My daughters computer is infected with XP AntiVirus 2009
I bought SpyHunter3 as a quick way to get rid of this parasite but it sticks like S**t.

I've tried to manually remove this as well (various methods as per internet)
The only time I see a reference to XP AntiVirus in task manager is the first time the program 'installs' itself. So I killed the process.
I then ran Spyhunter and it (allegedly) removed all the nasties except brastk.exe which it was going to remove after a reboot.

There are two copies of brastk.exe one in windows and another in system32.
The file system on her computer is fat32 so I used a write protected floppy and booted to win98 dos and deleted the files manually.

Reboot to windows and lo and behold there back.
Has anybody played with this and successfully got rid of it?
Is the quickest remedy going to be Format and re-install ?

Any help appreciated.

Please download and run ComboFix from one of the following links:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Follow the instructions on the screen.
Do not start any other programs and do not click on anything (or ComboFix can stop responding). After ComboFix finishes, please post here the log that will be automatically open in Notepad (or you can find it here if Notepad does not open automatically: C:\ComboFix.txt)

http://www.malwarebytes.org/mbam.php

This should remove it

Hi Grayhound: The malware is obviously entrenched in one of the auto-start up processes, and when this process takes control it re-installs brastk.exe and perhaps other filth. Two manual approaches, if and when you fail to catch the malware with automated anti-malware utilities.

1. Install process monitor , and activate boot logging. See if you can pinpoint the process that writes the malware back to disk.
http://4sysops.com/archives/new-features-sysinternals-process-monitor-111-boot-logging/

2. Download a copy of hijackthis. Either use their automated help, or you yourself deactivate as many as autoload entries as possible, anything that you do not understand or recognize. Boot the computer, see if the malware is still active. if not, systematically activate more software from the hijack list, reboot, until you see the malware activity come back to life. by a process of elimination you can isolate and squish the executable(s) that activate the malware.

Thanks Guys,
As is usual with kids this became 'time critical' so I took the easy way out and formatted and reinstalled.
The net is full of stuff on this breed of spyware so I expect I have not seen the last of it though this time i'll be better prepared. I use spyhunter and rouge remover myself and have put these on her machine. I've also made a backup of her 'clean' machine to speed up a restore if this happens again. I've noted the progs you suggest and will try and post better details should this happen again. Maybe its 'clever' programming but to get a program to install istself then kling like a limpet with little or no user intervention in order to dupe people into buying something they dont need. There are tales on the net of some guy actually buying this and then being continually billed EVERY month to his credit card for increasing amounts. How do these Ba**ards get away with it? Thanks once again.