fortypoundhead.com

Remove Antivirus 2008 / 2009 etc.

Posted On 2008-10-20 by FortyPoundHead
Keywords: Scam Malware Antivirus Trojan Remove Zlob Vundo
Tags: Security Tip Tutorial Windows XP Vista Windows 2000
Views: 1499


Antivirus 2009 is a new rogue anti-spyware program. It is also a clone of Antivirus 2008 - also a rogue, and one that's produced more clones than any other recently. The list of these clones is long: System Antivirus 2008, Ultimate Antivirus 2008, Vista Antivirus 2008, XP Antivirus 2008 etc.

Like any other of it's predecessors, Antivirus2009 uses trojans, such as Zlob or Vundo, to spread. These trojans lurk in porn/warez websites disguised as video codecs, and, upon entering the system, floods the user with popups and fake system notifications, supposedly to inform him of an infection. While the system at hand may indeed be infected, Antivirus 2009 will inform the user of this regardless of whether it's true or not. The point of this disinformation is to convince the user he is infected and therefore needs an antispyware program to dispose of the threat.

The user might click on one of the popups or notifications, all of which claim they will take him to a legitimate security tool, but try to make him purchase Antivirus2009's "licensed version" instead. Antivirus2009 may redirect web browser to GoogleScanners-360.com, BestAntivirusScan.com and SecureClick1.com websites that sell the malware. Antivirus 2009 is a scam and should be treated as such: do NOT download or buy it.

Follow the steps below to manually remove this nasty piece of malware.

Kill processes:

av2009.exe av2009[1].exe

AV2009Install.exe

Antivirus2009.exe

Delete registry values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\15358943642955870504508370025739

HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe”

HKEY_CURRENT_USER\Software\Antivirus

Unregister DLLs:

shlwapi.dll

wininet.dll

Delete files:

av2009.exe

av2009install.exe

av2009install_0011.exe

av2009[1].exe

Antivirus2009.exe

ieupdates.exe

scui.cpl

%program_files%\\antivirus 2009\\av2009.exe

%startmenu%\\antivirus 2009\\antivirus 2009.lnk

%startmenu%\\antivirus 2009\\uninstall antivirus 2009.lnk

winsrc.dll

%desktopdirectory%\\antivirus 2009.lnk

winsrc.dll

ieupdates.exe

av2009install_0011.exe

av2009install.exe

%program_files%\\antivirus 2009\\av2009.exe

Delete directories:

C:\Program Files\Antivirus 2009


About the Author

FortyPoundHead has posted a total of 1974 articles.

 


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.80.169.119

Before you can post, you need to prove you are human. If you log in, this test goes away.




Recent Forum Posts

Advanced search added
dwirch posted on September 23, 2017 at about 13:44 in Site News

Job Spammer: Gaurav Mehta - AgreeYa Solutions
dwirch posted on September 22, 2017 at about 10:35 in Spammers

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers