Kansas State University

search

IT News

XP Antivirus 2008 malware difficult to remove; requires reformat/reinstall

If your computer gets infected with the malicious program “XP Antivirus 2008” or one of its variants, you must reformat the hard drive(s) and reinstall all software and data before returning the computer to service and using it on K-State’s campus network. The criminals responsible for this malware are primarily trying to trick people into sending them money under the guise of buying software to clean up an “infected” computer.  However, K-State has seen several instances where other types of malware get installed at the same time as XP Antivirus 2008, including backdoor trojans and software that uses the computer to send thousands of spam messages.

Furthermore, XP Antivirus 2008 has proven to be VERY difficult to completely remove. Hence, the only way to be sure it and other malware are completely removed is to perform a clean install of everything.

Infections occur many different ways, including:

  • Clicking malicious e-mail attachments or links in an e-mail message
  • Clicking a malicious link on a compromised website
  • Downloading a file that has this malware attached
  • Clicking the first links returned in a seemingly innocuous Google search

This malware has many variants and is changing all the time, so legitimate antivirus software like Trend Micro OfficeScan cannot always catch it before it infects a computer. Thus, like so many other types of compromises, the user is the most important tool in K-State’s malware-prevention arsenal, so  think before you click!

If your computer does get infected, do not click on any buttons or links in any of the resulting pop-up windows. Contact your IT support person or the IT Help Desk immediately. K-State’s Technology Service Center can also assist with recovery for a fee.

The Register published an excellent technical analysis of XP Antivirus 2008 for those who want to dig deeper into this malware.

Share this post:

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer