This is probably one of the sneakiest Trojans I’ve seen; it masks itself as an anti-virus and then infects your PC, absolutely brilliant!

Antivirus 2009 Technical Details

• Full name: Antivirus 2009, Antivirus2009
• Version: 1.0
• Type: Rogue anti-spyware
• Origin: Russian Federation, Ukraine \ http://antivirus-2009.com, http://antivirus2009-scanner.com, http://antivirus-database.com, http://antivirus2009professional.com

I’ve seen people’s PCs infected with this Trojan since the second half of 2008 (when it was still called Antivirus 2008) and later in December when it was called Antivirus 2009, another horde of infections took place that I know of. It always amazes me how gullible some people are, I mean installing a piece of software that calls itself Antivirus 2009 while it’s still 2008.

The typical place you’ll pick up this Trojan is on “adult” sites (which will prompt you to install a codec before you can see videos of naked scammers), on sites promoting piracy through making cracks available online as well as through third-party advertisers (on reputable sites) who will advertise this Trojan as a genuine anti-virus. Also on fake youtube sites or a couple of scammers on facebook are also promoting it (mostly users pretending to be females between the ages of 20 and 25 dressed in skimpy clothes who will then add you and send you a link to their webcam which will then contain a popup or something similar trying to sell you this crap).

I wonder if stats are available as to what the ratio of infections are between male and female computer users?

First it will tell you that your PC is infected, click for a free scan, then it will install a trial-version which will install other spyware on your PC and then it will blackmail you (with frequent popups ) into paying them $50 for the full version in order to remove the “detected” spyware.

Microsoft claimed that it removed nearly 400 000 such infections in December 2008 over a period of 9 days. Such has been the success of these scams that several of the fake programs have become infamous. WinAntiSpyware, Antivirus 2008 (recently updated to 2009), Antispyware Pro XP and AntiVirus Lab 2009 are all suspect, and no doubt others will soon emulate them.

If your browser redirects you to an online security scanner by Antivirus 2009 without a prior visit to one of its websites, it’s a good sign that your browser is hijacked by the Antivirus 2009 hijacker. If you can run an Antivirus 2009 system check, you’re also infected, best to kill it before it infects your PC any further and makes it any slower.

Remove Antivirus 2009 files and dll’s

av2009.exe
Antivirus2009.exe
shlwapi.dll
wininet.dll

Unregister Antivirus 2009 registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
“Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe”
HKEY_CURRENT_USER\Software\Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus

 

When you’re done burning down the Trojan horse, install a proper anti-spyware and anti-virus to take care of the remaining rubbish installed by Antivirus 2009, a good anti-virus I’d recommend is Avast Antivirus Home Edition (it’s free, all you have to do is register it online) and get yourself a copy of Spybot Search and Destroy (also free with an optional donation if you want to donate to their organisation) or get Linux :p

Related Posts

• 19 January 2008 -- GMail to Outlook is Easy, Outlook to Gmail just as Easy (0)
• 7 July 2009 -- Associating Files From Command Line In Windows (5)
• 2 January 2009 -- Microsoft Pay-Per-Use Patent (3)
• 16 February 2008 -- Geeky Quotes (6)

Tags: 2008, 2009, Anti, PC, Spyware, Trojan, Virus, Windows

This entry was posted on Monday, January 5th, 2009 at 10:39 and is filed under Scams, Techno Blabble, info. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.