Many computers are getting infected with the annoying spyware called Antivirus 2009. basically this is a scam software that install itself on your computer and then bombard you with pop-ups and alerts like the image below:
in the worst case scenario, this spyware will disable the registry, task manager, and any system configuration tools making your efforts of removing the spyware very hard, sometimes unsuccessful.
If you haven’t got the spyware yet, I recommend running a tool like spywareblaster to block infected Internet sites.
setting up spywareblaster is very simple. just download it from the link above, and install it. when you open it for the first time, click on the update button to check for updates. then click on the protection status and then click on the Enable all Protection link. that’s it.
if your computer is already infected with spyware follow this instructions.
1. Disable System Restore. this will prevent windows from backing-up any infected files to system restore. after you disable the system restore go to the registry by typing regedit on the RUN command. if the regedit is disable, ( you get a warning saying the registry access has been disabled by the administrator) download and install this tool from Symantec. this tool will enable the registry again: Enable Registy ( right click on the link and save the file to your desktop) right-click it again and click on install.
now you should be able to open the registry. navigate to and delete the following registry entry:
HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Run\”[32 RANDOM NUMBERS]” = “C:\Program Files\Antivirus 2009\av2009.exe”
- Navigate to and delete the following registry subkey:
HKEY_CURRENT_USERS\Software\[32 RANDOM NUMBERS]
exit the registry and reboot the computer.
after the computer comes back from the reboot, do a complete scan for spyware on your computer using Malwarebytes. download Malwarebytes from this link http://www.malwarebytes.org/mbam.php after you install it, make sure it gets updated:
run a full scan of on your system files . after the scan is complete, remove whatever spyware malwarebytes finds. reboot the computer if necessary. that should take care of antivirus 2009 scam.
There is no way to really track what Spywareblaster is blocking – they should have a section that shows what has actually been blocked to know it is working.
I get to the registry, but it doesn't let me delete the files:
HKEY_USERSS-1-5-21-1172441840-534431857…..
(Cannot delete : Error while deleting key.)
Then the virus system alert comes back up.
Any recs to get around this or am I hosed?
Hi Kris. Most likely the virus is disabling write permissions in your computer. There is a script that re-enable permissions in the registry, search in this blog for it. Let me know if you need further help, I might be able to help through email.
Regards,
Nelson
I had a friend come over to combat spyware thwarts (which included massive porno background display as well as disabling me from using my Dell). He installed ESET. Things seemed to be ok for a couple days, but …
I was still having Dell printer problems, called support, and they kept me on phone for 3 hours via India. Looks like they actually installed undesired spyware, charged me $140 tried getting me to buy more warranty on windows software and never actually fixed printer, still not working. You might think I'm stupid (sort of
but this was my husband's computer. He died last year and I'm trying to use his elaborate (to me) technology. I might be too 20th century; kind of easily duped and don't know shite from shinola.
Printer has popups to get me to buy toner and won't function, and hey I had already bought and installed the effin toner.
Janis