antivirus 2009

[dan2229]

I just got the trojan malware Antivirus 2009 which gives false positives for trojan horses and the like. It then wants you to pay for the full version to get rid of them. It is effecting my IE. I can use Firefox without any problems.

Antivirus 2009 shows up in the All Programs list and has an uninstall feature. When you use the uninstall, it says that the uninstall was successful, but it is still there and highjacks web pages when you go to use them. Antivirus 2009 does not show up in the list of Install/Uninstall of the Control Panels. Go figure!

I have done several Google searches for removal tools and have looked at a couple tools that look promising. However, I want to get rid of this virus and wanted to know if anyone else has had the same problem and how they got rid of it. Manual removal of the virus is supplied, but each website shows slightly different items to delete. One page had three times as many items to delete. All the pages warn of the dangers about removing items manually, but I am not sure that these are reliable since they are selling a product.

One removal tool is the free scan from SpyHunter. Then you pay for the full version to remove the virus. Another is SpyZooka. SpyZooka guarantees 100% removal. I also read a blog that tells how easy SpyZooka is to use.

Is there a free removal tool that I have missed? I didn't find one at Nortons or McAffee.

I have used SpyBot and AdAware to scan the entire drive and also ran a full scan with Avast with the most recent virus definitions.

Thanks for your help.

 

[wahnula]

That's one of the biggest issues with malware...you never know WHAT to believe, everyone has something to sell you and it's hard to tell the real deal from the fakers. Don't believe everything you read...except here, of course, where there is no commercial incentive.

First, I would go to TrendMicro's Housecall to try and remove it from there. Some other free apps to try:

A-Squared Free
AVG A/S
Windows Defender

For paid software, MalwareBytes and Sunbelt's CounterSpy are both excellent.

You can also try posting a HijackThis log here, and letting the experts have a look.

Tony

Users helping Users...

 

[dan2229]

Tony,

Thanks for the quick reply. Today I downloaded Windows Defender and SpyWare Terminator and ran scans. Also did the Innoculation feature of Terminator.

Avast did find a threat will running the Terminator scan, and I moved it to the "chest."

I will try these others in hopes of getting rid of AV 2009.

Sleazy world we live and surf in!

Daniel

 

[2ffat]

One of our users was using a out-of-date AV and got it. It took several tools to completely remove it. We used McAfee, CCleaner, Spybot, HiJackThis, and Anti-Malware to finally get rid of it.

One trick we learned is you have to open up the AV tool you are going to use but not start it, then stop Explorer, and finally run the tool. This seemed to work better on this piece of $@#$%^ than running in safe mode. Although by the time we found out about it, it had downloaded some other junk that was removable via safe mode.

Once you stop Explorer, you won't have access to any icons so that is the reason behind opening the tool you want to use first.


James P. Cottingham
-----------------------------------------
^{I'm number 1,229!
I'm number 1,229!}

 

[dan2229]

Update on the situation. I used the following scans so far in this order: SpyBot, AdAware, Full scan with Avast with updates, Windows Defender (which told me my computer was clean), SpyWare Terminator (found several cookies but no viruses), Trend Micro HouseCall (twice - also found some cookies), and the winner of the lot, A-Squared Free.

The A-Squared found gobs of stuff. Mostly low risk but a few medium risk items and three high risk Trojans. I did the deep scan which took about an hour. Oddly enough Antivirus 2009 was listed as low risk!

Here is another weird thing. While scanning with A-Squared, the Avast would find a Trojan and flag it. I sent it to the chest (quarantine). I got three or four warnings which were all quarantined the same way. It seemed to be the same trojan each time.

I can now use IE without it being hi-jacked. Which seems to suggest that the AV 2009 has disappeared and did not replicate on start up.

I still have Spyware Terminator running along with A-Squared. Is it wise to allow both to operate at the same time? I am thinkning since A-Squared found more, it should be the one to use. Opinions?

Here's hoping it stays away. What a pain!

Thanks for your help.

 

[sggaunt]

I never heard of A-Squared, are you sure this one is OK wahnula?

These two are defiantly OK. and will find more stuff than most.

DrWeb Cureit and SuperAntiSpyware.
but as you would expect the scan times are long. For best results run in safe mode.


Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

 

[wahnula]

"I never heard of A-Squared, are you sure this one is OK...?

I read about it in Maximum PC, and used it with some success. As for it being malware itself, it passed the CNet Review process and is available at Download.com, they are usually pretty reliable.

Tony

Users helping Users...

 

[G0AOZ]

Steve, I can also confirm that A-Squared is legit, and does a reasonable job...

The download is a single file a2AntiMalwareSetup.exe.

ROGER - G0AOZ.

 

[mofusjtf]

This is a nasty one. If you right click on the icon that is placed on your desktop you will see the path to the program. Find this in task manager and kill the process. Also remove the program files folder, the start menue folder and the desktop shortcut. Next look at the registry for the program name under these two keys.

HK Current Users/Software/Microsoft/Windows/ShellNoRom/MUICache

HKLM/Software/MS/Shared Tools/MSCONfig/StartupReg/

Finally, I use similar tools to 2ffat. I run them in the following order.

CCCleaner
Trojan Remover (you can download a fully functional 30-day trial.)
Malware Bytes
Spybot
And run a virus scan with their updated client or an online scanner.

This has proved to be successful for me a number of times.

 

[Amboyduke]

This was never said but turn off system restore before getting rid of the malware/viruses. This was you know that they wont reside in there after a restart.

 

[caluke1521]

Hi i think i may have a virus. When using internet explorer random pop ups come up that dont get blocked by a pop up blocker they have different advertisments or say that i have viruses on my computer. Also after using it for a while the start menu at the bottom will dissapear and so will the programs on my desktop. The only way then that i can opperate programs is by using task manager. Also different warnings come up about problems with system32 or rundll32 or other exe. I dont know what the problem is but im hoping that someone can help me out. I think the problem may have started when trying to downloiad av09 but i didnt fully download it so i dont know. Thank you

 

[sggaunt]

caluke1521:
Please run a Hijackthis scan and then
[red]Please post the results in a new thread.[/red]

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain