My computer is being attacked by a program called Antivirus 2009. A message keeps popping up at the bottom of my screen saying that I have a security problem, and occasionally windows start popping up, prompting me to install programs and run scans and blah blah blah. Can someone please help me? I need to get this off of my computer ASAP.
I cannot find Antivirus 2009 when I search for it.
Nothing is working — please help, and fast
Related posts:
4 responses so far ↓
1 Karla // Nov 17, 2008
We had this - it was terrible.
Here are a few sites to check out; if you can’t get to them on your infected computer, use another or borrow a friend’s and download the install files to a USB or burn them to a CD (beware: the USB may get infected if you put it in an infected the infected computer).
http://www.spyware-techie.com/how-to-remove-antivirus-2009/
http://www.spywares-remove.com/antivirus2009-antivirus-2009
http://www.stopzilla.com/products/stopzilla/landing.do?AID=10034&CID=ANTIVIRUS%202009&inf=ANTIVIRUS%202009&t=r&d=92008&gclid=CO-16Nb0-5YCFRs-awodWXrOXw
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009
Good Luck
2 Kuroi Shinigami // Nov 17, 2008
Boot your computer into safe mode by tapping f8 during startup,and scan your computer with Avast! or whatever AV you use/
HTH!
3 jabiilord // Nov 17, 2008
Step 1 : Use Windows File Search Tool to Find Antivirus 2009 Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "Antivirus 2009" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "Antivirus 2009", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Antivirus 2009 in the following manual removal steps.
"Antivirus 2009" files can be found in the directory path(s):
%ProgramFiles%\AntivirusPro2009
%ProgramFiles%\AV9
%ProgramFiles%\Power-Antivirus-2009
%UserProfile%\Start Menu\Antivirus 2009
%ProgramFiles%\Antivirus 2009
Step 2 : Use Windows Task Manager to Remove Antivirus 2009 Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for "Antivirus 2009" process by name.
Select the "Antivirus 2009" process and click on the "End Process" button to kill it.
Remove the "Antivirus 2009" processes files:
AntivirusPro2009.exe
%PROGRAMFILES%\Antivirus 2009\av2009.exe
ieexplorer32.exe
AV2009Install[1].exe
Power-Antivirus-2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\Program Files\Antivirus 2009\av2009.exe
AV2009Install_880405[2].exe
AV2009Install_880405[1].exe
av2009[1].exe
AV2009Install.exe
Antivirus2009.exe
av2009.exe
Read more about How to kill Antivirus 2009 Processes
Step 3 : Use Registry Editor to Remove Antivirus 2009 Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Antivirus 2009" value, right-click on it and select the "Delete" option.
Locate and delete "Antivirus 2009" registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\75319611769193918898704537500611
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2009
Read more about How to Remove Antivirus 2009 Registry Entries
Step 4 : Use Windows Command Prompt to Unregister Antivirus 2009 DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Antivirus 2009 DLL file is located and press the "Enter" button on your keyboard. If you don't know where Antivirus 2009 DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Antivirus 2009" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Antivirus 2009.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Antivirus 2009" DLL files:
%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
c:\WINDOWS\system32\winsrc.dll
Read more about How to Remove Antivirus 2009 DLL Files
Step 5 : Detect and Delete Other Antivirus 2009 Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Antivirus 2009" process and click on the "End Process" button to kill it.
Remove the "Antivirus 2009" processes files:
AntivirusPro2009.exe
ieexplorer32.exe-removed_skip
ieexplorer32.exe
AV2009Install[1].exe
Power-Antivirus-2009.exe
%UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
%UserProfile%\Desktop\Antivirus 2009.lnk
c:\WINDOWS\system32\scui.cpl
c:\WINDOWS\system32\winsrc.dll
c:\WINDOWS\system32\ieupdates.exe
c:\Program Files\Antivirus 2009\av2009.exe
c:\Program Files\Antivirus 2009
AV2009Install_880405[2].exe
AV2009Install_880405[1].exe
Uninstall Antivirus 2009.lnk
Antivirus 2009.lnk
av2009[1].exe
AV2009Install.exe
Antivirus2009.exe
av2009.exe
%PROGRAMFILES%\Antivirus 2009\av2009.exe
Or visit this web site …. down on that page you will see this:
http://www.spywareremove.com/removeAntivirus2009.html
4 Dunbar Pappy // Nov 17, 2008
Antivirus (2009. et al)and variants;
Don’t feel lonesome, hundreds of thousands of Internet Explorer users are getting this virus (masked as a ‘Security’ tool). It is prevalent on the ‘My Space’ site.
It is an especially nasty one, and must be removed with one (of several) specialized utilities.
I’ve not tried them all, but I have prescribed ‘Malwarebytes’ & it worked.
http://www.malwarebytes.org/mbam.php
The reason people get it is they allow “3rd Party Cookies” and ‘Active ‘X’, which in this case displays some type of icon, or pop-up warning, which in reality is a ‘Click-jacking’ whereby the real action you perform is hidden behind the visible display; so when you tick anything, the malware installs itself.
Unlike typical pop-up advertising (stopped with available blockers) 3rd party cookies are entirely different critters.
Turn off “3rd Party Cookies”, and always leave them off.
INTERNET EXPLORER: Tools> Internet Options> Privacy> Advanced: here check ‘Override automatic….’; ‘Allow session cookies’; ‘Allow 1st party cookies’; & ‘Block 3rd Party Cookies’.
FIREFOX: Tools> Options> Privacy: here UN-CHECK ‘Accept 3rd Party cookies’
OPERA, et al: not sure, check under ‘options’ for this.
Because architecture of the Internet (notably ‘Flash’ scripting), vulnerabilities are readily exploited in Internet Explorer, & it is now urgent that you use
Firefox with current ‘NoScript’ add-on, which will prevent “Click-jacking’.
NoScript: https://addons.mozilla.org/en-US/firefox/addon/722
Leave a Comment