XP Antivirus 2008 Malware
XP Antivirus 2008 is a new breed of malware. The goal of this software is not to actually harm your machine or spread itself to other machines but rather to trick the user into purchasing "antivirus" software to clean the viruses off of the machine that the software ostensibly finds.
This malware will manifest itself with a system tray icon and a message that states that it has found a lot of viruses on your machine. The message will pop up often and the user will, depending upon the speed of their computer and internet connection, see a dramatic drop in the speed of their machine - the software goes well out of its way to be annoying! The Register (a UK Based news site) had a very good writeup earlier this year on how the scam works (Anatomy of a hack).
If you get this malware DO NOT PURCHASE THE FULL VERSION! That is the scam and if you do purchase the full version, you've fallen for it.
Removal is straight forward - with a couple of tricks. If the machine has been infected by this malware, the user will notice that the machine does run markedly slower than normal and that there malware appears to be very excited about making a sale. The malware also makes it difficult to remove unless the machine has been booted into safe mode. Safe mode on Windows machines is a limited environment that prevents many services from starting as they normally would at boot time - and also keeps most malware from starting and getting in the way while trying to remove it. Safe mode can be forced by pressing the F8 key during the boot process right after the BIOS POST screen goes away and before the Windows logo appears on the screen - if you've caught it properly, you will receive a menu with many Windows boot options. Safe Mode with Network Support is typically the best mode to boot to when removing malware.
I've had very good luck using MalwareBytes to scan for and remove the malware once its been installed on consumer machines. VIPRE antivirus can also be downloaded and installed as a free trial. Both of these software packages can be installed and updated while the machine is in "safe mode with network support." If you choose either of these alternatives, download and install the software, run the most current update, and then run a full system scan while in safe mode. Both of these programs will remove theXP Antivirus 2008 or 2009 malware. Once the scans are complete, reboot the machine into your normal environment and rerun the scans. If you are not planning on purchasing VIPRE or have a different antivirus solution, uninstall VIPRE at your earliest convenience.