This program is the nuisance of all nuisances! Admittedly, it is very well written and designed, so much so that it really takes a trained eye to notice that it is malicious and is indeed spyware.
What AntiVirus XP 2008 does is inundate your system with fake security alerts and warnings from various web sites to trick the user into believing that their PC is infected or is being attacked. When the user clicks on these ads, it will automatically download the installer for Antivirus XP 2008 and install it on your machine. In some cases, this program is installed without any intervention at all from you.
Once it is installed, AntivirusXP 2008 then scans your computer and displays a summary of security risks it has found on your computer. Of course, it wants you to believe that these can only be removed by using a licensed copy of AbtiVirus XP 2008.
Now to further annoy and complicate the matter, AntiVirus Xp 2008 then changes your desktop wallpaper to a warning screen as illustrated below
This is a persistent and annoying desktop wallpaper that is tricky to remove.
Finally, AntiVirus XP 2008 then loads the event notification area of your system tray with warnings and alerts.
Removing AntiVirus XP 2008 is not always a 1 step process, nor is it a simple process. You will need to tackle this in 3 steps.
1) Download Spybot Search and Destroy, or a program called Hijack This. Run these programs and let them do their magic.
2) Reboot into safe mode afterwards.
3) Registry edit the malicious program settings
Look in control panel\add remove programs for the program and see if it can be uninstalled. Proceed with de-installation. This is not the end of the program though, continue on…
Open Windows task manager and look for a program with A gibberish name (something like AP3434567.exe) This is the AntiVirus XP 2008 program itself.
Once you have identified this program, write down that name. Then select end task or end process and confirm the ensuing windows prompt.
Open your computer browser and navigate to the C:\Program Files folder.
Look for the program name you previously wrote down.
Delete the entire folder (NOT your program files folder)
Next, look at your windows desktop wallpaper properties. Notice the name of your present desktop wallpaper is the same gibberish name, only with a BMP extension.
As you can see, the gibberish program's name is embedded into the registry several times. Simply search the registry for this program name and delete each instance of it.
AntiVirus XP 2008 will be in the registry several times as a desktop wallpaper, a startup program, and in the software catalog of your registry. Delete these entries, reboot, and run a Spybot scan once more.