Antivirus 2009 Spyware Scam
Recently more are the rumors of computers getting infected with the annoying spyware called Antivirus 2009. basically this is a scam of software that install itself on your computer and then bombard you with pop-ups and alerts like the image below:
in the worst case scenario, this spyware will disable the registry, task manager, and any system configuration tool, making your efforts of removing the spyware very hard, sometimes unsuccessful.
If you haven’t got the spyware yet, I recommend running a software like spywareblaster. spywareblaster blocks websites that are infected with spyware or any other malicious code, so they don’t get installed on your computer.
setting up spywareblaster is very simple, just download it from the link provided above, install it, and run it. once it comes up click on the updates button, and check for updates. click on the protection status and on the links below click on Enable all Protection. that’s it.
now, if your computer has gotten infected with the spyware follow this instructions.
1. Disable System Restore this will prevent windows from backing-up any infected files to system restore. after you disable the system restore go to the registry by typing regedit on the RUN command. if the regedit is disable, ( you get a warning saying the registry access has been disable by the administrator) download and install this tool from symantec that will enable the registry again: Enable Registy ( right click on the link and save the file to your desktop) right-click it again and click on install.
now you should be able to open the registry, Navigate to and delete the following registry entry:
HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Run\”[32 RANDOM NUMBERS]” = “C:\Program Files\Antivirus 2009\av2009.exe”
- Navigate to and delete the following registry subkey:
HKEY_CURRENT_USERS\Software\[32 RANDOM NUMBERS]
exit the registry and reboot your computer.
after the computer is rebooted do a complete scan for spyware on your computer using Malwarebytes. download and install the software from here http://www.malwarebytes.org/mbam.php make sure you update the software:
after the software is updated, perform a full scan. after the scan is done, remove whatever spyware the software finds. reboot the computer if necessary. that should take care of antivirus 2009 scam.
Related Posts
4 Comments »
Leave a comment
If you want to leave a feedback to this post or to some other user´s comment, simply fill out the form below.
There is no way to really track what Spywareblaster is blocking – they should have a section that shows what has actually been blocked to know it is working.
I get to the registry, but it doesn’t let me delete the files:
HKEY_USERS\S-1-5-21-1172441840-534431857…..
(Cannot delete : Error while deleting key.)
Then the virus system alert comes back up.
Any recs to get around this or am I hosed?
Hi Kris. Most likely the virus is disabling write permissions in your computer. There is a script that re-enable permissions in the registry, search in this blog for it. Let me know if you need further help, I might be able to help through email.
Regards,
Nelson
I had a friend come over to combat spyware thwarts (which included massive porno background display as well as disabling me from using my Dell). He installed ESET. Things seemed to be ok for a couple days, but …
I was still having Dell printer problems, called support, and they kept me on phone for 3 hours via India. Looks like they actually installed undesired spyware, charged me $140 tried getting me to buy more warranty on windows software and never actually fixed printer, still not working. You might think I’m stupid (sort of
but this was my husband’s computer. He died last year and I’m trying to use his elaborate (to me) technology. I might be too 20th century; kind of easily duped and don’t know shite from shinola.
Printer has popups to get me to buy toner and won’t function, and hey I had already bought and installed the effin toner.
Janis