locked
can't get rid of XPA 2008 antivirus RRS feed

  • Question

  • I have a pop up antivirus that looks like it windows, but the colors are off, it's called XPA or XP 2008 Antivirus, and I do not know how to get rid of it.  I thought Windows Live One care would do it, but it hasn't.  How do I get rid of this? 

    Saturday, May 17, 2008 1:13 AM

Answers

All replies

  • I'm sorry that OneCare missed that malware. It is, however, of the ones that morphs all the time, so this would probably be a new variant. I would still expect OneCare to block the variants.

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve

    Saturday, May 17, 2008 1:40 AM
    Moderator
  • WELL MY FRIEND HAD THE SAME PROBLEM.WHAT U DO IS GO TO;START RUN MSCONFIG STARTUPS UNCHECK XPA,APPLY CLOSE RESTART.AFTER RESTART GO TO PROGAM FILES AND REMOVE, THEN ADD REMOVE.THAT SHOULD TAKE CARE OF YOUR PROBLEM.
    Monday, June 9, 2008 10:58 AM
  • I have spent 3 days doing EXACTLY every instruction on the last thread for this NOTHING has worked.  Husband got this on monday morning.  I've restored, I've deleted according to EVERY instruction and none of it has worked..............i can go into safe mode for each of the people on the computer but the only way to get to any programs is through administrator, all rest shows the same as reg mode.  I cannot find any hidden folders with xpa.exe, lphc.exe, rhc.exe, and when I can find files, access is denied!!!!!  I'm at the end of my rope.  Does anyone know what this is attatching to?  I'd like to email my inportant data and wipe out what I think could be the problem. Problem with that is I did not get a windows disk with this laptop.

    What am I missing??? 

     

     

    Friday, July 4, 2008 2:56 PM
  • You are not missing anything. This is a very difficult piece of malware to remove.If you are using Windows Live One Care please contact support for help with removal. How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2
    If you are not using Windows Live One Care you can get help with removal by contacting Microsoft Security - 866 727 2338 US/CANADA

     

    Saturday, July 5, 2008 5:32 AM
    Moderator
  • Thank you, this worked for me!

     

    Monday, July 14, 2008 1:36 AM
  • Try running a spybot program. It's free. I ran Microsoft's and it found nothing (sorry but it's true) the problem with this particular Malware is that it embeds itself deep within your computer and when you try to outsmart it, it mutates. Contact Microsoft if spybot doesn't work and have someone walk you through the process. Today, while I continue to have the popup window telling me it is still running, at least I have made progress because I am actually on the internet which I haven't been "allowed" for 4 days. Good Luck

    Tuesday, August 26, 2008 5:54 PM
  •  

    It's so pesky, that even the techs at Microsoft seem to be stumped. They have been working (allegedly) for three days trying to figure out a way to get rid of it off of my computer. I've deleted all types of files, yet my background is still screwed as is Google searching and several webpages They even upgraded it to Level 2 status (whatever the heck that means.) OneCare, Advanced Windows Care V2 Professional detect nothing when running full scans. I'm ready about ready to hit system restore and see if that works.

     

    ***UPDATE*** As of Monday evening (9/8) there has been no call from Microsoft as to assistance of getting rid of this virus for over six days!!! It has since mutated to hijacking ANY websearch on Google. Searching immediately goes into re-directed pages or completely changed setting of vewing webpages. Anything downloaded also is rendered usless by this virus and cannot be used. Pretty soon (I mean real soon...) I'm going to try (hopefully) some un-conventioanl methods of trying to get rid of this problem.

     

    Sunday, September 7, 2008 12:02 AM
  • I downloaded a free program call malwarebytes. You can run a scan for free and this seemed to kill it and it's hidden files once and for all. Good Luck

    Monday, September 8, 2008 3:51 AM
  • I followed your advice, and guess what? IT WORKED!!! It removed everything within a matter of minutes (less than 10!!) After restarting compuuter, simply changed the background to it's original picture and all web pages and searches are back to normal!!! I can vouche for this product!!!

     

    Tuesday, September 9, 2008 3:32 AM
  •  brokenhalo95 wrote:

    I downloaded a free program call malwarebytes. You can run a scan for free and this seemed to kill it and it's hidden files once and for all. Good Luck




    so far im having a %50 sucess rate with malwarebytes in removing this malware

    many times the system BSOD afre restarting

    is there a discription of how this malware is contracted  ie. can it be spread over a network does it hide in a fileserver and infect pcs at will ?  or is it something that woudl have to be downloaded and installed

    im having a hrad time explaining to customers what they shoudl not be doing in order to avoid this nasty little bugger

    all help appreciated !!!!!!


    Wednesday, September 10, 2008 2:04 PM
  •  SimonMcneilly wrote:

    so far im having a %50 sucess rate with malwarebytes in removing this malware

    many times the system BSOD afre restarting

    is there a discription of how this malware is contracted  ie. can it be spread over a network does it hide in a fileserver and infect pcs at will ?  or is it something that woudl have to be downloaded and installed

    im having a hrad time explaining to customers what they shoudl not be doing in order to avoid this nasty little bugger

    all help appreciated !!!!!!


    You're off topic for this forum, which is dedicated to Windows Live OneCare. You may want to try the Microsoft Public newsgroups here: http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx

    -steve

    Wednesday, September 10, 2008 2:20 PM
    Moderator
  • Perhaps more than you ever wanted to know re. XPA 2008...

     

    http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/

     

    Wednesday, September 10, 2008 4:34 PM
  • Then the only thing left I can think of is to go to your task manager, pull up the processes tab and look for Ms.anti.exe and any Hckey.exe (looks like hockey only it's missing one of it;s letters) click them and then hit kill process. You can also go to the process library and it has every process known to man on it so you don't delete something you shouldn't. I think you can google it under process library. MS anti virus has MANY hidden files. That's what makes it such a nuisance. It redirected me to a page that I thought was microsoft and the colours were the same the whole bit. That was the only reason I downloaded it...huge mistake obviously. But now it's gone off my computer...Thankfully.

     

    Hope this helps.

    Wednesday, September 10, 2008 4:47 PM