Simple talk and how to's for those Gizizmos, Gagets and More
 

Need your own website?


Custom Search

 

Dealing with Antivirus 2009

By Lee Brannon

 

What is Antivirus 2009 ?  Antivirus 2009 is a malware program that pretends to be an antivirus software package.  This particular program is a complete fraud. It pops up a phoney scan showing infections and pops up messages telling you that your machine is infected.  They are scaring you into giving them your credit card info. If you make the mistake of getting it installed It also hijacks your browser, redirects your searches and fouls up your efforts to find something to remove it.  It is Malware pretending to be antivirus.  (If you registered it with a credit card, do yourself a favor and call your credit card company NOW!)

Unfortunately I have seen websites that execute the installer for this thing when you open the web page for the site. It is easy for someone to get this infection which is why people should use AVG's and Googles page warning systems. See the article on “Cautious Surfing getting easier” in the Ineternet and Web section of this site.
Why is this thing such a problem.  It mutates.  The program makes registry entries, but randomly changes the names of the keys and Dwords etc. .  That's why most programs can't pin it down.

This is how I got rid of it on a laptop that had the infection.  I used a combination of  Spybot Search &  Destroy  and AVG.  AVG is mainly for viruses and Spybot is mainly for malware.  I currently use both.


Note: Some websites and meaningful but uninformed people will tell you that certain anti-malware and Antivirus programs will not get rid of this malware.  This is not true.  The problem is that when you download these programs they generally have outdated definition or removal files in them. These old copies do not contain the updates for this particular problem. Since Antivirus 2009 hijacks your browser you can't get to the updates and install them.

Downloading and Installing Spybot Search &  Destroy and AVG

Note: ObviouNote: Obviously since you are more than likely having difficulties getting to websites you will need to do the downloading part of these instructions from another computer that is not infected. Use a thumb drive or burn a CD to move the files to the infected computer. ( Most likely you are not reading this from an infected machine since you probably could not get to this page.)

Also, the install of either program is fairly simple, just follow the screen directions, but do the installations and scans in the order I have listed here.

  1. Turn off any antivirus you are currently running until this process is done.(It will interfere.)
  2. Download the Spybot Search &  Destroy files to your hard drive.
  3. Download the Spybot Search &  Destroy Include files (Now refered to as "Detection Updates" to your hard drive. )
  4. Install Spybot Search &  Destroy if you don't already have it. (Make a note about where Spybot installs to)
  5. Double click the spybotsd_includes.exe and tell it to install into the folder where Spybot installed.
  6. Run Spybot Search and Destroy and have it "Check for Problems".  It will take a long time, but it will clean off a lot of stuff.
  7. Tell it to remove all the things it found.(Remember, the program itself may not go by the name you think it is using and you may have a Trojan that is re-installing it..)
  8. Now download and install AVG 8. Note:  This link is to the CNET download which is a thirty day trial. See note below.
  9. Run a full scan of your system with AVG and tell it to remove anything it found.

Once you have the problem under control check for updates with both programs.

Notes about AVG: if you are running AVG 7.5 you should upgrade.  Not to confuse matters, but you may be able to get the full FREE version.  AVG seems to be going through some changes. As mentioned for some strange reason many of the popular download sites only have a 30-day Trial version. There is a Free AVG web page with the free version.  That site is here Free AVG8 www.freeAVG.comand The AVG site wwww.avg.com  has the Cnet download on the main page, but there is a Tab that takes you to the free version on the old site www.grisoft.com (grisoft was formally the companies name)


Using Other Methods


There are so There are some places with manual instructions for removing the program, but you have to disable and or remove several .dll files, modify the registry (which can screw up a system) and since it changes what it puts in there it is difficult to track.  However, if the Spybot AVG combo does not work there is another program called Malwarebytes that will supposedly remove it.

Malwarebytes:

Several post on the net recommend this program for removing Antivirus 2009.  You can download Malwarebytes from CNET’s download site. If you go to their site it redirects you to CNET for the download anyway   I have run The Malwarebytes program, but have not had a chance to test it’s removal of the Antivirus 2009 infection.

Download Download Malwarebytes.

 

A note about Spybot Search & Destroy:  Once installed if you chose to immunize your system against new infections this program will perform “blocks” whenever a change to the system or a .dll etc. occurs.  It will pop-up and ask if you want to allow the change.

 

I plan to write a more general article on the subject of viruses and malware in the near future, but I have come across this particular problem several times now and had several people ask me about the same issue, so I decided to address this more urgent topic first.

 

Got questions?  Drop a message into the forum or send me an email through the contact page.

 

 

 

 

 © 2009 Lee Brannon All rights reserved.
Always seek professional help: s="style18"> The tips presented on these pages are meant as a guide to help you get answers to your questions or to point you in the rightdirection. The website author recommends that anyone who is not comfortable with the technology being discussed contact a professional for assistance. Recommendations and reviews are based on the authors own experience with a process or product.  Your results may differ. The website author is not responsible for problems, loss of data or other complications derived from the use of the information presented on this site.   Terms of Use and Disclaimer.