even a virus.

Ruth
October 30, 2008 1:04 AM

I would like to recommend Search-and-destroy to anyone that wants a good scan for their computer. I tired many other scanners in the past but so far I like this one the best. Itís cheaper than many of the others and it cost less. What more can you ask for? The antispyware solution from Search-and-destroy found at http://www.search-and-destroy.com is a great option whether you use your computer for work or personal use. It will keep it clear and clean of antispyware that bogs down your PC and causes it to be sluggish and annoying.

Please be aware that this is not the same product as Spybot Search & Destroy. This other product has a very similar name, but is not the same product. It's Spybot that most sites recommend.

- Leo
30-Oct-2008

Curtis
October 30, 2008 4:10 PM

Boot into safe mode before running / installing spybot. It will take care of the problem. I know for a fact...I had the same issue. My infection came from a fake flashplayer link.

angela
November 7, 2008 12:19 PM

i want to get rid of tyhat anti virus 2009 thing.it keeps popping up.and i hate it n.willl someone help me

That's already been addressed in this article How can an infection like Antivirus XP 2008 happen? - be sure to read the comments as well.
- Leo
08-Nov-2008

emmatyson
August 6, 2010 3:41 AM

It seems u r nt benifitted wid the Antispywares u are using,so try some other gud antispyware.
I work on many OS Vista , Win 7,XP and have installed the combo of Macfee & Advanced System Protector , the reason of using Advanced System Protector is that it not only blocks the spyware b4 it can enter your system, will also clean the infections if any and it gives routine updates of the latest definitions and is very easy to use.
The On Execution Scanner & Alert Shields make it more efficient in the case of internet access. free version of ASP is also available which provides free scanning and cleaning.
Try this.

http://www.systweak.com/AntiSpyware/Download/

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.