xp police

Viruses and worms
1

Any hope aginst XP POLCE?
I’ve scanned and erased every thing I can find, but it’s warning screen still pops up when I open a new page in IE.
And the only way out is to go back or close the page.
KRASH

2

Well I haven’t really any idea what you are trying to say a google search on “xp police” reveals only your post ?

What warning screen, e.g. what is it saying ?

Does the same thing happen with firefox or opera browsers ?

3

A google of XP Police reveals tons of links to XP Police Antivirus, I have read a lot of posts claiming MBAM will rid you of this new rogue.However its very hard to find one that says it did. So try MBAM and SAS, if you have difficulty installing, updating etc, you may need to change the name of MBAM and install in safe mode.I think this is a very new rogue.You may consider running both programs in safe mode, if the threat will not go away.
Post back for any instructions or any results/logs you have.
http://www.malwarebytes.org/mbam.php

http://www.superantispyware.com/

4

Hi krash,

Manual Removal of XP Police Antivirus:

It is extremely dangerous to run XP Police Antivirus removal in manual mode while web browser
(especially Internet Explorer) and other programs are active.
That is why we recommend printing the manual XP Police Antivirus removal instructions out
before starting the procedure.
Having finished to remove XP Police Antivirus please reboot Windows to see the changes.

XP Police Antivirus manual removal:
Kill processes:
xppolice.exe
how to kill processes, read: http://www.2-spyware.com/articles/tutorials/91.html

Delete registry values:
HKEY_CURRENT_USER\Software\XP Police Antivirus

HELP:
how to remove registry entries":http://www.2-spyware.com/articles/security/46.html

Unregister DLLs:
AVCoreFn.dll Core.dll ceva_dll.cvd
HELP:
how to unregister malicious DLLs: http://www.2-spyware.com/articles/security/54.html

Delete files:
c:\Program Files\XPPoliceAntivirus
c:\Program Files\XPPoliceAntivirus\AVCoreFn.dll
c:\Program Files\XPPoliceAntivirus\bdconf.cfg
c:\Program Files\XPPoliceAntivirus\Core.dll
c:\Program Files\XPPoliceAntivirus\setup.dat
c:\Program Files\XPPoliceAntivirus\xppolice.exe
c:\Program Files\XPPoliceAntivirus\Plugins
c:\Program Files\XPPoliceAntivirus\Plugins\ceva_dll.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\ceva_emu.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\ceva_vfs.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\ceva_vfs.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.rvd
c:\Program Files\XPPoliceAntivirus\Plugins\cookie.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\cran.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\cran.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\e_spyw.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\e_spyw.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\emalware.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\gvmscripts.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\hpe.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\java.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_97.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_97.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_w95.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_x95.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mdx_xf.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\mobmalware.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\na.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\nelf.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\regarch.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\regscan.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\rup.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\sdx.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\sdx.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\unpack.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\unpack.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\vb0.dat
c:\Program Files\XPPoliceAntivirus\Plugins\vb1.dat
c:\Program Files\XPPoliceAntivirus\Plugins\vb2.dat
c:\Program Files\XPPoliceAntivirus\Plugins\ve.cvd
c:\Program Files\XPPoliceAntivirus\Plugins\ve.ivd
c:\Program Files\XPPoliceAntivirus\Plugins\vedata.cvd
c:\Program Files\XPPoliceAntivirus\sounds
c:\Program Files\XPPoliceAntivirus\sounds\alert.wav
c:\Program Files\XPPoliceAntivirus\sounds\click.wav
c:\Program Files\XPPoliceAntivirus\sounds\fire.wav
%UserProfile%\Desktop\XP Police Antivirus.LNK %UserProfile%\Start Menu\XP Police Antivirus.LNK
HELP:
how to remove harmful files: http://www.2-spyware.com/articles/tutorials/91.html

Remove XP Police Antivirus files and dll’s - just a second list to check for removal:

AVCoreFn.dll
Core.dll
setup.dat
xppolice.exe
ceva_dll.cvd
ceva_emu.cvd
ceva_vfs.cvd
ceva_vfs.ivd
cevakrnl.cvd
cevakrnl.ivd
cevakrnl.rvd
cookie.cvd
cran.cvd
cran.ivd
e_spyw.cvd
e_spyw.ivd
emalware.ivd
gvmscripts.cvd
hpe.cvd
java.cvd
mdx_97.cvd
mdx_97.ivd
mdx_w95.cvd
mdx_x95.cvd
mdx_xf.cvd
mobmalware.cvd
na.cvd
nelf.cvd
regarch.cvd
regscan.cvd
rup.cvd
sdx.cvd
sdx.ivd
unpack.cvd
unpack.ivd
vb0.dat
vb1.dat
vb2.dat
ve.cvd
ve.ivd
vedata.cvd
alert.wav
click.wav
fire.wav
XP Police Antivirus.LNK

There is even a video out on the removal of this rogue anti-virus program:
http://www.youtube.com/watch?v=w5qotzGr2ts
http://www.youtube.com/watch?v=EWf1X1L68ws&feature=related

polonus

5

I dunno much about this but if you can find its folder or even just find the file name there may be some kina of rewirting guard to it.Run in safe mode to help defend against this.

6

I’ve just had a friend call me to say he’s been infected with XP Police and is pretty upset as it’s on an important business PC.
He has Avast installed and up-to-date though - why didn’t it pick this malware up?
I believe he’s using Windows Defender too which has also let this through…

7

I deleted the files that I found in program files, ran spybot and also avast and then did a system restore, this worked for me without a big headache

edited to add, although it hasnt removed it completely as now running superanti spyware program it hass picked it up :frowning:

8

Please use this URL , You may get solution of your problem here :smiley:

http://www.spywarelib.com/

9

WOT http://www.mywot.com/en/scorecard/www.spywarelib.com
BrowserDefender http://www.browserdefender.com/site/spywarelib.com/

10

delete

11

XP Police is detected by avast. I had it, run a full scan and it went. It was the main executable that was detected.

12

best news ever, thanks for posting this :wink: