RealTown's RealTalk

I have had one hell of a time the past month fighting off some computer viruses. Has anyone had a problem with something called Antiviruis 2009? Muy computer service tells me that this is really a viruses in disguise. They say that what they do is they get into your system by appearing to be a Microsoft message. Then they hit you up for virus protection. The problem, according to the computer people I use, is that they actually download obnoxious viruses onto your computer then charge you to remove them. Then of course a few weeks later they return and they charge you again. They really do not protect you from anything but the viruses they put on your system.

Can anyone tell me if they have had any experiences with this thing called Antivirus 2009?

Thanks

Tom Hathaway

Yes, this fake  XP/Vista 2008/2009 AV malware is really annoying.  It's the worst one I have experienced since I encountered CoolWebSearch some years ago.

I got it on my wife's PC and you can't even browse for a fix using IE.  Fortunately she had Safari installed accidently during an iTunes update (that's another story) so I was able to use that to find the solution.

Randall has the cure and it's probably the only one that works.

I have had problems with Anitivirus 2009 on my laptop.  I was so frustrated that I put it away for a month and just used my desktop.  After I reopened it, the problem was gone!  It has never come back. 

Rosnne Wells

RE/MAX Town and Country

Woodstock Ga

Hi Tom,

Ouch, yes, it's one of the most annoying ones out there. I personally
have had to fix 6 laptops with the same issue. The first two I did
using the following procedure, but the last four I reinstalled (I'll
explain why below):

1.) Boot up and stop all task bar services (you will likely have to use
the Windows Task manager to stop the AV2009.exe process).
2.) Clear out all the temp directories and Internet Browser caches
(empty the folders like \Windows\temp, Docs and Settings\Local\Temp
(hidden folder), \temp, and any others they had). Mind you that some of
these, and the ones I have noted below are in hidden files and folders
so you will need to Click on Tools, then View, then Show hidden files
and folders and show system files. Then they will appear.
3.) Deleted the folder (and all contents) that was created in \Program
Files called Antivirus 2009.
4.) Ran AVG (or equivalent antivirus program, make sure it has the
latest virus updates).
5.) Ran Windows Defender (free download). Make sure it has the latest
spyware updates.
6.) Went and hand checked the registry of the computer.

Here's a list of some of the files and registry entries that you are
going to be looking for (but please remember, they are not always the
same, so look for similar).
The Antivirus 2009 Files:

Docs and Settings\<username>\Desktop\Antivirus 2009.lnk
Docs and Settings\<username>\Application Data\Microsoft\Internet
Explorer\Quick Launch\Antivirus 2009.lnk
Docs and Settings\<username>\Local Settings\Temporary Internet
Files\Content.IE5\S96PZM7V\winsrc[1].dll
Docs and Settings\<username>\Start Menu\Antivirus 2009\Antivirus
2009.lnk
Docs and Settings\<username>\Start Menu\Antivirus 2009\Uninstall
Antivirus 2009.lnk
\Program Files\Antivirus 2009\av2009.exe
\WINDOWS\system32\ieupdates.exe
\WINDOWS\system32\scui.cpl
\WINDOWS\system32\winsrc.dll

The Windows Registry Information:

HKEY_CURRENT_USER\Software\75319611769193918898704537500611
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects
\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"75319611769193918898704537500611"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"ieupdate"

Note, the above process takes a very long time (since you are crawling
around searching for these things), and there is still a chance
something will be missed. So, my next bit of advice (which will
undoubtedly not be the most popular) is to do a complete reinstall (as I
did with the remaining 4). Taking all important files off in a backup,
and make sure you have all the software you need before you start, but
this is the solution I recommend most. The reason being, you never know
what little nuggets someone has hidden in malware or a virus. This is
the same approach we took at my old company where we supported tens of
thousands of desktops, and it's still an approach I take when just
supporting my own personal. It's the only sure way to ensure everything
is gone.

I wish you luck on the removal or the reinstall, whichever route you
take.

Regards,

Alex Wingeier, Head Geek
http://www.clrsearch.com

P.S. If you notice, I choose to run the antivirus and spyware as the
last few steps instead of the first few. The reason for this, is I
already am clearing the temp folders, so why spend unnecessary time on
running it on files you are already going to remove.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Tom Hathaway Licensed Real Estate Broker , TN December 9, 2008 7:27 PM I
have had one hell of a time the past month fighting off some computer
viruses. Has anyone had a problem with something called Antiviruis 2009?
Muy computer service tells me that this is really a viruses in disguise.
They say that what they do is they get into your system by appearing to
be a Microsoft message. Then they hit you up for virus protection. The
problem, according to the computer people I use, is that they actually
download obnoxious viruses onto your computer then charge you to remove
them. Then of course a few weeks later they return and they charge you
again. They really do not protect you from anything but the viruses they
put on your system.

Can anyone tell me if they have had any experiences with this thing
called Antivirus 2009?

Thanks

Tom Hathaway

I have had one hell of a time the past month fighting off some computer
viruses. Has anyone had a problem with something called Antiviruis 2009? Muy
computer service tells me that this is really a viruses in disguise. They
say that what they do is they get into your system by appearing to be a
Microsoft message. Then they hit you up for virus protection. The problem,
according to the computer people I use, is that they actually download
obnoxious viruses onto your computer then charge you to remove them. Then of
course a few weeks later they return and they charge you again. They really
do not protect you from anything but the viruses they put on your system.

Can anyone tell me if they have had any experiences with this thing called
Antivirus 2009?

Thanks

Tom Hathaway

---

Don't any of you folks out there use Firewalls to protect your systems?

Have a great day!

Best regards,

Paul Silver
Focus Professionals, Inc.

> Don't any of you folks out there use Firewalls to protect your systems?
> Paul Silver
> Focus Professionals, Inc.

Firewalls can't protect you from this type of threat.  Firewalls protect you from things coming into and going out of your system, usually trying to use a backdoor to get in. Most firewalls, probably yours included Paul, aren't even properly set up to keep out intruders, nor keep information from being sent out from your machine by a trojan for instance, perhaps a keylogger.

The type of program that Tom got infected with tricks the user into installing it. Once installed, it is very difficult to get rid of, especially this new varient of another virus that worked in a similar manner a while back.

If something like that happens to you, try doing a system restore. This will usually remove all references to this type of problem. You can then go in and remove the junk left behind, but that's not always 100% necessary.  Leaving some of the junk could allow an accidental reinfection, but that wouldn't happen to most people.  Using the Windows system restore feature is usually the fastest way to get your computer working when something is obviously wrong.

Larry Perry
RealeSeller - Transforms Outlook Into a "Genuine Real Estate Software Application"
www.realeseller.com
(972) 377-9769

FYI - There is another similar infection that goes by the name of  "XP Protection Center" that seems to defy the manual removal instructions (both my sister and my mother-in-law were infected). In both cases, we resorted to a complete harddrive wipe and OS reinstall and restored to backup files (you all do regular file backups, right?!)

I also wanted to mention that BOTH of these computers were actively running McAfee Virus Scan Plus, and it did NOT catch this. Technically, this "virus" is NOT a virus - it actually falls under the category of "spyware / adware / malware" (for which McAfee sells a DIFFERENT product to protect against). But there is a FREE spyware scanner/remover that is very effective called SPYBOT XD, which you can download for FREE  at: http://www.spybot.com/en/spybotsd/index.html

Hope this helps some of you!

John Connolly