Removal of Antivirus 2009

What this programs does:

Antivirus 2009 is a new rogue anti-spyware program from the same family as Antivirus 2008 and Doctor Antivirus . Antivirus 2009 is installed and advertised through the use of misleading web sites that attempt to make you think your computer is infected with a variety of malware. Once installed, Antivirus 2009 will scan your computer and list a variety of fake infections that can't be removed unless you first purchase the software. These infections are fake, though, and only being shown to scare you into purchasing the software.
When Antivirus 2009 is installed, a Internet Explorer browser helper object is also installed that displays fake messages when using Internet Explorer. These messages range from a line at the top of the browser stating an infection was found to adding a box to the Google homepage stating Google detected that your computer was infected. These tactics are just two more methods where Antivirus 2009 uses false information to scare you into purchasing their software. A more detailed writeup on how the Google home page is hijacked can be found here.
 

Screen shot of Antivirus 2009
For more screen shots of this infection click on the image above.
There are a total of 4 images you can view.

Tools Needed for this fix:

• Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

Note: Some of these entries are random named.

O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O4 - HKCU\..\Run: [75319611769193918898704537500611] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"

Guide Updates:

06/28/08 - Initial guide creation.

Automated Removal Instructions for Antivirus 2009 using Malwarebytes' Anti-Malware:

1. Print out these instructions as we will need to close every window that is open later in the fix.
   
    

2. Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:
   
   Malwarebytes' Removal program  Save This to Desktop then install.
   
    

3. Once downloaded, close all programs and Windows on your computer, including this one.
   
    

4. Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
   
    

5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
   
    

6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
   
   
    

   
    

   
    

7. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Antivirus 2009 related files.
   
    

8. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
   
   
    

   
    

   
    

9. When the scan is finished a message box will appear as shown in the image below.
   
   
    

   
   
    

   You should click on the OK button to close the message box and continue with the Antivirus 2009 removal process.
   
    

10. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
    
     

11. A screen displaying all the malware that the program found will be shown as seen in the image below.
    
    
     

    
    
     

    
    You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
    
     

12. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
    
     

13. You can now exit the MBAM program.
     

Your computer should now be free of the Antivirus 2009 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below: