Antivirus 2009

Discussion in 'Off-Topic' started by 1100011CS, Dec 14, 2008.

  1. 1100011CS

    1100011CS Well-Known Member

    Oct 5, 2007
    11,202
    304
    83
    Marshalltown
    Just a little warning. This is the biggest scam/virus/malware of the year. I've had several friends make the mistake of clicking on one of their popups and it is a major pain to remove. I think there are other variations of the name.
     
  2. CyBandCG

    CyBandCG Member

    Dec 11, 2006
    229
    0
    16
    Principal Financial Group
    Ames, IA
    Oh my gosh i just finally got rid of this virus after 5 days. If you do get it go to the CNET website and do a search for Antivirus2009 and there is a great forum that explains how to get rid of it. Definitely watch out though!
     
  3. Cardinal&Gold11

    Cardinal&Gold11 Well-Known Member

    Nov 6, 2007
    1,870
    41
    48
    Stayin' Alive
    Ames, Iowa
    link?
     
  4. Cardinal&Gold11

    Cardinal&Gold11 Well-Known Member

    Nov 6, 2007
    1,870
    41
    48
    Stayin' Alive
    Ames, Iowa
  5. 1100011CS

    1100011CS Well-Known Member

    Oct 5, 2007
    11,202
    304
    83
    Marshalltown
  6. jumbopackage

    jumbopackage Well-Known Member

    Sep 18, 2007
    5,484
    248
    63
  7. CTAClone

    CTAClone Addict

    Mar 28, 2006
    9,214
    223
    63
    First Assistant Director
    Amerika
    How are people getting the virus on their computer to begin with? What's their scam?
     
  8. 1100011CS

    1100011CS Well-Known Member

    Oct 5, 2007
    11,202
    304
    83
    Marshalltown
    I have yet to actually see it but apparently they get a pop-up while surfing that says they're computer is infected and they should click some link to fix it which downloads this Antivirus 2009. They then try to charge you to buy the software to fix the crap they put on.
     
  9. TykeClone

    TykeClone Burgermeister!

    Oct 18, 2006
    24,815
    537
    113
    Sometimes just following a search link is enough to get it installed.

    What they do is say "we found x malware things running on your computer, click here to protect yourself."

    The link takes you to a place to purchase Antivirus 2009 (or whatever they happen to be calling it) - their scam is to part you with your money.

    The software itself just displays the warning and does its best to try to prevent its removal.

    Malwarebytes.org - I've had luck removing that stuff with malwarebytes as well.
     
  10. CyBandCG

    CyBandCG Member

    Dec 11, 2006
    229
    0
    16
    Principal Financial Group
    Ames, IA
    Yeah definitely a money scam, sounded like a few people on that forum gave out credit card information. I knew as soon as I clicked on it was a mistake and tried to find the best way to remove it ASAP.
     
  11. yCy

    yCy Active Member

    Apr 12, 2006
    1,032
    21
    38
    I got it every time I tried to read the Star Tribune on line. Even if you don't click on anything, it keeps going and going in a cycle of windows. I use the Task Manager to get it to go away. I don't go to the Tribune site anymore. Mrs. yCy
     
  12. jumbopackage

    jumbopackage Well-Known Member

    Sep 18, 2007
    5,484
    248
    63
    Using internet explorer is usually enough to get it
     
  13. 1100011CS

    1100011CS Well-Known Member

    Oct 5, 2007
    11,202
    304
    83
    Marshalltown
    Well looks like there's a new "version" of this *****. It's called Antivirus 2010 now (original huh). My buddy brought me his computer on Sunday and I have been unable to get rid of the damn thing. I got it so there's no popup and all the warnings are gone but there's something that keeps changing permissions on apps so that you can't run them anymore. Last time I just had to get rid of something called TDSServ but I'm not finding that this time. All the forums I've read about this suggest certain tools (Malwarebytes, etc..) but I can't run any of them because of this. Any suggestions?
     
  14. TykeClone

    TykeClone Burgermeister!

    Oct 18, 2006
    24,815
    537
    113
    Can you get to them from safe mode?

    Edit to add: I don't remember if it was antivirus 2010, but I cleaned off one a while back that actually was in that "family" and had to use TDSSKiller (http://support.kaspersky.com/viruses/solutions?qid=208280684) to remove the rootkit enough to allow for cleanup.
     
  15. 1100011CS

    1100011CS Well-Known Member

    Oct 5, 2007
    11,202
    304
    83
    Marshalltown
    I can't run them in safe mode either.
     
  16. TykeClone

    TykeClone Burgermeister!

    Oct 18, 2006
    24,815
    537
    113
  17. FDWxMan

    FDWxMan Well-Known Member

    Jan 31, 2009
    2,634
    99
    48
    Des Moines
    Exact same problem. It's a rootkit that has dug deep into the system.

    Try running Combofix from safe mode. It was basically our last resort before nuking it and starting over.

    Here's the link, part-way down the page. Just make sure you know what you're doing because this can also seriously mess things up.

    Combofix download
     
  18. 1100011CS

    1100011CS Well-Known Member

    Oct 5, 2007
    11,202
    304
    83
    Marshalltown
    I tried combofix but I don't think I tried that one in safe mode. will give it a shot now. thanks.
     
  19. cyfanatic

    cyfanatic Well-Known Member

    Oct 18, 2006
    4,208
    78
    48
    Cedar Rapids, Iowa
    Helping friends remove things like this from their computers, I stumbled on a program called "rkill" I believe. It shuts most of the unnecessary processes down and then allows you to run malwarebytes or other programs like it. Download "rkill" and malwarebytes to a flash drive and run them in safe mode. Worked for me...not sure if it is the most recommended procedure...but it works.
     

Share This Page