We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Guide to How to remove Antivirus pro 2009
Browntoa
Posts: 49,611 Forumite
in Techie Stuff
had this on a laptop the other day , causing it to crash with a blue screen after about a minute , even when you cure that it will block attempts to install Malware tools or Antivirus , blocks ALL web sites and makes it 100% unusable
with a bit of help from Reluctant Spender I managed to cure by
1) booting to safe mode
http://www.pchell.com/support/safemode.shtml
2) using Msconfig in safe mode to disable almost everything on the startup tab so that it would boot up into normal mode without crashing
http://netsquirrel.com/msconfig/
3) downloaded Malwarebytes (and updates) , Spybot (and updates ) and Combifix from here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
to a USB drive but you could burn to a CD on another PC
4) rename the main installer files to something else , ie malwarebytesinstaller.exe to fixmypc.exe ans Spybot.exe to fixit2.exe and then install the programs onto the machine concerned and then apply the update files you also downloaded to them
5) Navigate to where the programs have been installed ie
c:\Program files then Malwarebytes , look for the mbam.exe file and again rename it to something else , ie fixmypc.exe and then do the same with spybot
6) run the renamed files starting with Malwarebytes and they should now run , select quick scan and then when it has finished , delete selected , and you will more than likely be asked to reboot
7) once rebooted , run the renamed Spybot file and let that remove all it finds , then reboot .
8) copy the combifix file onto the PC from your USB drive or CD and then run it , the instructions for it are in the link in post 3 , again it will do it's stuff , maybe needing to reboot at the end to delete things
9) connect to the internet and update Malware bytes via the Update tab , if it finds updates then do a quick scan again as before and delete everything it finds
10)install crap cleaner from www.ccleaner.com , install it , untick the box to install the Yahoo toolbar , then run and delete ALL it finds
11) update your installed Antivirus , or install one of the free ones , then boot to safe mode and do a full scan of the PC
reboot to normal mode , go to www.windowsupdates.com and click on express and then install any updates it finds
PC should be clean
if it's not then start yourself a thread on here for advice
ps , you will need to navigate back to the Malwarebytes and Spybot files and rename them back to what they were
with a bit of help from Reluctant Spender I managed to cure by
1) booting to safe mode
http://www.pchell.com/support/safemode.shtml
2) using Msconfig in safe mode to disable almost everything on the startup tab so that it would boot up into normal mode without crashing
http://netsquirrel.com/msconfig/
3) downloaded Malwarebytes (and updates) , Spybot (and updates ) and Combifix from here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
to a USB drive but you could burn to a CD on another PC
4) rename the main installer files to something else , ie malwarebytesinstaller.exe to fixmypc.exe ans Spybot.exe to fixit2.exe and then install the programs onto the machine concerned and then apply the update files you also downloaded to them
5) Navigate to where the programs have been installed ie
c:\Program files then Malwarebytes , look for the mbam.exe file and again rename it to something else , ie fixmypc.exe and then do the same with spybot
6) run the renamed files starting with Malwarebytes and they should now run , select quick scan and then when it has finished , delete selected , and you will more than likely be asked to reboot
7) once rebooted , run the renamed Spybot file and let that remove all it finds , then reboot .
8) copy the combifix file onto the PC from your USB drive or CD and then run it , the instructions for it are in the link in post 3 , again it will do it's stuff , maybe needing to reboot at the end to delete things
9) connect to the internet and update Malware bytes via the Update tab , if it finds updates then do a quick scan again as before and delete everything it finds
10)install crap cleaner from www.ccleaner.com , install it , untick the box to install the Yahoo toolbar , then run and delete ALL it finds
11) update your installed Antivirus , or install one of the free ones , then boot to safe mode and do a full scan of the PC
reboot to normal mode , go to www.windowsupdates.com and click on express and then install any updates it finds
PC should be clean
if it's not then start yourself a thread on here for advice
ps , you will need to navigate back to the Malwarebytes and Spybot files and rename them back to what they were
Ex forum ambassador
Long term forum member
Long term forum member
0
Comments
-
A neighbour got this, I did a Windows Repair which seemed to fix it, then it came back. They simply gave up and bought a new PC. This is actually one of the worst things that can happen to a computer currently.0
-
took me 2 days , and I know what I'm doingEx forum ambassador
Long term forum member0 -
jeez...hanx for the warning...sounds like a well-nasty little beggar
Any ideas as to the source of the infection, or was it just a random in-the-wild type one ?? Any more info would be really appreciated Mr B........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Actually, don't know if this will help, but found this list of components of the infection with a quick google search....don't know how complete it is, and I hope I never have to find out personally...but, for waht it's worth:-
Find and Stop Antivirus 2009 Processes:
av2009.exe
Antivirus2009.exe
AV2009Install.exe
av2009[1].exe
AV2009Install_880405[1].exe
AV2009Install_880405[2].exe
c:\Program Files\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
Power-Antivirus-2009.exe
AV2009Install[1].exe
ieexplorer32.exe
%PROGRAMFILES%\Antivirus 2009\av2009.exe
AntivirusPro2009.exe
Find and Unregister Antivirus 2009 DLL Files:
c:\WINDOWS\system32\winsrc.dll
%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
Find and Remove Antivirus 2009 registry values:
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus 2009
HKEY_CURRENT_USER\Software\75319611769193918898704537500611
HKEY_CLASSES_ROOT\CLSID\!!037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\!!037C7B8A-151A-49E6-BAED-CC05FCB50328}
Find and Delete Antivirus 2009 Files:
av2009.exe
Antivirus2009.exe
AV2009Install.exe
av2009[1].exe
Antivirus 2009.lnk
Uninstall Antivirus 2009.lnk
AV2009Install_880405[1].exe
AV2009Install_880405[2].exe
c:\Program Files\Antivirus 2009
c:\Program Files\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\WINDOWS\system32\winsrc.dll
c:\WINDOWS\system32\scui.cpl
%UserProfile%\Desktop\Antivirus 2009.lnk
%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009
%UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
Power-Antivirus-2009.exe
AV2009Install[1].exe
ieexplorer32.exe
ieexplorer32.exe-removed_skip
AntivirusPro2009.exe
...If it helps someone who gets stuck.........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
I would not recommend messing with the registry - if you make a mistake you could stop your machine from booting.0
-
2nd that , my/our option avoids the need for any registry editing
most likely sources are
1)looking at films of pretty ladies on the internet that indicate that you may need a "codec" to watch
2)filesharing sites where it's embedded in the download
3)clicking on a link that offers a "free registry scan" or similarEx forum ambassador
Long term forum member0 -
The in laws got this on their PC. A mate managed to delete it manually (his business is repairing PCs etc) and he did delete certain bits and pieces in the cmd prompt in safe mode. That was a bit over my head tbh. Nice thread here - it has gone in my favourites :-)My suggestion and/or advice is my own and it is up to you if you follow it, please check the advice given before acting on it.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards