XP Antivirus 2008 and Antivirus 2009 are evil!

June 29, 2008

This entry is part 1 of 6 in the series Removing Antivirus 2009
Removing Antivirus 2009

Wow! I just spent two hours on the phone and CoPilot with my dad to get one of his computers cleaned up. I’ve dealt with a couple of spyware infections in the past, but nothing as insidious as this. Fortunately my dad was suspicious enough to reach out for assistance before he really got took. Here is the re-cap:

I got this email from my dad earlier today:

Matt my desktop computer has been infected with Antivirus 2009.  Do you have a recommendation for software to remove it?  Spyware Hunter has been recommended but, at this point, I don’t trust anything.  Dad

I’m glad that he was suspicious. After a little Googling on the key words from his message, I was suspicious. Here was my reply:

You are right. Searching on ‘antivirus 2009′ does seem to lead you to certain tools and seems to be very confusing. I suspect that this is itself is part of the cycle. Something tells you that you have a virus and oh, by the way, try out my product.

Quick question: How do you know that your desktop has been infected? What application is telling you that? There are lots of sites that will pop up little windows telling you things like that in an effort to get you to click on them and then sell you a product. If your anti-virus/spy-ware application told you that it found a problem, I would suspect that they would also be capable of fixing it.

What I think you are dealing with is some type of spy-ware. Nothing malicious, just annoying. So, what you need is a spyware removal tool. Here is a link to download.com sorted by most popular: http://www.download.com/sort/3150-8022_4-0-1-4.html?  As you can see, Ad-Aware and SpyBot are the two most popular, by far. I have used both in the past and would recommend them. I searched through the top 100 and couldn’t find Spyware Hunter anywhere in there. So, I suggest you stay clear.

I was kind of curious about how he was being informed of all of this information. Was it legitimately coming from his anti-virus app (McAfee) or through some other means? I was thinking that it was one of those annoying pop-up windows that I run across every now and then. You know the ones: Click here because your computer is out of date and is going to explode any second now! So, I followed up the email with a call.

After the normal chit-chat, we got around to the issue. He was saying that he was running into the messages all over the place. When he logs in, browsing the internet, Google, etc. I had to see for myself so I fired up CoPilot (its now free on the weekends, you know!). I told my dad to fire up IE (I know, they should be on Firefox but I haven’t wanted to go there yet.) and go to copilot.com. He said that the site briefly flashed up but then was replaced by an IE warning message that said, "Visiting this web site may harm your computer!" WTF!

OK, so let’s do the run-around. How about we Google ‘copilot’ and then click the link? So we did that. This time my dad tells me that Google is giving him a message about his computer being unprotected/unregistered/whatever. Why/how does Google know? At this point, I was thinking that he was telling me about the warning/message bar that IE and FF now use to communicate to the user. Anyway, we finally get connected through CoPilot.

I won’t bore you with anymore play-by-play but as soon as I got into IE, I could see that there were issues (you’ll see in just a second). He has McAfee and keeps it current so I wasn’t too worried about it being a virus. However, I’m pretty sure that he did not have any type of anti-spyware tools running on his system. So we were going to run out and download Lavasoft’s free Ad-Aware anti-spyware app. Here is what I ran into:

Interesting. I’ve never heard of Google Tips before (neither has Google). For the benefit of the search engines, here is what the tips says:

"Google has detected unregistered Antivirus 2009 copy on your computer. Google recommends you to activate Antivirus 2009 to protect your PC from malicious intrusions from the Internet."

However, I was pretty suspicious once I saw the URL that the whole box was linked to: microsoft.browserprotectioncenter.com. OK, we’ll ignore that for now and continue on to get Ad-Aware. So I clicked the link that you see below the Google Tips box. This is what we got back:

A couple things to point out:

  • This appears to be the standard IE warning about malicious sites (I’m guessing. I’ve never actually run across it since I use FF (but not at work because we aren’t allowed - don’t ask)).
  • The Lavasoft site page was briefly displayed before this was displayed.
  • The url changed to about:blank.
  • All three links list the same microsoft.browserprotectioncenter.com page.
  • This was actually happening for a lot of pages, not just the Lavasoft page. I actually ran across this as soon as I got on his computer and was the first thing that tipped me off that something was amiss.

Since the Lavasoft page briefly displayed, that suggested to me that it was still in the browser history. So I clicked Back. The Lavasoft page did display, but it was severely mangled.

SwoofWare

Notice the yellow bar? Here is what it says:

The page you are opening is probably contains spyware, adware, etc.. Your system might be at risk, Click here to protect your system with Antivirus 2009.

Want to guess where the link goes? You got it! And guess what? We had to run the same gauntlet for each page we clicked on to try to download Ad-Aware. Once we got to the download, we were still hosed since the spyware seemed to have control over the pop-up window too. I had to drop back to my computer, download Ad-Aware, upload it to my FTP site, then go back on his computer and download from my FTP site. What a PITA!

So we finally fired up Ad-Aware and let it scan his system. When all was said and done, it found (sorry, no screenshots):

  • 2 critical registry key entries
  • 225 privacy cookies

We nuked them all. Ad-Aware needed to restart the computer in order to completely remove everything but we decided to check IE to see how it was doing. We were able to pull it up and access all of the previous pages without any of the issues! Yay!

Moral(s) of the story:

  • Make sure your family and friends are running a reputable anti-spyware tool in addition to their anti-virus tool.
  • Have your family and friends switch from IE to Firefox.
  • Try to get them to run under the non-admin account (although this can cause problems with some apps).
  • Tell them to trust their instinct when something doesn’t seem right.
  • Take advantage of free CoPilot on the weekends. Thanks Joel!
  • Make sure that at least one of your kids is technically-literate to bail you out when you can no longer keep up with technology.

Now if only we could get this to bubble up a little in the search engines to help other unsuspecting people. Spread the word with the Share This link below.

Series NavigationXP Antivirus 2008 and Antivirus 2009 - Round 2»

Popularity: 83% [?]

Share This

Posted by Matt Smith | Filed Under General 

Comments

42 Responses to “XP Antivirus 2008 and Antivirus 2009 are evil!”

  1. Jan on June 29th, 2008 12:27 pm

    Matt,
    I thank you for the info you posted here. It helped some but didn’t totally. After downloading Ad Aware and scanning my entire system it found a couple critical and 160 or so cookie items. I too removed all of them and then rebooted. I then went to IE and went to a couple of sites. As soon as I tried to log into any of them (online tools that I use), the same “Insecure Internet activty. Threat of virus attack” appeared only now the line that says to register Antivirus 2009 is no longer a link, it’s just a sentence. The other two links are still there and look like they will go to link to “purchase” Antivirus 2009.

    Do you have any further suggestions? I wonder why it totally cleaned up your dad’s system but not mine. I’m sending this from my work laptop that I brought home for the weekend because using IE is next to impossible. I too plan to start using Firefox as soon as I get this problem resolved.

    Thanks in advance for any assistance you might be able to provide.

  2. Matt Smith on June 29th, 2008 1:24 pm

    Wow, it didn’t take long for this post to get picked up.

    Unfortunately, I probably posted too soon. I got another email from my dad a little while ago. He said that despite a complete system scan with Ad-Aware and McAfee overnight, he again started to run into problems when he logged back into his normal non-admin account.

    I did a little more research and ran across this thread that looks promising: http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2873308&SiteID=2

    If you go to the 2nd page, there is a post by ’shecut’ that a number of subsequent posters said worked.

    I’m on the phone with my dad right now. I’ll post back with more info once we try it.

  3. Jan Anderson on June 29th, 2008 1:51 pm

    Matt,
    Part of the problem is I can’t get my PC to boot up in safe mode. I’ve tried probably a dozen times since I started this last night and quit about 1:30 am. I’ve tried it a couple times now and will keep trying.

    Let me know if you and your dad get it resolved.

  4. Matt Smith on June 29th, 2008 2:08 pm

    Interesting. Right now we can’t get it back OUT of safe mode. We were able to delete the folder but it was called Antivirus2009 (instead of XPAntivirus mentioned in the forum thread).

  5. Jan Anderson on June 29th, 2008 4:38 pm

    I finally got instructions from Dell on an alternate method to boot in Safe Mode. So, now I am on to follow the instructions in that post. Were you able to solve your Dad’s problem? Hope so.. this crap is very frustrating.

    I’ll let you know how it goes for me.

    Thanks for the original post! :-)

  6. XP Antivirus 2008 and Antivirus 2009 - Round 2 | SwoofWare » Official Site of Matt Smith on June 29th, 2008 8:25 pm

    […] so it was a bit premature to declare victory over the XP Antivirus 2008 / Antivirus 2009 issues that my dad was facing. Here is the email I got this morning: I ran the full scan over night which […]

  7. kim on July 3rd, 2008 2:53 pm

    i’m a student & use computer for e’thing!! yesterday the antivirus 2009 came up saying all the same things i’m reading hetre i’m not all that tech. savvy can anyone tell me where to start to get rid of it? i have trendmicrovirus (installed by best buy 2 mos. ago) when i bought computer.

  8. Jan on July 4th, 2008 12:25 pm

    Hi Matt,

    Well, I finally (fingers, toes and eyes crossed) got rid of IT!!!! I’ve also installed Firefox and removed most of the blue E’s so my husband can’t find it easily.

    In the end I just kept running scans with VirusScan (it never did find ANYTHING), Spybot S&D and Ad-Aware. I also printed several sets of cleanup instructions as some contained other file names. Then I got a little over zealous in deleting some of them and realized I hadn’t read the instructions closely enough and was only supposed to delete some instances of two DLLs. I stopped before I did any harm and everything seems to be working.

    Man, what a PITA!! Thanks for all your help and lending an ear through this ordeal. Take care and HAPPY BIRTHDAY, AMERICA!!!

    Jan

  9. Removing Antivirus 2009 - Round 3 | SwoofWare » Official Site of Matt Smith on July 6th, 2008 4:29 pm

    […] my best efforts in XP Antivirus 2008 and Antivirus 2009 are evil! and XP Antivirus 2008 and Antivirus 2009 - Round 2 it appears that there might still be some […]

  10. krisi wade on July 12th, 2008 8:42 pm

    Been there-done that-got the T-shirt!-was up half of last night researching both what the thing (AvXP2008) is, what it is capable of and how to get rid-gave up last night and tried again today-started at 11-tried every suggestion I could find- each route to recovery that I tried was somehow(?)blocked!-ie:- uninstalling it–booting in safe mode-deleting things-system restore-spy ware removal tool etc etc-!it even ate my screen saver and the means to restore it!-then finally at 5.45 I finally got shot of it-when I saw it disappear when I uninstalled it I wasnt sure if it was gone for real-or was it just playing hide and seek?!- could have cried with joy when my PC returned to its former self!-HOWEVER-I have been bombarded with attempts by assorted malware all evening-blocked by Spyware Doctor-downloaded Adaware-did scan and it found new spyware-not AvXP2008 tho-had to reboot earlier and the pop up that says your PC is infected with stuff came backI-cant find where rest of it is hiding yet!-I wish I had never heard of torrents now!-I am 90% certain thats where it came from-be warned!-let you know if it returns!

  11. Danny J on July 14th, 2008 9:43 am

    There is an easy way to stop this, however there is only a split second reaction time in doing it.

    Bring up the microsoft task manager, go to processes, stop task beginning with r834718ra or whatever, thats the main source of the virus.

    Open up my computer, go to the drive with programme files in, open it up and the programme files, search for the process you disabled in that folder.

    Go to the Process manager again and look for a process beginning with P194udj1 or something and click stop task, do not press yes immediatly, make sure your mouse is on the virus folder, press enter to stop the process then click the mouse and delete + enter the folder, it will get rid of the folder for good, however if you are not fast enough it will just reappear in the process menu, disallowing you from deleting it.

    After that run a registry cleaner and get rid of the dead files which are left behind and your sorted.

  12. Sim on July 15th, 2008 9:34 am

    My new BTO computer was only 2 days old and infected with XP Antivirus 2008 and a root tool kit from installing a freeware program. I’m a programmer and I still didn’t know what to do to remove it. I then use this remote service.

    http://www.remotecontrolhelp.us/

    Cost about $175.00… worth every penny.

    Problems:
    Spyware - Caused by SpyHunter Failure
    Slow Computer - Junk accumulation

    Fixes:
    Remove SpyHunter and Install SpyBot.
    Spybot failed to install on first download, second try successful.
    Spybot updated, immunized and run. Found Spyhunter (duh), Direct Tract & others.
    Run File Cleaner (CCleaner) software.
    Run Registry Cleaner.
    Run CleanUP!
    RR and Malwarebytes would not launch. Anti-Protection Spyware running.
    Malwarebytes found 63 entries, including Vundo (bad).
    Vundo detector run as backup – all clear.
    Removed temps and temp Internet, $nt$.
    Optomized boot process with Autoruns and edit of startup file.

    Repair Time 1:08

    Install SpyBot
    Install Malwarebytes
    Install RogueRemover

    or use

    http://www.remotecontrolhelp.us/

  13. LS on July 16th, 2008 1:44 pm

    Nice, informative blog post! We’re interested in sharing your post in our co. blog or newsletter as a true story of our software in action, and as a way to educate consumers about rogue software.

    Please e-mail me for more information. I look forward to hearing from you.

  14. Jerry In Austin Texas on July 16th, 2008 11:20 pm

    Just spent a lot of time trying to find a solution to this on a friend’s computer. Was not successful removing the virus. We kept opening browser folders and they were all getting hijacked. Tried to go to http://www.mozilla.com to get firefox. Clicked on green download button as soon as the screen came up. You only get about two seconds. Finally was successful in bringing down firefox. Again, you must hit the download now button within about a second after it comes up. That runs well. At least they have a browser that works now while we try to find some solution to this pest.

  15. cindy on July 17th, 2008 9:48 pm

    Infected a few hours ago…just control alt delete…go to task manager…processes….stop processes that end in 2009. for me it was av2009. Then do a search for antivirus 2009. delete all files.

    to be safe, restart the computer in safe mode. this can be done by restarting and while the screen is still black hit f8 then choose safe mode.

    for xp, click start, accessories, system tools, system restore.

    restore your computer to a date in the past when you did not have this problem.

    hope it helps!

  16. Melissa on July 18th, 2008 8:06 pm

    Hey I just google this site - my pc keeps giving me this message:

    Google has detected unregistered XP Antivirus copy on your computer. Google recommends you to activate XP Antivirus to protect your PC from malicious intrusions from the Internet.

    So I did. Was this a sham? Did I just download a virus or something? I have no idea, only that now all my websites get blocked and warnings pop-up constantly.

    HELP ME!!!!

    Melissa

  17. Glenn on July 22nd, 2008 12:49 am

    http://www.precisesecurity.com/blogs/2008/06/26/antivirus-2009/#comment-58960
    go check out this site, the program the webmaster suggested worked great for me. I was very skeptical at first but tried it out of desperation. It is shareware, they do want you to buy the full program, but there is no intrusive marketing and it actually removed the issue for free.

  18. AntivirusExpert on July 22nd, 2008 10:32 am

    Quite well-done spyware pushing. I guess with advertising on behalf of google (what a trick!) this scam extortion is gonna have even bigger “success” than its predecessors, XP antivirus and antivirus xp 2008. Man, why Windows users get all these problems?..

  19. Antivirus XP 2008 and avxp2008.com | SwoofWare » Official Site of Matt Smith on July 23rd, 2008 5:08 pm

    […] been monitoring my traffic a fair amount over the past few weeks since I first published XP Antivirus 2008 and Antivirus 2009 are evil!. It looks like things were starting to taper off a little but has jumped up this week and in […]

  20. something on July 26th, 2008 3:20 pm

    Thank you soo much! I had XP Antivirus 2008 on my computer for about a week or 2 now and it just wouldn’t go away. I did everything you said. I deleted it, but it still kept taking over my browser when i went on the internet. Like every website i went to, Xp antivirus would keep coming up, and that google tips thng was there too, even after i deleted antivirus from my computer. I was so fed up with it, having to keep refreshing my page and hitting the back and forward buttons like 15 times just to finally get to the site i wanted to go to.

    Viruses and spyware have never been a problem with my computer, until XP antivirus came along, but i finally got rid of it. (entirely, every part of it gone) and this is how i did it: (i forget where i got this from but another guy did this. So i’m telling you what he told me, I’m just trying not to take the credit)

    1. First enter safe mode on your computer and go to your account, not admin.
    2. When on safemode. Go to “my computer” by either going to the start button or if you have the my computer icon on your desktop. After that click on the “local programs (c:)” thing. Then go to program files.
    3. Under program files, whatever Xp antivirus thing you have should be there. It should have its own folder and 1 file inside of it. (for me it was XP Antivirus 2008 and the file was xpa.exe)
    4. Delete that folder to send it to the recycling bin, then delete it from there.
    5. Restart your computer in normal mode, and go to this site (free.avg.com) to download there “free” antivirus software. Yes, it is free if you download there free version. They have other versions but you only need the free one.
    6. After you’ve downloaded it, update it by clicking the “update now” thing and when it is done updating, run a scan over your whole computer. It should find whatever the virus is and then just remove it.
    7. After that go to your start bar and click on “run” in there type in “msconfig” and a folder should open. go to the far rightest tab. There should be a list of folders and things with a box next to them. Make sure you uncheck the one that says “xpa” (it was on mine, i don’t know if it will be on yours.
    8. That’s it, it should be gone. I hope it works (it worked for me) :)

  21. marcus on July 29th, 2008 1:54 pm

    have you tried running smitfraud and smitrem,run them both in safemode

  22. andrea on August 6th, 2008 9:45 am

    If you can, the best thing to do to get rid of them is to recover your computer, it’s kind of pain, but it workes. That’s what I did, after going around circle for hours!!!

  23. KevinG3 on August 18th, 2008 3:18 pm

    I run a small computer service shop, This thing no longer qualifies as a virus, it is probably more accurate to call it a plague. I rarely see the same virus twice, never mind 25 times in 14 days. Considering that I have to provide a warranty for the service i provide i can suggest nothing to my customers short of a compklete format and reload of windows. Even when I can rid a computer of this infection, there is soo much collateral damage to windows that I cannot return the computer to pre-infection functionality, and guarantee that it wil stay that way.

    There iks not ONE AV or antispyware program that will stop this thing from getting in to your computer .
    Even if you get “rid” of it, Regedit is now gone, your AV program no longer works, nor can it be reinstalled.

    The only good news is that it does not corrupt personal data.
    Save your Documents folder and reformat. Anyone tht says they have found a magic bullet to get out of this one hasn’t tried to use windows afterwards.

    listen to Andrea, she knows……..

  24. jp on August 18th, 2008 11:20 pm

    wat sux is dat virus effected my computer so much my internet barely works so i cant go to dat web site dat guy b4 Marcus was talkin about

  25. KevinG3 on August 21st, 2008 12:00 pm

    JP,
    Smitfraudfix is a great tool and it used to be enough to rid yo urself of this virus, but no longer.
    The latest version of XP antivirus 2009 causes more damage than the tool can repair. I have seen computers in the last 2 weeks that no longer had REGEDIT, or any icons in control panel, just a blank page. That is some of what I was refering to as collateral damage in my first post.
    I have seen both AVG and Norton remove infected files that leave windows next to useless, but the infection IS gone.
    The only good news remains that all personal data is left intact.
    I have nearly lost my data recovery computer a couple times, a very scarey scenario considering how many of my customers lives are on that hard drive…..

    The most important lesson here……
    Why can’t ANY antivirus programs catch this thing on it’s way in????
    It is unforgivable that MS hasn’t patched windows to stop access to it’s OS. by this virus, I find it unbeleivable that EVERY AV company is incompetant.
    it’s been a month now that this virus has been wreaking havoc around the world. C’mon MS ……fix this hole in Windows.

    as an aside, kinda funny actually, I went to download.com to get AVG yesterday and guess what was a sponsored link on the page for AVG, you got it, XP Antivirus 2009!!!
    These guys are soo good at what they are doing, imagine if they were on OUR side!

  26. JamesT on August 22nd, 2008 11:46 am

    System Restore can work wonders. I had a user install XP Antivirus 2008 earlier this week. He quickly came to me and told me what he’d done. I took a look at the system and then quickly did some research on the best ways to remove it.

    The first action I decided on was to perform a System Restore to a previous point in time, PRIOR to the malware infection. Thankfully, he had a restore point that was created only a couple of hours earlier. I selected that restore point and performed the restore. All is well.

    CAUTION: before you perform a System Restore, be familiar with what it will and won’t revert back. ALWAYS backup your data before performing a System Restore. Typically, System Restore won’t cause you to lose data, but I have seen it happen. Please backup your critical data first.

    LASTLY, the changes System Restore makes are reversible! Plus, it is always best to scan your system for viruses, malware, etc. even after performing a System Restore. I like to use McAfee Antivirus, SuperAntiSpyware and Windows Defender and occasionally HijackThis. There are other good anti-malware programs available, but I have refined my preferred list down to these (for now… my list is always changing as new and better programs become available).

    Here’s more information I’ve found to help explain System Restore. It can surely save a lot of time and hassle when it comes to malware infections!

    http://searchwarp.com/swa78730.htm

    http://technet.microsoft.com/en-us/library/bb490854.aspx

    http://www.bleepingcomputer.com/tutorials/tutorial56.html

    Hope this helps you!

    -JamesT

  27. jasmine on August 23rd, 2008 12:28 am

    I was just dealing with this - Malwarebytes cleared it up with ease.
    http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

    “Have your family and friends switch from IE to Firefox.”

    *rolls eyes to infinity* Nothx. They’re both lame…

  28. Silvamord on September 3rd, 2008 4:11 pm

    Get a copy of ERD commander 2005
    Fixed it in minutes using regedit

  29. David on September 5th, 2008 5:57 pm

    Hey Matt,

    I remember getting the same kind of call from Aunty about this particular nasty. I spent a couple of hours trying to get rid of it and did so successfully. (though it was the 2008 version)

    I had the same sort of problems you did, I did some research on it and found some removal steps, and even then I still had problems.

    I use the same tools you do, though my combination is ad-aware,spybot s&d, hijaackthis, and good old regedit, and task manager.

    to cut a long story short, I had to kill the rouge program that was running before I could do much(watch out is changes names) and writes the name down( thats helps I found out), I then had to dig through the logical places in windows registry to find where this program is run from. it was a PITA

    but i was successful in removing it. ( I did this without doing a system restore, or having to reformat thankgod)

    so I hope you have it removed from your dad’s computer.

    cheers,

    dave

  30. Anonymous on September 25th, 2008 6:32 am

    Malwarebytes gets rid of it pretty easily.

  31. HomeComputerGuide on October 4th, 2008 3:46 pm

    XP Antivirus 2008 is a very popular and destructive virus. The part most people miss is getting their deskop back. I’ve removed it from several computers using these instructions:
    Removing Antivirus XP 2008 and Restoring Your Desktop

  32. ulatif on October 13th, 2008 3:24 am

    Good one Matt,

    I had the similar problem when my dad called me up that when he opens ‘google’ it says the computer is infected with virus. A little hard to believe initially as I was not aware of this… but thank to LogMeIn (btw its free compared to your CoPilot suggestion) we got around the problem.
    It was pretty annoying though

    Reg
    ulatif

  33. danny on October 19th, 2008 5:15 pm

    I went to system restore once i did it poped up antivirus2009 i had verizon sercurity, but when i restore to an earlyer date verizon was not on there. I tried afew things it would stop downloads. I just paid 49.99 because i thought it was liget. i re-downloaded verizon sercurity and everythings good. im trying to get my money back from antiv-2009.

  34. danny on October 19th, 2008 5:19 pm

    i lust paid antivirus 2009 49.99 it stop then i re installed verizon sercurity call me i’ll tell u 443-622-5660

  35. john on October 24th, 2008 11:54 pm

    hello all, i had this virus myself until i went to http://forums.majorgeeks.com/showthread.php?p=1229620 so now im just spreading the message cuz i know how horrible and annoying this is and i only find it as a duty to do so. these guys are exactly what the link says, computer geeks, and great help. i fixed it following their instructions. just go to the link. good luck

  36. garrett on November 24th, 2008 3:07 pm

    Seems weird that a public, user-supported help forum can come up with a common fix to these viruses before the overpaid Antivirus companies themselves do???? SDFix and MBAM work great… 2009 combines with tdssserv rookit to require you to change the executable filename so it can’t stop it. http://www.portcitytechsolutions.com

  37. JenniferMayers on December 4th, 2008 7:09 am

    i don’t know about xp antivirus2008 thing but antivirus 2009 is damn scam. i hope creators of this thing will get punished one day :/

  38. Marc Mueller on February 9th, 2009 9:58 pm

    Last year I fought the battle with Antivirus 2008 and finally got rid of it.

    This year, during a google search for something else, Antivirus 2009 popped up on a web search. I stopped it before it could load but it still left an annoying icon (red dot with an X in it) that claimed I had a virus and would bring up the Antivirus 2009 web page.

    At this point, McAfee would halt the page and inform me that it had stopped a Trojan horse.

    Using WIndows Task Manager, I found the icon could be stopped by ending process SYSTEMINIT.EXE

    Mcafee showed me the process was to be found in
    C:\Documents and Settings\User\Local\Settings\Temp\systeminit.exe

    I was able to delete it there and am hoping this is the end of it.

  39. james fortunato on February 18th, 2009 11:04 am

    Beware,
    There is now a vundo trojan out there that Malwarebytes AntiMalware can’t fix (all of it). IT seems like it does but the bad guys have found a way to fool MBAM. The virus goes under the name Spyware.Monster.FX_Wild_0×00000000. It also downloads the same antivirus 2009, and antispyware2009, Antivirus 360, etc. But it gives you a BSOD also. I believe the BSOD may not be real but a picture of one. It also does nasty stuff to your MBAM and other AV. Still researching it. Look out for it.

  40. azfreetech on February 21st, 2009 2:13 pm

    I have had many run-in’s with the Antivirus XP/Vista/2008?2009/360 over the past year or so and I have found three key pieces of free software that can be used to remove it. Just run a Google search for these files and you will find them.

    First I run combofix because this kills the system process for it and then begins deleting those files which allow it to start when the computer is started. This can be run in safe mode or in just the regular running mode but quite often it’s so far advanced that I have been forced to run it in safe mode.

    Next I run Malwarebytes. This removes the malware portions of this nasty little bugger and finally I run SuperAntiSPyware to complete the removal process.

    Unfortunately I have had a client that did not follow my advice and he continued trying to use the infected computers. In doing so the malware over ran the computer to such an extent that even the tools I use were unable to do a complete removal and as a result the drive had to be reformatted. I don’t normally see that but it just recently happened.

    We have seen some computers on the network at my work with Antivirus 360 and our IT department has yet to “figure out” how to get it removed. I have offered to help them but they haven’t contacted me yet. Some of you may be wondering how it’s even spread and after some research I have noticed a pretty common pattern. It’s being spread through infected ADS on web pages.

    Initially when it was coming out, the hackers were actually adding iframe code to web pages (hence infecting the site itself) but thay have since moved on to spreading it through infected advertising. Many sites make money by posting banners and other ads and the hackers are infecting those ad so when the site loads, your computer becomes infected.

    Hope this information helps!

  41. SEO Tools on March 6th, 2009 7:32 am

    I had a similar problem with AVG Free (yes, I know why are you using that!?) having now removed it and obtained a copy of SUPER Anti Spyware this seemed to cleanse my system entirely. Backing up the registry before hand is advisable however, given one of your commentors can vouch for the problems in letting the software delete what it wants!

  42. antivirus 2009 on March 17th, 2009 3:38 am

    a lot of people have talked about the incredibility of antivirus 2009…

Got something to say?





MyHomePoint

Having trouble keeping track of everything going on at home? Is the refrigerator organizer not cutting it anymore? We feel the same way...
Check out MyHomePoint »

Latest Blog Posts

Close
E-mail It