Comments on: Antivirus2009

By: shailesh

shailesh — Sun, 02 Aug 2009 16:07:40 +0000

Antivirus pro installed itself on my computer. It does not allow me to connect to the web ti run antispyware programs or run the programs installed on my hard drive. Cannot locate the files with task manager. It has total contraol of my pC. Where do I start?

By: mahendradas

mahendradas — Fri, 15 May 2009 18:10:46 +0000

But we need mobile security also that will be very useful for thousands of customers...

By: Gene

Gene — Tue, 24 Feb 2009 14:01:51 +0000

Wow, what a job to get rid of MSantispyware2009! I got this malware program doing research for a presentation I have coming up. The web site tricked me into loading it by telling me I needed to download a program to watch a video I wanted some information from. I started getting pop ups that looked like official Microsoft data and my explorer tryed to take me to the MS antispyware 2009 website constantly.
The 1st thing I did was find some htm files and some exe files in my hidden temporary internet files that matched some of the names of the popup's I was getting and delete them, then I went into msconfig and unchecked any suspicious looking items in my start menu, I restarted my cpu and this got rid of about 80% of the popup's. Next I went into add and remove programs and found 2 programs from crucialsoft and uninstalled them, MSas 2009, and 1stprice?, not sure of the name, but it had a bogus phone number 555-555-1234 under contact info and the url listed for support took me to the antispyware 2009 web site.
Next I downloaded and ran an updated version of my antivirus program and ran it, this got rid of some of the infected files,next I downloaded an upgraded version of my antispyware program and ran it, this got rid of a few more infected files, then I downloaded an antimalware program and ran it, this found about 50 more infected files and deleted them. Now I was down to one popup every 20 minutes or so, an alert message that my computer was still infected and when I hit cancel it tryed to take me to the antispyware 2009 web site. After a call to my IT. friend, he directed me to a website that had a free program called combofix, this program shows you all the programs running on your cpu and deletes some of them but allows you to see and find anything else suspicious and shows you where to find and delete them. I have been popup free since 5:00 PM Yesterday! Found another clever trick this jerk used, In windows Task manager he had 48 tasks scheduled to run abut 15 minutes apart to run a program called C:\WINDOWS\system32\TPuPyhMu.exe.a_a
this is the program that launched the web browser and directed it to his website.
All of the files listed at the top of the page were found and deleted along with the folowing files and folders. This process took me 2 full days to do, if you want to do it youself, I hope these will help. Good Luck!
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple)
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED
Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3MZ7GQXG\216[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UM1TIS9N\216[1].jpg
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090222122213003.log
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090222140942078.log
C:\WINDOWS\system32\TPuPyhMu.exe.a_a
MSConfigStartUp-MS AntiSpyware 2009 - c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
MSConfigStartUp-Cognac - c:\docume~1\ADMINI~1\LOCALS~1\Temp\2019.exe

By: Janet

Janet — Sun, 22 Feb 2009 02:09:10 +0000

A friend downloaded Antivirus 360 on my computer.i have many bugs now & im unable to uninstall it/How to get rid of this???I have CyberDenfender ,which is doign fine.Janet

By: santosh

santosh — Fri, 23 Jan 2009 19:00:01 +0000

k it seems form my research that the programs modifies the svchost files or some other files that deppends on it
It also changes some or one of the DNS cach files so that trendmicro.com points to the local maching

If i can figure out this DNS file and something to do with the DNS resolver then maybe i can stab it in the neck.

Deleting Temp IE files in hidden Local settings helps free you up

By: Dee

Dee — Wed, 10 Dec 2008 23:50:08 +0000

ok it seems form my research that the programs modifies the svchost files or some other files that deppends on it
It also changes some or one of the DNS cach files so that trendmicro.com points to the local maching

If i can figure out this DNS file and something to do with the DNS resolver then maybe i can stab it in the neck.

Deleting Temp IE files in hidden Local settings helps free you up

By: james

james — Tue, 02 Dec 2008 18:34:42 +0000

This antivirus is a bunch of bulllllllllll! I just got my computor and its already infected with it. Someone told me that i would have to wipe my hard drive reinstall windows and use a program called zone alarm does anyone know if this is true. I would like to handle this without wipping my hard drive please let me know.

By: .

Sat, 08 Nov 2008 21:47:19 +0000

Thanks PARICIA!....but now when i go into add/remove programs and try to uninstall all it says is "You already have antipro 2009 installed!" yes i know that lol im trying to delete it:@! driving me crazy!

By: Dave

Dave — Sat, 08 Nov 2008 20:51:09 +0000

Bring your computer up in safemode with networking and then you can either remove this manually or use the removal tool. Dave

By: PC Solutions UK

PC Solutions UK — Sat, 08 Nov 2008 02:08:08 +0000

AntiVirus 2009 is proving to be very annoying and law inforcement agencies are dealing with the author of this \'scam\'. If you have this installed on your computer, it s very very hard, if not impossible to remove if you do not know exactly what your doing. The only true way of knowing that this has been fully removed from your system is to do a complete fresh install of Windows.