In the last month, 5 customers have called me about a parasite called MS Antivirus 2009. MS Antivirus 2009, and others in its sick family tree like XP Antivirus 2008, are infecting Windows computers at an alarming rate. All of my customers had modern, up to date antivirus programs installed and they still got it. Ouch!
The first sign of an infection by MS Antivirus 2009 is usually this: a window opens on the
computer that looks just like the Windows Security Center and it claims that you have no virus or spyware protection installed. This usually gets the user's attention and leads to the opening of a scanner that tells the user that they are infected with a number of things. This is usually followed by an offer - give some money and this software product, MS Antivirus 2009 will remove the problem. Two of my customers believed this ruse enough to offer up their credit cards. And guess what - the problem didn't go away. It actually got worse. The result was a computer with disabled menus, no access to utilities in the control panel, the deletion of system restore saved states, popups, and system reboots. So, you just can't use your computer.
In my experience, one of the best sources of information on a virus or parasite is a Google search. I can often find loads of useful information very quickly and be well on my way to removing a pesky varmint. This was not the case with MS Antivirus. A Google search does lead to several pieces of information, but many of the hits end up on web sites claiming to be able to remove MS Antivirus but for a fee. They offer a download link to a free scanner, but when you want to remove the pest, they want money. Gosh, doesn't that sound an awful lot like the parasite that we just discussed? Call me paranoid, but doesn't it make you wonder that the vendors detecting this parasite and selling a solution to its removal may just have something to do with the problem. The availability of these solutions is just too convenient, and for me, hard to trust.
Here's my recommendation: In the business of fixing computers, I've learned that customers want simple solutions - keep the cost down and guarantee that the pest is gone. I can't trust these no name spyware scanners. I can't trust registry hacks and file deletions. My approach is to fix MS Antivirus infections the old fashion way. Remove all important data from the PC; format the hard drive; reinstall the operating system, applications, and virus protection; and then put the data back. All in all, it takes about 2 to 3 hours of work, but I can guarantee a good result.
One additional note: If you see the first signs of an infection which is usually a popup window that looks like Microsoft's Windows Secutiry Center claiming that you don't have virus protection, don't click on anything related to it. Go right to system restore and restore your PC back to a previous date. If you can do this, you will be one of the lucky ones like my friend David.
Please post a comment if this has been helpful to you.
Contact Info: info@consideritfixed.com
Computer repair in West Hartford, Computer repair in Avon, Computer repair in Simsbury, Computer repair in Farmington, Computer repair in Newington, Computer repair in Canton, Computer repair in Hartford, Computer repair in Bloomfield, Computer repair in Unionville, Computer repair in Wethsfield, Computer repair in Glastonbury
I think you have a thorough understanding in this matter. You describe in detail all here.
Posted by: RamonGustav | August 25, 2010 at 03:37 AM
http://search.live.com
If you do not wish to receive similar messages please inform us on it by mail ban.site[dog]gmail.com
Posted by: Google | July 01, 2009 at 09:36 AM
I find the Malwarebytes free scanner does a very good job of removing this virus. The tool can be found at www.malwarebytes.org.
Posted by: Whitecougar | March 22, 2009 at 10:22 PM
The 2008 variant of this was pretty easy to get rid of, the 2009 version was a bit smarter.
there are ways of removing this little nasty but it needs a few tweaks to the windows registry.
the first thing you need to do is run Mbam (mallware bytes anti mallware). if winav 2009 hasnt got too deep into the system then mbam "might" be able to remove it. i did have one system that wouldnt let me install ANYTHING, so installing mbam was not an option. so with a bit of hunting around i found Combofix (http://www.combofix.org/).
a guide on how to use it is here http://www.bleepingcomputer.com/combofix/how-to-use-combofix
just run that and it will do most of the work for you. dont worry about installing the windows RC and be prepared for it to take a while to run\scan. let it do all its things and it will tell you when its done. then afterwards run Mbam again and that should clean up what was left behind (after running combofix you should be able to install apps again).
dont forget to do a disk clean up before you start all the above processes. clean out all temp files (start>run> type %temp% >hit enter) and also clean out the porefetch files (in the windoews DIR, leave the main folder but delete ALL the contents).
Posted by: Tony | March 06, 2009 at 05:43 AM
We downloaded video codecs and inside the video codecs was the MS 2009 antivirus, its gone into our computer, we realised that it was a rouge program and we tried to remove it by going into 'Remove programs' yet we couldn't find it. Now the computer has frozen and none of the outputs are working. We can start it up, and in the bottom right hand corner there is the emblem of a red shield and a white cross. What free software download can we use to remove the program? and then re-format our computer?
Posted by: Guv Singh | February 07, 2009 at 11:31 AM
ComputerAid,
Thank you for your comment. I too have been successful in removing versions of this parasite in a short period of time. Most recently, running system restore has been the trick. The rub though is that there seems to be several versions of this parasite. Some are reasonably well behaved. Some are very destructive - they delete all system restore information, destroy the menu system, and block easy access to system tools. In these cases, I do believe that the proper protocol is to reformat, as the system has been damaged and there is no telling what hooks have been left. In fact, we could argue that the proper protocol in nearly all cases of infection is to reform as we don't really know if the parasite still has hooks into the system even though we can't see it active. Here is where our experience and judgment come into play.
Posted by: ianw | January 31, 2009 at 08:40 AM
I had a customer with MSAntiSpyware2009.
It only took me an hour to fix.
Ran SuperAntiSpyware (defender and antivir couldn't fully detect and/or clean it)... there were still infected files in temp folders, which kept creating registry entries at start time.
A few quick google searches, and I was able to run regedit again, and view "hidden" files, then clearing the temp folders completed the fix.
Not everyone uses their PCs for just web surfing and emails, so 2-3 hours to reformat and restore can easily become 6-12 hours.
Posted by: ComputerAid | January 30, 2009 at 07:38 AM
Hi i work at a university helpdesk. Last year we had the antivirus 2008 and its relatives hit our network. For them the eseasiest way to fix them is to install and run windows defender. if you have windows defender installed then it keeps those viruses off. The only dilema ive come across is that the new ms antivirus 2009 wont let windows defender fix the problems it finds but if you already have it on your computer then you maybe safe from the ms antivirus 2009. We havent seen it hit the campus yet but i have seen it on one of the machines that my business deals with. So far windows defender is the best defense against these fake antiviruses. Hopefully this helps all of you.
Posted by: Ron | January 28, 2009 at 12:29 PM
I wish I had seen this advice a few days ago. Even though I had McAfee installed, MS Antivirus 2009 sailed right past it unnoticed. I knew right away all the bogus virus warnings were a scam and I got on Google and saw a bold claim by PC Tools Spyware Doctor that their program could get rid of it. That was a joke. I ran it again and again and it did no good. I called the company to complain and they advised running it in safe mode. That seemed to get rid of MS Antivirus 2009, but my computer was totally messed up after that--a complete disaster. I had no choice but to reformat and reinstall the operating system. I laughed at the predicition above that this takes 2 or 3 hours. For one thing, I was unable to do it myself because I was unable to boot from the XP installation disk. I know how to change the boot sequence in BIOS, but it did no good. So I had to pay a guy $90 to install XP. That was done in a day, but to get a complicated system such as I have back to normal takes a lot more than 2 or 3 hours. In total I've spent the last 4 days working on this.
What I wish I understood is this: The m*****f***ers who created MS Antivirus 2009 are in it for the money. That means they have to have a bank account somewhere and a merchant account with a credit card processing service. It ought to be possible to track them down. I wish I could--I'd kill them.
Posted by: C. Hart | December 29, 2008 at 05:01 AM
Anyone infected with the MS Antivirus 2009 malware just needs to run Microsoft's latest Malicious Software Removal Tool which cleans the mess up.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9124346&intsrc=hm_list
http://support.microsoft.com/?kbid=890830
http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en
Posted by: BuddhaChu | December 28, 2008 at 11:54 AM
To get rid of MS Antivirus 2009 or any similar spywares or adwares like Antivirus 2009, you don't need to resort in wiping out your files, it just needs cleaning. What I do is i use process explorer, autoruns, avenger and some other programs to find where they are hiding. It only takes 30 minutes to an hour to fixed this issue. If you need assistance I can also use a remote connection and take control of the system until issue is fixed. For remote assistance Teamviewer is the tool for that.
Posted by: bloodforce | December 06, 2008 at 06:48 AM