If you've encountered the malware program Antivirus2008, I'm sure you already know what a pain it is, and how difficult it is to get rid of. Well, I am here to tell you that a couple of Grannies slayed that dragon, and I'll share how to beat it with you!

My mother-in-law was invaded by the malware program "Antivirus 2008" (see the screenshot) which claimed that her computer was infected with several viruses and assorted nasty things. Turns out that "Antivirus 2008" is a counterfeit anti spyware program that may actually be installing the infections it claims to be there to remove! Her computer was slowed down and the horribly annoying pop-ups from "Antivirus 2008" kept interrupting everything she tried to do, asking her to purchase the program to remove the "infections".

This is what it looked like on her computer:

After a bit of internet research, we read assorted (apparently theoretical) solutions to this problem, and skipped over the fixes that suggested we download another program to remove the first (I liken that to the children's song about the old lady who swallowed a spider to catch a fly and so on, and so on...). We tried several removal procedures, such as attempting to un-register the .dll files associated with the thing, and also tried to directly delete them, both of which failed). We ended up taking bits of advice from several geek-gurus and combining them to come up with our own solution;

We used the search function from the start menu to find the files below, listed on http://www.xp-vista.com/ in their posted manual removal instructions. Search didn't find all of the files on the list, but after dragging those we found to the desktop, and renaming the .dll files to .doc when we were able, the program's icon disappeared from the task bar! Once they were all on the desktop, and renamed if possible, we were finally able to delete all that we did find, and the program seems to be gone for good.

Here is the list of files http://www.xp-vista.com/ says are associated with this persistent piece of trash:

shlwapi.dll
wininet.dll
AntiVirus2008.exe
AntiVirus2008.exe
shlwapi.dll
wininet.dll
Antivirus 2008.lnk
Uninstall Antivirus 2008.lnk

The shlwapi.dll seems to be key to slaying this dragon, as it was after moving and renaming this particular file that the program seemed to be disabled. We were unable to change or delete wininet.dll, until after shlwapi.dll was renamed and the computer restarted. She had initially tried to delete all of the .exe files associated with the "product", but was denied access, as it was still "in use". Once we renamed shlwapi.dll to shlwapi.doc the .exe files and the .Ink files were nowhere to be found, and we have not had any trouble since. We didn't bother with the final step listed below, either, and have still seen no re-occurrence of the offending program.

http://www.xp-vista.com/ also says you need to
remove the Antivirus 2008 Registry Values:
HKEY_USERS\Software\antivirus 2008

To do this see:

http://www.xp-vista.com/troubleshooting/how-to-edit-registry-key-regkey-in-windows-xp-or-vista

According to some of the sites I visited looking for the resolution to this problem, it was another attack based on the vulnerabilities inherent in Internet Explorer, so score another point for the Firefox side of that debate. (Yes, she still uses IE exclusively, but I'm hoping she decides to switch after enduring this major intrusion!)