Question:

Windows XP Antivirus 2008 is eating up my C: drive.

by  |  earlier

0 LIKES UnLike

I was infected with Windows XP Antivirus 2008 through a torrent file I downloaded. The file was located in my C: drive and getting rid of it was the first thing I did, because it said that my C: drive had only 2 GB left. After deleting the file, 30 GB space had been freed.

After that, I tried getting rid of Windows XP Antivirus 2008. I did everything bleepingcomputer.com said, even downloading Malwarebytes' Anti Malware. I scanned, found and deleted what I thought were all of the files. It worked (or so I thought) for everything seemed okay after that.

Flash forward to today. I just checked My Computer and I was surprised to see that my C: driver has only 2 GB remaining once again. I ran Anti Malware and found two new trojans and deleted them. However, I don't know what to do about my C: drive. It still only has 2 GB and I still can't find whatever's taking up all that space.

Is reformatting really my only option? Help would be much appreciated. Thank you!

 Tags:

   Report

10 ANSWERS


  1. XP Antivirus 2008 (XPAntivirus 2008) is a new version of well known fake spyware cleaner. This program have aggressive behaviour and deceptive advertising tactic. XP Antivirus 2008 displays false security warnings and malware detection reports to scare users into buying full version of this useless program. Likewise older versions, XP Antivirus 2008 can install other malware, capture browser's homepage, redirect search results and slow your computer. We recomend to remove XP Antivirus 2008 from your PC.


  2. VundoFix:

    http://www.symantec.com/content/en/us/gl...

    Disconnect your computer from the internet

    Run vundo

    Restart your computer

    Run the tool again to ensure no traces are left.

    If there are the reboot into Safe Mode and run FixVundo again.

    SmitFraud Removal

    This tool will remove Desktop hijacking malware. Firstly, download the removal tool from here:

    http://downloads.securitycadets.com/Smit...

    How to use:

    http://cotojo.wordpress.com/2007/08/24

    RogueRemover:

    http://www.download.com/RogueRemover/300...

    Download, install, update, scan and follow on screen prompts.

    Spybot S&D:

    http://www.safer-networking.org/en/downl...

    Download, install, update and Immunize, then click 'Check for problems' then when complete select all and then 'Fix Checked'

    Wallpaper Hijacker Removal Tool:

    http://www.majorgeeks.com/Wallpaper_Hija...

    Note: You should hit all "Repair" buttons even though it may not say "Found!" This will fix a wallpaper hijack everytime if all repair buttons are pressed.

    Windows Malicious Software Removal Tool:

    http://www.microsoft.com/downloads/detai...

    64bit Version:

    http://www.microsoft.com/downloads/detai...

    If all else fails try an in-place upgrade:

    If you can’t repair a Windows system that won’t boot and you don’t have a recent backup, you can perform an in-place upgrade. Doing so reinstalls the operating system into the same folder, just as if you were upgrading from one version of Windows to another. An in-place upgrade will usually solve most, if not all, Windows boot problems.

    Performing a Windows in-place upgrade is pretty straightforward. To begin, insert the Windows CD into the drive, restart your system, and boot from the CD. Once the initial preparation is complete, you’ll see the Windows Setup screen. Press [Enter] to launch the Windows Setup procedure. In a moment, you’ll see the License Agreement page and will need to press [F8] to acknowledge that you agree. Setup will then search the hard disk looking for a previous installation of Windows. When it finds the previous installation, you’ll see a second Windows XP Setup screen on the next page.

    This screen will prompt you to press R to repair the selected installation or to press [Esc] to install a fresh copy of Windows. In this case, selecting a repair operation is the same as performing an in-place upgrade, so you’ll need to press R. When you do so, Setup will examine the disk drives in the system. It will then begin performing the in-place upgrade.

    This retains ALL of your files and folders, whereas a format removes them.

  3. Have the people at btexpress look at your computer. The site is btexpress.page.t and it has great deals. See for yourself  

  4. yeah reformat is the way...it will come back and come back like the bills..try to reformat it ^^

  5. if you have the  windows cd/dvd reformating is the best choice! if not ...

    try the following programs :: they are all FREE

    Superantispyware(run this twice)

    Ccleaner(this gets rid of temporary files stored on ur pc.

    GOOD LUCK, write back if it workd/didn't workd

  6. XP Antivirus 2008 is not eating your hard drive XP Antivirus 2008 is a rogue program - I think you got a worm from torrent (NO P2P PROGRAM IS SAFE)

    Boot in safe mode with networking & do two free online scans:

    http://www.bitdefender.com/scan8/ie.html

    http://housecall.trendmicro.com/uk/

  7. Are you sure you've removed it fully? Go to control panel> Remove programs, and remove it.

    Follow these steps.

    Find and Stop Antivirus 2008 Processes:

    Antvrs.exe

    AntvrsInstall.exe

    AntvrsInstall[1].exe

    Win Antivirus 2008.exe

    av2008xp.exe

    Find and Remove Antivirus 2008 registry values:

    HKEY_CURRENT_USER\Software\Antivirus

    HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus

    HKEY_CURRENT_USER\Software\Microsoft\W... "Antivirus"

    HKEY_CURRENT_USER\Software\Microsoft\W... "3P_UDEC"

    Software\Microsoft\Windows\CurrentVers...

    Microsoft\Code Store Database\Distribution Units\3BA4271E-5C1E-48E2-B432-D8BF420DD3...

    Microsoft\Windows\CurrentVersion\Explo... Menu2\Programs\Antivirus2008y

    Remove these with Registry Editor

    (Start>Run>Regedit)

    AntiVirus 2008.lnk

    Antvrs.exe

    AntiVirus 2008.lic

    AntvrsInstall.exe

    AntvrsInstall[1].exe

    Uninstall Antivirus.lnk

    Antivirus Pro 2008

    Uninstall Antivirus 2008.lnk

    Win Antivirus 2008.exe

    av2008xp.exe

    s9201



    Hope I helped!

    Blaster

  8. go to this site and delete all files that are listed :

    http://www.pcthreat.com/parasitebyid-683...

  9. There's a better solution - firstly make sure you have 2 partitions, make C: small and D: big enough to store backups and all yoru documents.

    Next, right click 'My Documents' selecting properties, and relocate it to your D: partition. Resize D: to leave space (50GB unpartitioned is good)

    Next, download Ubuntu linux and install it in the spare space. Now you have an operating system you can trust, and your documents are safe. If Windows packs up, you cn still boot and select the Ubuntu option at bootup instead of Windows.

    Finally, you need to understand that basically XP is rarely worth repairing - keep drivers backed up, keep personal files separate, keep installers on D: to make it easy. Eventually, you'll learn two things - Using Ubuntu means you left all the malware behind, and XP is good only if you keep it away from internet!

    I run XP so I can use Yahoo Messenger and MSN messenger - I run them on XP which runs using a VDI (virtual hard disk) inside VIRTUALBOX. If it gets infected, I restore the image - 10 seconds to completely restore it!

    Ubuntu never had any kind of malware problem.

  10. Well actually like 5 minutes ago I installed Anti malware from Malwarebytes.org and it suprisingly took all that c**p off I got thew virus yesterday and it tottally installed by itself! So I did all this manual stuff which worked quite well then i did an extra scan with malware bytes and it got rid of all the extra files from windows xp virus! Now im free finally here are the instructions I used to get it gone! I hope this helps!

    I found out that many antivirus softwares like Norton, McAfee, SpyHunter etc. don’t even work for this virus. Here’s how to do it manually and safely. This is a detailed one.

    1. Go to directory list C:\WINDOWS\system32 and sort by date to look for files created since the infection began. In my case there were three suspicious ones:-

    blphc1f1j0ev7l.scr

    lphc1f1j0ev7l.exe

    phc1f1j0ev7l.bmp

    Notice that part of the file name is common to all of them (c1f1j0ev7l).

    You cannot delete these files immediately because it is still running on your computer so proceed to step 2.

    2. Run msconfig, click on the startup tab and untick the startup for the “virus”.exe file (in my case lphc1f1j0ev7l.exe)

    3. Restart your computer.

    4. This is the time you will continue with step 1. Go to system 32, arrange files by date modified and delete the files with the common name (mine is c1f1j0ev7l).

    5. Check that the virus files above have not come back. You may also need to reset the wallpaper in Control Panel Display settings.

    6. Run regedit and search for items containing the “common” name (c1f1j0ev7l). Here’s an easy step: On the first panel, click My Computer. Click Edit from the menu bar and click Find.

    Type the common name and the computer will automatically show the files containing the common name. You should find at least two (the screensaver and the startup register).

    Delete the items found from the registry.

    7. Restart your computer again.

    8. Go to My Computer, Drive C, Program Files. Arrange icons by Name, then on the folders beginning with “R”, delete the one with the unusual name (on my case, rhcn7cj0ea59). This folder contains

    the Antivirus XP 2008.

    9. Go to Start, All Programs, and right click “Antivirus XP 2008″, this time, it’s safe to delete it.

    10. Go to Control Panel, Add/Remove Programs, then remove Antivirus XP 2008.

    11. Finally, remove all contents of the recycle bin.

    12. Restart your computer and you can now get back to work!

    Hope this helps a lot for freshers in manually removing virus and other malwares.

Question Stats

Latest activity: earlier.
This question has 10 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.