XP Police Antivirus is a rogue application, which is distributed by one or more sites such as xp-police.com, It tries to disable the Task Manager, registry tools and the windows "Security Center" on the infected computer. Creates folders and files inside windows and the system folder, and generates a lot of registry entries. You will find all the necessary details in this article. [ This article is written such that any person with basic knowledge of computers can eliminate the malware problem without having to purchase anything. Videos demonstrating steps are also embedded where ever possible. If you want you can watch them in larger size from the links given at the end of this article. All the tools/ software mentioned in this article are fully functional freeware. You are welcome to add a comment if you have any questions or suggestions or if you do not understand something ]
Preparation: Search for and keep the windows operating system disk ready, if you got one with your computer. Or check if there is a Restore Partition on your hard disk, in that case you won't require an extra disk. It is advisable to have a functioning antivirus application on your computer. You will also need to install CCleaner, and a Firewall application, you can choose one of the firewall applications listed at the end of this article.
Turn system restore off :You should do this in order to remove the virus files that may be stored inside the system restore backup files, you can turn it back to ON after the computer is cleaned . Click here to read more...
If you are unable to open Task Manager
This malware disables Task Manager and the Registry tools. So if you find that you are not able to open the task manager, there are several polpular free tools available on the internet to solve this problem. I will list them here, see which one helps you. Click here to read more...
Using the command window: If the Task Manager is disabled and if you can still open the command prompt, then you can use a command to terminate the processes. First Click on Start > All Programs > Accessories > Command Prompt. The Command window will open. Now use the following commands. For windows XP Home / Professional: tskill xppolice.exe and press Enter For windows Professional: taskkill /im xppolice.exe /f and press Enter
Remove Processes from Task Manager Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for a processes named xppolice.exe select if found and press the End Process button. It will prompt you , say yes, and then close the Task Manager. Although the file names may differ. There may be more processes belonging to this malware.This malware stops the "security center" , so beware of the fake security center. The process may be named as "winscenter.exe" or similar.
If you use a freeware tool called "Zenturi program checker" You may be able to see the path of a process in the task manager, and from the list of malware files given in this article you may be able to locate the malware processes from windows genuine processes .
Removing a Program from windows startup: The system configuration utility can be started in xp and in vista by typing msconfig in the run box. The run box can be opened in xp by clicking on Start > run The best part of windows startup is that the setting is reversible, therefore you can check / uncheck any entry from windows startup any number of times. So do not hesitate to uncheck anything that you find doubtful. You can always check it back if you later come to know that it is something useful.
After the system configuration utility window is open, Click on the Startup tab, that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the path of the program on the hard disk, that will give you a clear idea, what program that is. Locate and uncheck the entries if found "C:\Program Files\XPPoliceAntivirus" (look for any suspicious name) Uncheck the boxes in front of these entries. Also look at other entries, if you find an entry of any of the malware files listed in this article, uncheck that too. This step is very important. The further cleaning depends on cleaning this list. Press Apply , Press Close/Ok , at the next prompt select "Restart the computer".
View Hidden files and folders : You may need to enable to view hidden files and folders if you can not see the hidden folders. Click here to read more...
Boot in safe mode : You may require to boot in safe mode if the virus files and folders are not getting deleted , and you are getting a "file in use" or "permission denied" message. Click here to read more...
Searching andd Deleting the Folders / files on the hard disk
After restarting the computer, use the windows search utility to search for"XPPoliceAntivirus". This search will find all its folders on the hard disk , delete the folders from the hard disk. You may find the folder in more than one location. Delete its all instances.
C:\Windows\System32\Plugins C:\Windows\System32\sounds (it creates above folders, delete if found)
Using the Antivirus: The Antivirus application on your computer can also help you to remove some parts of the malware, particularly the virus processes in the memory. Click here to read more....
Using Online Virus Scanner: This option can be explored if you already have paid for an antivirus and you want to keep it. Click here to read more...
Using the system file checker: Follow this step if you notice trouble in the normal functioning of windows. Click here to read more...
If you are unable to access one or more sites during the repair process
- if possible use another computer to download the software needed for repairing your computer, and then copy and transfer it to the infected computer using any available means like a pen drive. - if you are using only internet explorer, and if it is blocked from visiting some of the security related sites, try to download/ install Firefox browser, and see if you can use it for the same purpose.
Using Firewall to block unsolicited communication Use a standalone firewall to block any unwanted communication to and from your computer. The malware contacts these urls (89.149.194.188/setup.dat) (216.240.151.112/setup.dat) block if found in the firewall.
Man did I panic when I suddenly got this darn program on my laptop. Thank god for this guide, now I'm virus free once again. Thanks a lot man. Your instructions were very detailed and helpful.
All the articles on this site are Updated regularly with the latest information available. So please check the site again if you have an unresolved issue. I also welcome your questions/ problems in this regard
In the blue section it says "The newly created Registry Values are" - am I s'posed to removed them??
And where it says "The following Registry Value was deleted" do I just make sure they're there - cause they are.
I'm just a little confused cause up the top it says... "Remove the registry keys" so it looks like you have to remove ALL the info below that in the blue section.
It's so good of you to put up help like this - much appreciated!
you need to remove all the registry keys. The first block lists the keys, and the second block lists the values assigned to the keys. Just make sure that it is the same key as listed
:) Yes, it is the most comprehensive help guide on the net. And it is not static. Updated when new information becomes available. So you may find more info the next time you visit the same page
Jees i was scared :0 when my antivirus software didn't remove it. I searched the web for 'XPPoliceAntivirus' and was relieved when i realised i was not alone. :side: This is by far the best guide to remove it i've found. :D
All set to roam the web again. :silly:
:idea: Use one of the tools mentioned in this article, even copy/pasting the tool as explained should help. Use the tools one after the other, till the task manager is back in action.
:side: I tried using a free anti-malware program called Malwarebytes' Anti-Malware to remove the rogue malware. the program quarantined two files and the task manager started working again. Which instructions do you suggest I look at to remove the leftover files from the malware from my computer?
,seem to be there. I did download and run, before looking at the registry, the CCleaner program that you recommended above, including the registry part. I'm not sure that maybe fixed it? I'm new at doing stuff with the registry though, although I'm not an idiot, so probably I'm just doing something wrong. Oh, and I'm using vista. Hope you can help,
When I click on "security" it opens up a list which has windows firewall, windows update, windows defender, internet options, and parental controls. Is this the security center you are talking about?
:cheer: Hey, thanks soooo much, I almost freaked out when I first saw that I had this virus, mostly because a friend of mine got one recently (called spygaurd 2008) and he had to reformat his computer. Anyway, thanks again!
