Subscribe To This Site
XML RSS
Add to Google
Add to My Yahoo!
Add to My MSN
Subscribe with Bloglines
 
                                       

AV2009 the fake anti-virus

(also found as AV360 - takeoff of Norton's 360 name)

Popular "Rogue Security" Program virus alert

 

Watch out for a fake program called AV 2009 that is popping up and appears to be a Windows Security warning. I’ve had several systems in the shop in recent weeks from this. It is a fake and clicking on it installs several pieces of fraud-ware, mal-ware and crap-ware. It also infects Internet Explorer, blocking you from downloading Anti-Virus and or Spy Removal Programs. It also alters your Google page, to include a message to Run AV 2009.


This particular program and attempt to get on your computers has been around for a while, however the most recent incarnation that started recently seems to be evading several anti-viruses. I have found it on machines with current up-to-date versions of Norton and McAfee.  
Usually this particular nasty only infects people who visit sites with infected video codecs (normally, but not always “adult” sites). This time around it seems to be using some vulnerability and hacking “good” web sites and or servers and injecting them with the infection. Once the site is infected you (or in one case your child) goes to the site and whamo, you are infected.

 

pc infection

 


Once infected the program tries to prevent your current security from updating or running properly.

  1. You need to kill AV2009.exe via Task Manager and MSconfig.

  2. Now navigate to “Program Files” and under the folder “AV2009” delete AV2009.exe .

  3. Next, disable System Restore and reboot.


At this point I have been able to manually run a thorough anti-virus scan which has caught and paused other AV2009 files.

 


The next thing, I downloaded, updated and ran Spybot Search and Destroy 1.6 from Safer-networking (be aware there is a crap-ware and malware program masquerading as this program). Spybot S&D seems to have finalized the destruction of AV2009.

Finally I suggest that you remove all temporary internet files for all your browsers (many of you use Firefox or Opera but still have Internet Explorer to remember). That should finish removing this program.

 

All that is left is to turn System Restore back on and reboot.

 

 

 

 

Site Build It!

  • Sitemap About Me