NoVirusThanks Blog » av2009 http://blog.novirusthanks.org Security News and Malware Analysis Wed, 01 Feb 2012 13:34:38 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 How to remove Antivirus 2009 http://blog.novirusthanks.org/2008/10/antivirus-2009-rogue-software/ http://blog.novirusthanks.org/2008/10/antivirus-2009-rogue-software/#comments Thu, 30 Oct 2008 12:59:34 +0000 admin http://novirusthanks.org/blog/?p=86 Antivirus 2009 is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim.

 

Once your computer is infected with this parasite, it will immediately displays security warnings, alerts and system scans stating that your computer is heavily infected. These warnings are all false and are only displayed to make you think your computer is truly infected and that it is necessary to buy the full version of the software to remove the so-called infections.

 

Make sure to not fall in this scam, if your computer is infected with Antivirus 2009, it is recommended to remove it immediately and to scan your system with a real security software.

 

Symptoms of infection

 

  • The process av2009.exe is running in your system
  • The process ieupdates.exe is running in your system
  • Slow computer performance
  • Repeated security warnings, alerts and system scans
  • Web sites that suddenly are shown on your desktop

 

Malicious web sites and urls:

1
2
3

online-antivirus.net
antiviruspersonaltest.com
bulkwatcher.com

Internet traffic on port 80:

1
2
3
4
5
6
7
8
9
10

GET /2009/100/freescan.php?id=880799 HTTP/1.1
Referer: hxxp://online-antivirus.net/
Connection: Keep-Alive
Host: antiviruspersonaltest.com
 
GET /2009/download/trial/A9installer_880799.exe HTTP/1.1
Referer: hxxp://online-antivirus.net/
Range: bytes=69796-
Connection: Keep-Alive
Host: antiviruspersonaltest.com

When the program is executed, it creates the following files:

1
2
3
4
5
6
7
8
9
10

%UserProfile%\Desktop\Antivirus 2009.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009
%UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
%ProgramFiles%\Antivirus 2009
%ProgramFiles%\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\WINDOWS\system32\scui.cpl
c:\WINDOWS\system32\winsrc.dll

The program creates the following registry entries:

1
2
3

HKLM\SOFTWARE\Av2009
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Av2009
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ieupdate

How to remove Antivirus 2009 (manual removal) ?

 

  • Kill the running process av2009.exe
  • Kill the running process ieupdates.exe
  • Unregister all the Antivirus 2009 DLLs
  • Delete all the Antivirus 2009 files
  • Delete all the Antivirus 2009 registry entries

 

How to remove Antivirus 2009 (automatic removal) ?

 

]]> http://blog.novirusthanks.org/2008/10/antivirus-2009-rogue-software/feed/ 0