Antivirus 2009 is a fake antivirus program! Get rid of it NOW!! FREE From AtA!
Written by Karl L. Gechlik | AskTheAdmin.com on August 12, 2008 – 9:39 am -
So you have seen the screen above? Or Maybe it is titled AntiVirus 2008 (Antivirus2008) or Doctor Antivirus. Who knows maybe there are new variations replicating as we speak. But whatever it is called be aware that this program is a SCAM!
THEY infect your machine with this malicious program that “Tells You” that you are infected and about possible security issues. The only thing you are infected with is their crappy software! The BSOD it produces is just a simulation and according to reader AstroMan you can
“hit ALT+F4 to make the fake-BSOD disappear.”
Continue reading to see how we can use FREE software to remove your problems and not shell out money to these two bit technical hoodlums!
Antivirus 2009 does this to your Windows Security Center (Maybe if their grammar wasn’t as bad people would fall for it hehehe…):
and you see other errors popping up like these:
Now how to remove Antivirus 2009 for free without getting extorted.
Download MalWareBytes Free software from here. This is the free version. Feel free to buy the full version but for this exercise it is NOT necessary.
Install it, update it, run it in the quick scan mode. And let it do it’s thing. Unplug the machine from your network after downloading the updates for MalWareBytes.
After some time (It took us ~20 mins) the scan will complete and you will see a screen like this:
Click Show Results.
Click Remove Selected.
Run the mouse over the evil icon on the system tray and watch it disappear - very satisfying. I then reboot the machine and throw Macafee into what I call Panic Mode and lock everything down for the rest of the day to make sure we got it. Plug your Ethernet cable back in and call it a day. For the more security conscious install zone alarm on the machine and monitor connections (or a net stat -a) to see what is really going on!
Fellow Blogger ElDiPablo just updated us here that if you do indeed enter your credit card information to “Purchase” this piece of crap you will get back an email that your card is invalid… Please try another card. Over and over and over again…. Can you taste the fraud?
Posted in How To |
By TheLocalAdmin on Aug 12, 2008 | Reply
Finally! A solution. I have been running into this piece of malware on client computers for months! Not exactly the way I got rid of it but your way looks easier. It is so convincing until you see the terrible grammar.
Karl L. Gechlik | AskTheAdmin.com Reply:
August 12th, 2008 at 12:05 pm
I am not the only one who has seen this in the last 48 hours on a single machine inside a secure network…
They are slowly and silently plotting. Be on the look out kiddies!
By El Di Pablo on Aug 12, 2008 | Reply
Great minds think alike! It’s funny how we both wrote the same thing today.
http://www.bauer-power.net/2008/08/fighting-antivirus-xp20082009-malware.html
Anyhoo, I have found that our client machines where the users don’t have local admin rights didn’t get hit as hard as those that do for obvious reasons. On one machine where the user had local admin rights this little bit of nasty really tore up the machine. Thank God for MBAM!
-EDP
Karl L. Gechlik | AskTheAdmin.com Reply:
August 12th, 2008 at 12:33 pm
Is it funny… Or is it a sign of impending doom?
Nah it’s probably funny. :)
This isn’t as bad as the Russian Extortionists that encrypt your hard drive and try to get $500 for the encryption key!
Have you seen that one?
El Di Pablo Reply:
August 12th, 2008 at 12:50 pm
No, haven’t seen that one yet (Thank God!). Speaking of Russians though, I was researching Antivirus 2009 on some security site, and guess what… Antivirus 2009 comes from Russia too.
Is the Cold War starting to warm up again in the cyber underground? The plot thickens :-p
By AstroMan on Aug 12, 2008 | Reply
OMG !! I’ve seen this crapware on one of my Citrix Server this morning (baaaad…)
I used Spybot S&D to clean it. No problems since.
But thanks for the post ;)
El Di Pablo Reply:
August 12th, 2008 at 12:52 pm
Spybot was effective for you? In my case: http://www.bauer-power.net/2008/08/fighting-antivirus-xp20082009-malware.html
Spybot got some of it, but not all of it. I use Malwarebytes to get rid of the rest.
Karl L. Gechlik | AskTheAdmin.com Reply:
August 12th, 2008 at 1:17 pm
Hey Astroman - Just like EDP Said SpyBot S&D Doesn’t get all of it. Watch out that your machine isn’t now a SMTP server peddling this crap to others!
It is a free download and pretty painless. I would do it to be on the safe side!
AstroMan Reply:
August 13th, 2008 at 3:14 am
You’re right guys ! I downloaded and ran Malwarebytes and it’s OK now.
Thanks !
By AstroMan on Aug 12, 2008 | Reply
Karl, don’t forget to say that this spyware simulate a windows XP reboot and a blue screen. Just hold ALT+F4 to make the fake-BSOD disappear.
Karl L. Gechlik | AskTheAdmin.com Reply:
August 12th, 2008 at 1:18 pm
I didn’t know that! So it is just an image of a BSOD?? Ha!
Gotta love those scammers!
Sieyk Reply:
August 19th, 2008 at 1:36 am
lol i figured it was fake when it showed the restarting screen, at thi time i was scared but then i realised it wasnt a real restart screen, also, and this made me lol, i was playing the sims 2…well becoz sims 2 rocks…and i noticed there was 1 quarter of the screen that my mouse disappeared when my mouse rolled over it, and i minimized it and i saw that 1 quarter of my screen had the BSOD and i was like wtf? and then it showed the restart screen, i could see everything else on the screen at the time, and when it was “restarting” NOTHING IN THE BACKROUND CHANGED and i was like hahaha what a marketing scam, also i just wanna ask 1 thing…is this thing really safe?
Karl L. Gechlik | AskTheAdmin.com Reply:
August 19th, 2008 at 8:59 pm
“also i just wanna ask 1 thing…is this thing really safe?”
NO! ABSOLUTELY NOT! Read Above!
By bench on Aug 12, 2008 | Reply
Seriously?
You guys call yourself sysadmins, and you guys have a problem removing the lamest of all lame viruses/spywares?
I am gay and like little boys as well. I guess admins can edit comments as well? Sorry Admin I love you.
Joey Admins Reply:
August 12th, 2008 at 7:32 pm
Who had a problem with it lameo? It looks more like a discussion on removal methods. Bench from Google…
Meh
Karl L. Gechlik | AskTheAdmin.com Reply:
August 12th, 2008 at 8:24 pm
Take that lamer shit elsewhere… What would you have done zapped it with your magic wand and dance around it in your tu-tu?
By NinjaAdmin on Aug 12, 2008 | Reply
Thanks for the nfo got me out of a jam quick and free. Noice!
By Norcross on Aug 13, 2008 | Reply
Wow. I just spent a weekend getting rid of this garbage on a friend’s PC. It really borked the thing up! I ended up using my USB PC Toolkit (found here: http://dailycupoftech.com/usb-drive-systems/3/ ) and it got rid of it. Very tedious, to say the least.
By John Goodman on Aug 24, 2008 | Reply
I have some files created on a machine that has apparently some degree of corruption by AV2009. It has not been on the net but about an hour, but a particular group of files created on that machine (power point or pdf) have weird behavior when uploaded for web based download. I uploaded one of the PDF files created on the machine in question to my website for the techs at our church to refer to (they are manuals on our building automation system we created).On any file created on the supect machine, when you upload them and crate a link page, whenever you attempt to download the, you get hijacked to AV2009. Only files from the suspect machine do this. When I upload files created on my office computer, using the same links page and different links of course, they load and appear in acrobat to view and download as normal. I tried another variation where I saved the powerpoint as jpegs anf then converted it to pdf. It still does the wierd redirect and hijeck when you upload it, crete a link page and then log onto my site to download that file. The affected files behave this way from any/all computers where you try to access them. Can this crap embed itself actually into a powerpoint, pdf or jpeg? Help. as my folks need these manuals and documents on line to service our equipment.
Karl L. Gechlik | AskTheAdmin.com Reply:
August 25th, 2008 at 7:51 am
http://www.asktheadmin.com/2008/08/antivirus-2009-is-a-fake-antivirus-program-get-rid-of-it-now-free-from-ata.html
Install this app on all your possibly infected machines and scan scan scan. Disconnect from the network after you update the Malware app.
Let me know if you still need assistance. May the force be with you!
By Logan on Aug 30, 2008 | Reply
I have absolutely no idea how this got on my computer, and since I don’t have admin rights I can’t download malware bites. I can’t delete it and these pop ups that come every so often will eventually get my in trouble especially how some of them are… adult materials? Someone help. PLEASE!!!
Karl L. Gechlik | AskTheAdmin.com Reply:
August 30th, 2008 at 8:31 am
Are you just a user on the machine? What is your OS?
By Maryam on Nov 11, 2008 | Reply
thanks so much! its now gone :)
By Maryam on Nov 11, 2008 | Reply
btw do u know how antivirus 2009 gets on to a computer? :S
Joey Reply:
November 12th, 2008 at 6:31 am
It is a remote exploit from various websites or downloading from P2P sites.
By rawr on Dec 2, 2008 | Reply
dont forget to TURN YOUR FIREWALL ON IF YOU HAVE IT OFF!!!!!!!
By JenniferMayers on Dec 4, 2008 | Reply
isn’t antivirus 2009 capable of blocking security programs? i think manual antivirus 2009 removal is the best choice is this situation.
By Sandi on Jan 6, 2009 | Reply
Thanks sooooooooo much for the solution to getting rid of the antivirus2009 devil. Trying to get rid of it was driving us nuts for several days until we heard about and dowloaded your MalWareBytes software ….. 20 minutes later the devil died. Thanks again!