Wednesday, August 20, 2008



Antivirus 2009 had been annoying internet users lately. I am also a victim of it unfortunately. Thanks to many forums and kind user, I had finally found the AntiVirus 2009 removal instruction.

Symptom of infected with AntiVirus2009:
1. Automatic installation


2.This program will automatically load when Internet Explorer starts, and when you visit certain sites, it will insert its own information into the web pages that are retrieved. Currently the information that is inserted into the Google home page and search results is a misleading advertisement for Antivirus 2009. The current text of the advertisement is:

Google Tips

Google has detected unregistered Antivirus 2009 copy on your computer. Google recommends you to activate Antivirus 2009 to protect your PC from malicious intrusions from the Internet.

The advertisement is actually one big link that if clicked will bring you to a page at the hxxp://microsoft.browserprotectioncenter.com/ site that says you are infected and should purchase Antivirus 2009.

Removal Tools: hijackthis (strictly not spyware. It is a powerful tool for removing unknown system threat)

Removal steps:
1. Delete following files:
c:\Program Files\Antivirus 2009
c:\Program Files\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\WINDOWS\system32\scui.cpl
c:\WINDOWS\system32\winsrc.dll

2. Delete the registry entries using hijackthis. Scan the registry and remove the item which contain part of the following word:

c:\Program Files\Antivirus 2009
c:\Program Files\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\WINDOWS\system32\scui.cpl
c:\WINDOWS\system32\winsrc.dll

HKEY_CURRENT_USER\Software\75319611769193918898704537500611
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"

If you need further help, kindly leave your comment and I will try to assist you.




1 comments:

michaelwong38@gmail.com said...

Hi, was wondering if you'd like to exchange links with me?
If yes, please leave your blog url as a comment at:
http://bigmoneylist.blogspot.com/
I'll link to you first, then when you have time link back k?
Thanks, Michael
BTW--I'm michaelwong38 on digg. If ever you want something dugg, just send me a shout anytime.