This thing has infected ny PC and keeps popping up to advise me that I have a security problem. Registry scan and blocking the URL haven't helped.

any ideas - besides buying a MAC

removing it is the only option I'm afraid.

What this programs does:
XP Antispyware 2009 is a rogue anti-spyware program from the same family as XP Antivirus 2008 (http://www.bleepingcomputer.com/malware-removal/remove-xp-antivirus-2008-2009). Just like its predecessor, XP AntiSpyware 2009 is advertised and promoted through the use of fake online anti-malware scanners and malware that displays fake security alerts on your computer. Both the online scanners and the malware state that your computer is infected and that you should download and install XP Antispyware 2009 in order to clean and protect your computer.
If you decide to install XP Antispyware 2009 it will configure itself to run automatically when your computer starts. It will also install a variety of files on your computer that act as fake malware so that the program will find them while scanning. These files are:
c:\Documents and Settings\All Users\Application Data\boveketuz.inf
c:\Documents and Settings\All Users\Application Data\duvuja.lib
c:\Documents and Settings\All Users\Application Data\koqisybi.bat
c:\Documents and Settings\All Users\Application Data\ucozoma.reg
c:\Documents and Settings\All Users\Documents\jyxigifo._sy
c:\Documents and Settings\All Users\Documents\ysix._dl
%UserProfile%\Application Data\mepa.com
%UserProfile%\Cookies\guwysa.dat
%UserProfile%\Cookies\sasu.bat
%UserProfile%\Local Settings\Application Data\jyxot.dl
%UserProfile%\Local Settings\Application Data\mivekely._sy
%UserProfile%\Local Settings\Application Data\pozik.vbs
%UserProfile%\Local Settings\Application Data\wosi.vbs
c:\Program Files\Common Files\gykyr.bat
c:\Program Files\Common Files\ogumy.lib
c:\Program Files\Common Files\uwolykiw.com
c:\WINDOWS\akikuvopa.dll
c:\WINDOWS\lydumyhery.scr
c:\WINDOWS\radimup.lib
c:\WINDOWS\toli.pif
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\oxatymy.dl
Once XP Antispyware is started, it will automatically start scanning your computer and list a variety of infections that cannot be removed unless you first purchase the program. These infections will consist of legitimate files and Registry entries as well as the above fake malware files that XP Antispyware installed. Remember, though, that the above files are not real malware and cannot harm your computer.
While the program is running, you may also find that your computer starts to become slower. This is because the program is constantly running in the background and using up your computer's resources that other legitimate programs should be using. XP Antispyware will also occasionally display fake security alerts stating that your computer is infected and that you should purchase the program in order to protect yourself. Images of these fake alerts and of the program can be found below.


tools and instructions here: How to remove XP Antispyware 2009 (Uninstall Instructions) (http://www.bleepingcomputer.com/malware-removal/remove-xp-antispyware-2009)

How to remove XP Antispyware 2009 (Uninstall Instructions) (http://www.bleepingcomputer.com/malware-removal/remove-xp-antispyware-2009)

Remove XP Antispyware 2009: XPAntispyware 2009 removal tool & guide (http://fix-computer-problem.com/rogue-antispyware/xp_antispyware_2009/xp_antispyware_2009.html)

Remove XP Antispyware 2009 ( XPAntispyware2009 Removal Instructions ) | RemoveOnline.com (http://www.removeonline.com/remove-xp-antispyware-2009-xpantispyware2009-removal-instructions/)

Depends how deep it has penetrated your operating system - at work we tend to rebuild (re-install) the PC from scratch to wipe it out for good.

You may be able to clean it up by running something like Spybot s&d and then a scan with a good anti-virus program (make sure both are updated and then run them both in Windows safe mode). You may have to run them more than once. A registry clean with ccleaner may also help.

But in all honesty a rebuild may be the only lasting option..

I had this problem. I was advised here to install "SUPERAntiSpyware".

It's a free download and it worked for my computer. I still use it.

Thanks everyone. I tried BDIONU's links and think I got sidetracked by another rogue when trying to run it.
I eventually got SUPERAntiSpyware to load and run and the problem has gone. 221 suspected infections found.

I thought i was fairly well protected by Avast and CCCleaner and Registry Helper.

Thanks again everybody

Good to hear it but I bet it comes back. It almost always does in my experience :rolleyes:

MBAM (http://www.malwarebytes.org/mbam.php) is the other "rock star" with this type of infection. MBAM and SAS reportedly (usually) zap it for good.
'Course, you have to have all applications (Java, Flash player etc) up to date, and not be using IE6, otherwise the vulnerability is still present.

I had the problem too. It is VERY invasive - not so much as kiss my **** or by your leave!

It took some getting rid of but apart from the options above I found that it was essential to get at the root - in the registry, control panel and keep doing searches for 'spyware' and kill it.

It people like this who give computing a bad name.

I had a similar problem with IE antivirus. Company trading as Billingware. Just started helping themselves to my credit card at the rate of 3 or 4 times a month at £10-£40 a time. I managed to kill the infection and they stopped charging me saying a full refund would be made......they lied.
Now they refuse to answer my emails...... Buyer Beware of BILLINGWARE!!!

they stopped charging me saying a full refund would be made......they lied.
Contact the credit card company, and ask them for a refund.

Interesting fact is was that I was trying to update Flash Player when Avast flagged a warning . The problem is that the invasive program actually looks like a Microsoft page.

Keef

Interestingly Amex informed me that they have had loads of complaints about this company but then said that it is between me and them, not Amex!!!!!

I am still in dialogue with them so here's hoping.
HJ