Antivirus2009 (Antivirus 2009) Removal Instructions

ishita
#1. July 11th, 2008, at 3:39 AM.

gr8 protector of pc
Nice posts.
Thanx

ts
#2. July 13th, 2008, at 3:50 PM.

Thank you so much for your help! I just wanted to pass along this information as well. I had issues when I was trying to remove the “winsrc.dll”. It wouldn’t allow me to, so I did some research and found this information:::

Information about the W32/Delf.INE Trojan:

W32/Delf.INE is a trojan. The trojan will infect Windows systems.

The trojan may be dropped by other malware or may be downloaded from remote website by other malware. It may also be downloaded unknowingly by a user while visiting malicious Website.

Upon execution, the trojan drops the following files and terminates itself.

ieupdates.exe in the Windows System folder,
winsrc.dll in the Windows System folder,
winsrc[1].dll in the Temporary Internet Files folder.

The trojan modifies registry at the following locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32\ThreadingModel
HKEY_USERS\S-1-5-21-(SID)\Software\Microsoft\Windows\CurrentVersion\Run

It also tries to connect to http: // fastupdateservice .com/upload/.

This trojan first appeared on July 02, 2008.

Blueball Other names of W32/Delf.INE Trojan:

This trojan is also known as Win-Trojan/Xema.variant, Backdoor.Win32.Delf.ine, Win32/VMalum.DDEL, TrojanDownloader:Win32/Yektel.A, Backdoor.Delf.BERQ.

Maling
#3. July 14th, 2008, at 4:17 AM.

Nice Help!
BUT: If you delete shlwapi.dll, maybe the System won’t be able to start!

[Works with winlogon.exe]

Mary
#4. August 5th, 2008, at 6:17 PM.

How do you know when the **** antivirus 2009 nuisance program has been uninstalled and is no longer worming around in the system?

I’m no expert, so am paranoid that I missed doing everything I should to get rid of it.

Ian
#5. August 6th, 2008, at 11:05 AM.

can you stop messing with my computer by stopping me from running by blocking all i do with your nuisance software.

you have been warned

i will ensure that that i’ll mess up your business if you don’t stop accessing my computer illegally

Robin
#6. August 6th, 2008, at 1:03 PM.

Can I just use the “Download SpyHunter Spyware Detection Utility to remove the latest Trojan and Malware” download that is at the bottom of the instructions??? Will that work? I’m afraid of messing things up by doing it myself.

Taiwai
#7. August 9th, 2008, at 3:28 AM.

Can I delete all ’shlwapi.dll’ and ‘wininet.dll’ when I search them by runnig regedit?

Ed
#8. August 11th, 2008, at 1:58 PM.

Instead of doing all this,I just done a system restore and set the date a few days back before I had problems. No more problems at the mo!

Lorraine Connelly
#9. August 14th, 2008, at 11:06 AM.

My friend has just been infected by Antivirus 2009. He is running win2000 and is quite new to computers. On looking at his computer, I can find no way to sort this out, the C drive has ‘disappeared’ from My Computer. Task Manager is greyed out I cant get to it. From Settings there is only start menu, no way of getting to control panel. On googling the problem, no one seems to be so totally locked out as he is. Can anyone help please? On the bottom right of the Task Bar all that is there is the current time and VIRUS ALERT! He is running with AVG. Don’t know if thats relevant. Last resort would be a clean load, I reaaly don’t wanna do that!

Scott
#10. August 14th, 2008, at 4:22 PM.

This crap has taken over my computer. How can we sue or bring class action against this company AV2009.

Shoppach
#11. August 16th, 2008, at 2:05 AM.

Toll mine over around midnight on the 14 of august. What a pain. slmost fell for it and purchased the so called spy ware. is is protection from itself? That and inigma unto itsself.

Lakeside Design
#12. August 16th, 2008, at 2:16 PM.

Today AGV2008 was able to move to vault and delete. This is a good one, My Google web page TIPS box was even recommending I active it. I had to save a screen shot of that one
windows\system32\winsrc.dll
system volume information\_restore(38D3D385-AB49-432F….)\RP365\AO139675.exe
RECYCLER\……
So do forget to empty the trash can too.

JohnDoe
#13. August 17th, 2008, at 10:08 AM.

we’re supposed to delete all shlwapi.dll and
wininet.dll files?

Catrina
#14. August 20th, 2008, at 4:21 PM.

Deleted shlwapi.dll as directed and now the computer WILL NOT boot up, not even in safe mode. CRAPPPPPPP !

Anthony
#15. August 22nd, 2008, at 3:49 PM.

To: whom it may concern;

How can I stop win32/adware.vitumonde and win32/privacyremote.m64 associated with antivirus xp 2008 this is all a skim to take private citizens of their monies, I am very upset at the entire system. people paid for Norton sytem and it does not work at all.

oladapo bola
#16. August 30th, 2008, at 5:15 AM.

what can be dont to detect this like of spyware b4 it come intot the internet.i,m ifected with this AV2009.It slowed down all action my net,really bad it created fictious believe that without buying the software u re ruined.i ll take time to read all ur removal processes to be able to removal this nagging av2009999999999999999999999999

j2
#17. August 30th, 2008, at 5:22 PM.

The above instructions to delete shlwapi and wininet are wrong. If you try to do this, you should get an “access denied” message.

If you have some computer experience and boot in Safe mode to delete them, you won’t be able to start Windows.

Ilya
#18. August 30th, 2008, at 11:00 PM.

I just used Malwarebytes and it found 15 infected files with various Trojan’s. I used this software to remove all files and it said there were a couple it could not remove but the problem seems to be fixed. I’m not getting any more pop-ups and I’m not getting directed to the Antivirus 2009 site anymore. Anyone that seems to be infected by these f’ers sould download Malwarebytes. You can go to Download.com and get the software for free.

dj
#19. September 3rd, 2008, at 5:51 PM.

here is how you remove antivirus2009
if you didn’t take the bait. if you did i don’t know if this will work
ok first you need a program called ” eraser ” its freeware so download it. if i remembered a link i trusted would display
next stop the process in the task mgr (ctrl+alt+del) it should be labled as av……… something don’t remember exactly
go to the start menu
go to run
type in regedit
when it opens search for antivirus2009
delete all of the values
next make sure the process of antivirus2009 is still stop
then proceed to the start menu
open my computer
open local disk drive c:
open program files
then use eraser to remove
good luck

honey
#20. September 16th, 2008, at 2:24 AM.

i want to remove file block of antivirus 2009 from my pc…please help me…..thank you

john
#21. September 16th, 2008, at 10:02 AM.

after i searh i find shlwapi.dll and when i try to delete it says “make sure the disk is not full or write-protected and that the file is not currently in use” how can i solve that problem?

MJS
#22. September 16th, 2008, at 3:47 PM.

I think the instuctions on this web page are bogis. Don’t use them. deleting the files shlwapi.dll wininet.dll will mess up your computer even more. If you look on an uninfected computer these files are
already present and are needed to run the windows program. I think this web site is run by the very people who are creating the virus program. The infected files I believe are some where in system 32.
look for something that is not a micosoft file. It shouldn’t be there otherwise.

kum
#23. September 19th, 2008, at 9:45 PM.

I used Malwarebytes I’m not getting any more pop-ups and I’m not getting directed to the Antivirus 2009 site anymore. Anyone that seems to be infected by these f’ers sould download Malwarebytes. You can go to Download.com and get the software for free.

Caleb
#24. October 1st, 2008, at 11:06 PM.

Pay attention folks… The instructions at the top never tell you to delete shlwapi.dll or wininet.dll…… If you truly understand nothing on this page, take your computer to a professional or at least someone who knows geek-speak… Please… I’m just trying to keep you looking like a complete ID10T…

yman
#25. October 7th, 2008, at 7:22 AM.

I prefer(rosoftdownload.com/download/Windows/Kaspersky-Anti-Virus-2009) Kaspersky Anti-Virus 2009 because the program can be installed on infected computers, self-protection from being disabled or stopped, restores correct system settings after removing malicious software or it have tools for creating a rescue disk.

Lyall
#26. October 7th, 2008, at 10:43 PM.

After a number of frustrating failed attempts to get rid of this rubbish, Smitfraud Fix finally succeeded.
In my case, the recommended Safe Mode would not allow Smitfraud Fix to run. The program was burned to a CD and run from there. After that, there was still a suspicious browser help object on board, but the excellent HijackThis got rid of that!

Blah
#27. October 22nd, 2008, at 1:13 PM.

Move to linux, it’s the easiest way to not have to worry about getting a virus ever again…..

satisfieduser
#28. October 25th, 2008, at 1:59 PM.

I also used MalwareBytes’s software to get rid of this nuisance.

MrsMoney
#29. October 28th, 2008, at 2:43 PM.

I just found thins page after I had a pop up from Av2009 - I thought it was a hoax I’m just glad I didn’t install it, these people should be prosecuted. Good luck to all those that did install - I know what a pain these things can be from when I got an MBS from watching porn :)

Ugh!!!
#30. October 29th, 2008, at 10:19 AM.

What a pain in the …..!!!!!! Luckily I found this site & read Ed’s comment about simply doing a system restore back to a few days ago. Dare I say that I am now as good as new!!!!!!!

missty
#31. November 2nd, 2008, at 3:30 AM.

this antivirus2009 is really a pain in the ass! wish whoever made this virus will suffer for the rest of his life! actually, just having trouble now how to delete or remove this shit, and i’m glad to find this forum to learn more about antivirus2009! wish malwarebytes work for me now! so i could get rid of this damn virus!

Edith Ramirez
#32. November 5th, 2008, at 3:35 PM.

I want to remove this file for my computer, because I having a big trouble I NEED REMOVE THIS BIG SHIT! ! ! HELP ME

Thyson
#33. November 10th, 2008, at 6:34 PM.

The only way I have found to successfully fix this problem is to format the Hard Drive and re-install Windows. There is never any guarantee that you will not re-infect your PC by only doing 1/2 a job. Go to a professional.

MatrixEquilibrium
#34. November 12th, 2008, at 9:18 PM.

If you’re having problems with AntiVirus XP 2009, AntiVirus2009, Antivirus 2009, etc., then there is a free, simple tool to remove this malware called SDFix. I’m a malware specialist and I’ve done this on numerous computers that had AntiVirus 2009, and the infections were removed instantly, with no traces. None. Do not try all this other crap or even the manual method if you are not too computer-savvy. SDFix does the entirety of the job.

MKhan
#35. November 14th, 2008, at 3:57 PM.

Two of our computers got it. I looked at our proxy server and the computers had downloaded a installer.exe file from av-pro-2009.com. It had a red x logo on the task bar warning that the computer was infected. When clicked it brought up antiviruspro2009 scanning the computer. I couldn’t uninstall it from add/remove control panel. It would not allow any other antivirus or antispyware software or tool to run. So, here is what I did to fix it:
1. I blocked the website from my proxy server.
2. I killed the brastk.exe and any other antiviruspro2009 processes.
3. Deleted these files and folders from ‘program files’, windows and windows\system32 directories.
4. Restored PC to a pre-infection date to restore registry.

Jeff
#36. November 18th, 2008, at 9:16 AM.

I now have a black screen. Windows won’t load. I have malwarebytes and it wouldn’t run, nor would my mcafee antivirus. I downloaded stopzilla and was told to reboot. When I did, I got a mouse pointer with a black screen. Luckily I have a 2nd hard drive. How can I get my original HD up and running from a black screen? This antivirus 2009 is a killer. Thanks.

Lauren
#37. November 18th, 2008, at 5:22 PM.

If you find these sites that start the download of this virus, ping the site and look it up at a dns lookup site, then report it to the ISP’s so that they can get it shut down. These are the companies that should be taking responsibility. Usually they have these sites shut down within a few hours.

John
#38. November 19th, 2008, at 10:42 PM.

AVAST
I tried everything. It was bad. I found the files (they had different names as I think the virus has been updated significantly since June) but could not manually delete them because the would not let me have “full” permission with the file. Anyhow Cnet recomended this from an old article and it worked awesomely, I did a startup scan, and it just blocked it twice after it cleared it out.

http://www.avast.com/eng/download-avast-home.html

The virus wouldn’t let me load helpful web pages, so I had to use the CACHED feature on google. It wouldn’t let spyhunter install, ad-aware wouldn’t kill it. I was at my wits end. I tried to delete the virus in command prompt on start up and it said access denied , CRAZY

——______———
#39. November 21st, 2008, at 4:46 AM.

it’s.not.working.
all the programs recommended to delete this WON’T DOWNLOAD.
it won’t let me go to the helpful websites and redirects me.
it makes my internet sooo slow DD:

i seriously don’t want to delete all the files on my computer or anything but ARGH. stupid virus -.-;;

jason
#40. November 23rd, 2008, at 11:22 AM.

yes antivirus 2009 invaded my system i have windows vista and it got by my kasperksy antivirus protection it di not alarm me or in anyway let me know i had been invaded why is that i was lucky enough that somone walked me through removeing this from my computer.
Why did it get passed my kaspersky antivirus.

Yuvia
#41. November 24th, 2008, at 12:43 PM.

Thank you, thank you, thank you! I was totally freaking out with this thing! I have removed the antivirus2009 from my system and I am a happy camper now! Thank you so much!!

amber
#42. November 24th, 2008, at 5:40 PM.

Antivirus 2009 invaded my system and i cannot connect to the ethernet on the admin side, but i can on the non adminside and we tried giving admin rights to the other side and taking them away from the admin but antivirus 2009 followed and is only attacing the side with admin rights please help.

Frank
#43. December 3rd, 2008, at 7:37 PM.

For those who are having trouble updating your anti-spyware and anti-virus programs, here is a solution that worked for me.

This particular virus was bundled with a hidden process named “TDSSserv.sys” It’s a serviceserver that re-directs all software updates to 127.0.0.1 (your own computer) so that nothing will update.

What you need to do is go to Start, Control Panel, System, Hardware, Device Manager, Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”.

Right click on it, and select “Disable”.

Note If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Now people will be able to update and use their programs and delete the virus. I used Malware Bytes’

-Frank

Rebecca
#44. December 5th, 2008, at 5:55 PM.

Frank, you saved my computer and my mind.. I have been battlin this d**g program all week… I did as you said and used the malware bytes already on my system.. Got it off there.. I could kiss your toes : )…. I have never come across a program like this… It went so far as to shut down my system restore.. I conuldnt go to any websight that had a download to help get rid of it… It was smart…
I hope people read all the way to the bottom… Frank is right on the ticket and it is sooo easy…
Again thanks Frank….
Lady Rebecca

Robert
#46. December 6th, 2008, at 10:45 PM.

Hello all,

I’m a technician by trade and I have to warn everyone on this forum. These steps DO NOT REMOVE ALL TREATS!!! I’ve got 2 machines in my shop right now and yes I have by removed Antivirus 2009’s GUI the trojans it downloaded are still present upon repeated monitoring. They are not removable!!! They simply dublicate themselves upon attempted removal.

I’m preparing to establish a Master / Slave scenario with the Master as a Linux box and the slave the corrupted Windows Hard Drive.

PLEASE DO NOT TAKE CHANCES.

Remove your files, reinstall windows and all your applications. However, first (ON A NONE INFECTED) PC go and change your passwords esp. your bank accounts.

I should be noted that as of today almost 1.2 million US PCs are registered as infected and it is documented that Microsofts latest patch has mostly failed to remove this MESS.

All I’m trying to say is BE CAREFULL, THIS THING AND IT’S ASSOCIATE TROJANS STEAL IDENTITIES.

REINSTALL WINDOWS, it is not worth the risk you all are taking!!!

Rudy
#47. December 8th, 2008, at 12:33 AM.

Frank, I can not find “TDSSserv.sys.”when in “non plug and play drivers” HELP!!!!!!

Steve
#48. December 8th, 2008, at 10:34 PM.

To Caleb post #24, the instructions state to unregister the .dlls and also to delete them. The shlwapi.dll is a library which contains functions for UNC and URL paths, registry entries, and color settings. This is part of the reason for being redirected to other sites as well as certain settings changing. wininet.dll is a module that contains many different internet functions, like all DLL’s, many of them are used to share functions for various applications. In this case, Windows uses the wininet.dll for various internet related functions. If you delete these files. Deleting these should not cause a computer from not booting. The manual removal process may not work possibly because there seems to be many variants of this infection out there. I certainly endorsed MalwareBytes as a possible cleaner, in fact SuperAntiSpyware works well too but I find NOD32 AV/AS being an excellent tool for removal and protection. I suggest using a least 2 Anti-Malware programs and 1 good Anti-Virus program. I have still run into instances where nothing I do works to remove this infection so a reinstallation of Windows is sometimes necessary. Don’t forget to backup your data first!! Steve

Candice
#49. December 8th, 2008, at 10:46 PM.

How do I call these people to get my money back!

Chicleboricua
#50. December 8th, 2008, at 10:56 PM.

It didn’t work for me. My sytem slowed down until I wasn’t able to run any processes. It left my system open for a virus and hackers which stole my passwords to several of my accounts. I had to reset my computer to manufacturer specs. I was unable to create a backup and lost everything. What makes matters worst it is finals week and I have to do everything from scratch.

Suzi
#51. December 9th, 2008, at 11:00 AM.

I have the Antivirus 2009 and have been battling it for a week. I got rid of it with Malwarebytes but when I rebooted it came back. It actually shuts down my system and none of my process work anymore. Can anyone tell me whatelse I need to do to get rid of this virus?

really stupid
#52. December 13th, 2008, at 2:45 AM.

Yes, does anyone know how to get the money back, I was also freaking out because I had several papers that I needed to turn in that week, so I bought it thinking it was my only way. I e-mailed them and they gave me another e-mail to contact their billing company, that was two weeks ago, have not heard from them yet. Any ideas? I would really appreciate any input. thanks

pr0spa
#53. December 14th, 2008, at 10:08 AM.

This “antivirus2009″ program has completely shut off any updating of antiviruses and also windows update on the computer i am working on, but after reading this thread i think (only just done this) it might have fixed a good portion, if not all of the problem but i thought i’d leave the log file here just incase anyone had some use for it, there may be something there to help people fix this in the future! :) Thanks for the help!

Malwarebytes’ Anti-Malware 1.31
Database version: 1499
Windows 5.1.2600 Service Pack 3

14/12/2008 14:01:54
mbam-log-2008-12-14 (14-01-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 88403
Time elapsed: 38 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f852db79-6ac6-4b40-a678-bf98986f4f01}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f852db79-6ac6-4b40-a678-bf98986f4f01}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f852db79-6ac6-4b40-a678-bf98986f4f01}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{f852db79-6ac6-4b40-a678-bf98986f4f01}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.101;85.255.112.8 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\data (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\AntivirusPro2009 (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\AntivirusPro2009.cfg (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\data\daily.cvd (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.lnk (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

pr0spa
#54. December 14th, 2008, at 11:51 AM.

I still can’t update anything after the above^ But like it says, Malwarebytes’ Anti-Malware 1.31 deleted a good portion of Antivirus2009…

I’m running:
spybot s&d - Won’t update
avg free - Won’t update
Windows updates - Redirects to msn.com
Cannot install windows defender, as it also redirects to msn.com
The computer also shuts down randomly quite often and Mozilla Firefox as well as Internet Explorer both redirect to sites after google searches, say for example i found this site on gogle, click the link it would go somewhere else. There must be a lot that Malwarebytes hasnt found as of yet. If anyone has any ideas of how i can at least get the windows updates back up ‘n’ runnning i would really appreciate that! :)

phttraveler
#55. December 18th, 2008, at 9:04 AM.

I had the antivirus 2009 popup infection (I did not click the window). I had McAfee updated and running at the time. With the infection, McAfee runs crippled, Windows update disabled, regedit disabled. Ad-Aware runs. Spybot, Combofix, Malwarebyte all would not run. Avira system recover CD worked for some, but not in my case. I was able to run Spyhunter (dl from another computer, transfer to infected PC via flash drive), which detected a root tool kit, and disabled it, rebooted my PC. After that, I was able to run Malwarebyte mbam and spybotsd which seemd to remove the virus. Free Spyhunter wil only detect, not fix. But it disabled the virus enough for me to run the other software.

I also saw on a different thread on Malwarebytes forum that it is TDSSserv hidden driver that is thr trojan. I looked at my PC, and it was disabled, probably by Spyhunter. Instructions at:

http://www.malwarebytes.org/forums/index.php?showtopic=7718&hl=antivirus+2009

Jester
#56. December 21st, 2008, at 10:00 PM.

Actually, if u will encounter AV2009 on your computer, pls call microsoft customer service at 1800 936 5700. There is a free technical asisstance in removing this malware and some other viruses.

I’m working with microsoft…

LongT
#57. December 23rd, 2008, at 2:36 PM.

To all my friends out there. The thing that finally worked for me, and I tried everything I knew, including some of the suggestions here, was running XoftSpySE, which found all of the infected files and .exe. And deleted them. It was worth the $30.

St
#58. December 28th, 2008, at 12:24 PM.

To all, this is a bad Trojan now as someone has manipulated it to contain variants of Haxdoor. There is NO easy way to get rid of it. Deleting some of the .ddl files as indicate will ruin your computer for a novice user, be careful. Panda Software has a program called Activescan and also they give a 30 day free trial @ pandasoftware dot come. This will kill most variants and shut it down. I ran a window cleaner right after the quar to make sure it was clean in the temp files too. It has come back a lot of both Fox News and CNN news lately I am hearing in different forums. It also is starting to kill network processes making it difficult to bypass and fix. I suggest using a friends PC to download panda and a free window cleaner online. Good luck.

zp
#59. December 29th, 2008, at 9:53 AM.

I’ve a question.. i downloaded internet explorer 7 and google chrome. when i used internet explorer 7 i got a virus, i dont know if it was during the download. then i uninstaled the internet explorer 7, and i kept the normal internet explorer. when im using chrome, everything is ok, but when i open internet explorer, a pop up opens saying.. bla bla install antivirus 2009 bla bla.. i never installed this but i dont understand how to delete that pop up that is always coming out! some can help me?

Alex
#60. December 31st, 2008, at 4:29 PM.

I got the “Antivirus 2009″ malware by donwloading a free decoder for my windows player. When I downloaded the presumable healthy decoder I got all the junk files that attacked the Security Center in Windows.
The virus is so malignant that it did overwrite my user security setup configuration (like accepting cookies and seceurity level of explorer and the internet policies). It did also screwup the IEXPLORER so that it was practically impossible to run a browser session.
Since you are here, you must be a victim of the AV bug.
To fix thie anitvirus 2009 for free, do as follows:
1) google the “malwarebytes” site and download the anti-Malware scanner:
2) download the anti-malware setupfile nameb mbam-setup.exe in a local directory. This is free
3) click on the file and install the anti-malware file
4) run the full scan (may take a long time depending on how much used disk space you are scanning
5) if during the run you see that objects are infected ( the antivirus 2009 will have many of them specially in the Windows/system32 and in the registry area) it means the scanner is finding the malware
6) At the end of the scan remove all the infected files.
7) the anti-malware scanner will reboot the system .
8) I suggest to run the scanner again after booting and make sure there are no additional infected files.

Good luck and I hope this helped you.
Alex

prijeesh
#61. January 1st, 2009, at 1:29 AM.

thanks. I wasnt able to update any of my antivirus program and cant install spybot. now after this i can install spybot. thanks

kevin
#62. January 2nd, 2009, at 2:57 PM.

I have the AV 2009 and something called “Searchinspace”, which comes up when i do searches. Anybody heard of it? Or, is it part of the AV2009 ?

Tom
#63. January 2nd, 2009, at 3:32 PM.

Used Avira Antivirus last night to remove Antivirus 2009. As a result no popups or fake windows professional screen prompting me to update my antivirus after running free software. Trend Micro (purchased last week) is my antivirus of choice but did not have the patch to fix and I complained via email support this morning Jan 2. with no response yet. Anyway, this rogue popup has been one of the most difficult for me to eradicate and I am helpless when doing this sort of thing manually. Good luck.

Saffer
#64. January 3rd, 2009, at 4:26 AM.

I am running Windows XP, so will all thes ips help me get rid of Antiviru 2009.I have been into the registry already and deleted all antivirus files???but still getting all these pop ups and its driving me CRAZY.I am also running Malwarebytes..it finds the threats i belete them and they are still coming back.
Should i re-install Windows? Do I have to back up all my documents onto a Scandisk or another harddrive first.

nick
#65. January 3rd, 2009, at 8:33 AM.

I followed FRANKS suggestion (#43) it worked well and allowed me to finally run Malwarebytes and update Norton which were being prevented from opening.

I could then scan and remove this virus.

Cheers Frank you’re a star.

These Virus writers need to be lined up against a wall and shot!

penscomps
#66. January 5th, 2009, at 10:14 AM.

The problem with this particularly nasty piece of malware is that it often ends up installing other malware, so even if you rid yourself of it, you may still miss something else. Sure, you can try all of these suggested fixes, but even if your computer appears clean it can still become reinfected by something you missed. As others have stated, the only guaranteed way to make sure you have a clean system is to wipe your drive and reinstall Windows, while this may be a pain to do, in the end you will probably end up spending less time (and a whole lot less worrying) if you reinstall than trying to remove this, only to have it reappear, or something else just as nasty. If you do backup things and put them back on a fresh install of Windows, make sure you scan them first before copying them back, and I would highly suggest not copying back any executable files that may contain the virus.

doubledipp
#67. January 10th, 2009, at 10:40 AM.

antivirus2009 is very nasty! I tried everything still could not get it to go away, Then I got it , SPYNOMORE! WORKED LIKE A CHARM. Down loaded spynomore,got the update paid the $29.99 for 1lic and it wiped it out. Then I restored my coumputer back to the state it was before the antivirus2009 got there.

Sean BADEN
#68. January 12th, 2009, at 4:57 AM.

WHY IS GOOGLE tied into Antivirus2009?!!! Keeps promting me!

Danke für die Idee, UTF8 durch reduzierte Zeichensätze zu ersetzen — aber da Ubuntu nichts anderes als UTF-8 unterstützt, begäbe ich mich auf dünnes Eis, würde ich da jetzt herumzuwürgen beginnen. Immerhin hängen auf dem Server ein paar Websites und ich möchte nicht auf einen Rechen treten… Wobei ich mir nicht wirklich vorstellen kann, dass irgendein Programm heute nicht UTF-8 unterstützt — und wie XCOM meint, ist de_DE.utf8 schon nicht so verkehrt.

Sean BADEN
#69. January 12th, 2009, at 4:58 AM.

WHY IS GOOGLE tied into Antivirus2009?!!! Keeps promting me!

Danke für die Idee, UTF8 durch reduzierte Zeichensätze zu ersetzen — aber da Ubuntu nichts anderes als UTF-8 unterstützt, begäbe ich mich auf dünnes Eis, würde ich da jetzt herumzuwürgen beginnen. Immerhin hängen auf dem Server ein paar Websites und ich möchte nicht auf einen Rechen treten… Wobei ich mir nicht wirklich vorstellen kann, dass irgendein Programm heute nicht UTF-8 unterstützt — und wie XCOM meint, ist de_DE.utf8 schon nicht so verkehrt.
Sean BADEN Germany

XxR1CHARDxX
#70. January 16th, 2009, at 6:09 PM.

i tried franks solution #43 this worked fine it seems to be gone i also used malwareytes thanks frank!!!!!!!!!!!!!! ;D

Richard
#71. January 21st, 2009, at 6:21 PM.

AV 2009 is the worst! As an IT professional, I have seen this MANY times and I cringe everytime! It is a PAIN to get rid of!!!! Here is what usually works…

1. Download Malwarebytes and CCleaner onto a USB drive from a NON-INFECTED computer.
2. Install and run the program in Safe Mode with NO network support (no internet connection in or out).
3. Reboot into Safe mode again.
4. Run MWB again and remove any other threats.
5. Run CCleaner and the Registry cleaner functions until nothing new is deleted.
6. Go to “Tools” and “startup” in CCleaner and delete Bad start-up keys.
7. You can re-start Windows normally.
8. Open MWB again, run updates and Do Full Scan…Hopefully nothing new is found :)
9. Update Widnows and get a GOOD AV program!!!
10. Stop downloading bad things!! lol :)

Karen
#72. January 24th, 2009, at 8:04 AM.

I Downloaded Malwarebytes and it didnt work for me! :( I’ve tried unplugging my internet and reinstalling but it still doesnt find the stupid 2009 virus. I keep getting popups.. Help!

shawn
#73. January 24th, 2009, at 1:22 PM.

i have been victamized my this scam so i will urge others to be on the watch for this malicious program and save people a lot of money.

DLCook
#74. January 27th, 2009, at 5:13 PM.

Thanks for your help, I downloaded Malwarebytes and so far i seems to have worked.

PCFloyd
#75. January 27th, 2009, at 8:22 PM.

Malwarebytes Rocks! Removed those SOB’s (stuck on browsers). Tried looking manually for bad reg keys, ex file bla bla. Downloaded Free Malwarebytes, ran zap done!

cecille
#76. February 5th, 2009, at 7:49 PM.

my computer is full of viruses..maybe its going on..knockdown…huhu its so sad pls help me..also my yahoo messenger i dnt know wjhat happened with them..help me pls,,tnk u…

cecille
#77. February 5th, 2009, at 7:50 PM.

help my laptop full of viruses

Reno Computer Repair
#78. March 8th, 2009, at 1:58 PM.

Very cool,

Most just tell you to download this or that program.

I like that you showed how to unregister the .dll the virus uses.

Jim
#79. March 9th, 2009, at 7:28 PM.

I just down loaded the Malwarebytes, scanned my system, removed or quarantined 20 problems. So far so good. Can’t anybody stop these people?

joan
#80. March 16th, 2009, at 1:06 AM.

i too was attacked by the antivirus 2009 (360) it took over my computer even blocking websites that told you how to get rid of it. well 75 dollars later my pc is fine, but the thing pops up every day tring to do the same thing. cant people sue this company for what they do there has to be a way to stop it. all i can say is if you get it good luck with getting rid of it

????? ????
#81. April 12th, 2009, at 7:27 AM.

im using N.A.V. at the moment but will definitely look onto nod32…i’ll be honest….up untill

reading these posts i’d never heard of nod32…i’d relied on NAV due to what i’d read in pc

mags…will look more seriously at nod32 and will report back…

saW
#82. May 21st, 2009, at 6:37 PM.

I now have a big sreen. Windows won’t load. I have malwarebytes and it wouldn’t run, nor would my mcafee antivirus. I downloaded stopzilla and was told to reboot. When I did, I got a mouse pointer with a black screen. Luckily I have a 2nd hard drive. How can I get my original HD up and running from a black screen? This antivirus 2009 is a killer. thank

saW
#83. May 21st, 2009, at 6:41 PM.

busheet for every computer look onto nod32…i’ll be honest….up untill

reading these posts i’d never heard of nod32…i’d relied on NAV due to what i’d read in pc

mags…will look more seriously at nod32 and will report back…

athol
#84. July 16th, 2009, at 8:07 AM.

I Cleaned antivirus2009 from xp pro by disconecting from the internet by removing the conncetion from the pc and running avg free 8.5.385. it removed av2009 but there were some warings about ie08 and xp that i canceled. when the dialog boxes apeared i clicked cancel.

tashi
#85. August 30th, 2009, at 5:00 PM.

yes they should be sued. i was infected and it took me almost 2 days of researching everywhere..one thing it does is it does not allow u to open any browser like mozilla or ie..try browsing through safari, download malware antimalware, you might have to rename it to .com instead of having .exe coz it wont let u run any .exe, run ur antimalware and do a full scan, will remove everything. the problem i have is that it still comes in once a week. the best way for me so far is that, to open up end task, and go to process and delete the antivirus pro that has been installed and the other thing that u need to delete is svchast.exe. please do not delet svchost.exe those u need it atleast thats what i think. “notice it is svchast”. I am no expert but this has helped me, its still a pain in the ass