« Cheap Laptops Are Finally Good | Main | Password Managers with Cross Platform Support: Where Are They? »

December 02, 2008


Feed You can follow this conversation by subscribing to the comment feed for this post.

New York

What's up, just wanted to say, I liked this blog post. It was helpful. Keep on posting!


I think you have a thorough understanding in this matter. You describe in detail all here.


If you do not wish to receive similar messages please inform us on it by mail ban.site[dog]gmail.com


I find the Malwarebytes free scanner does a very good job of removing this virus. The tool can be found at www.malwarebytes.org.


The 2008 variant of this was pretty easy to get rid of, the 2009 version was a bit smarter.
there are ways of removing this little nasty but it needs a few tweaks to the windows registry.
the first thing you need to do is run Mbam (mallware bytes anti mallware). if winav 2009 hasnt got too deep into the system then mbam "might" be able to remove it. i did have one system that wouldnt let me install ANYTHING, so installing mbam was not an option. so with a bit of hunting around i found Combofix (http://www.combofix.org/).
a guide on how to use it is here http://www.bleepingcomputer.com/combofix/how-to-use-combofix
just run that and it will do most of the work for you. dont worry about installing the windows RC and be prepared for it to take a while to run\scan. let it do all its things and it will tell you when its done. then afterwards run Mbam again and that should clean up what was left behind (after running combofix you should be able to install apps again).
dont forget to do a disk clean up before you start all the above processes. clean out all temp files (start>run> type %temp% >hit enter) and also clean out the porefetch files (in the windoews DIR, leave the main folder but delete ALL the contents).

Guv Singh

We downloaded video codecs and inside the video codecs was the MS 2009 antivirus, its gone into our computer, we realised that it was a rouge program and we tried to remove it by going into 'Remove programs' yet we couldn't find it. Now the computer has frozen and none of the outputs are working. We can start it up, and in the bottom right hand corner there is the emblem of a red shield and a white cross. What free software download can we use to remove the program? and then re-format our computer?



Thank you for your comment. I too have been successful in removing versions of this parasite in a short period of time. Most recently, running system restore has been the trick. The rub though is that there seems to be several versions of this parasite. Some are reasonably well behaved. Some are very destructive - they delete all system restore information, destroy the menu system, and block easy access to system tools. In these cases, I do believe that the proper protocol is to reformat, as the system has been damaged and there is no telling what hooks have been left. In fact, we could argue that the proper protocol in nearly all cases of infection is to reform as we don't really know if the parasite still has hooks into the system even though we can't see it active. Here is where our experience and judgment come into play.


I had a customer with MSAntiSpyware2009.

It only took me an hour to fix.

Ran SuperAntiSpyware (defender and antivir couldn't fully detect and/or clean it)... there were still infected files in temp folders, which kept creating registry entries at start time.

A few quick google searches, and I was able to run regedit again, and view "hidden" files, then clearing the temp folders completed the fix.

Not everyone uses their PCs for just web surfing and emails, so 2-3 hours to reformat and restore can easily become 6-12 hours.


Hi i work at a university helpdesk. Last year we had the antivirus 2008 and its relatives hit our network. For them the eseasiest way to fix them is to install and run windows defender. if you have windows defender installed then it keeps those viruses off. The only dilema ive come across is that the new ms antivirus 2009 wont let windows defender fix the problems it finds but if you already have it on your computer then you maybe safe from the ms antivirus 2009. We havent seen it hit the campus yet but i have seen it on one of the machines that my business deals with. So far windows defender is the best defense against these fake antiviruses. Hopefully this helps all of you.

C. Hart

I wish I had seen this advice a few days ago. Even though I had McAfee installed, MS Antivirus 2009 sailed right past it unnoticed. I knew right away all the bogus virus warnings were a scam and I got on Google and saw a bold claim by PC Tools Spyware Doctor that their program could get rid of it. That was a joke. I ran it again and again and it did no good. I called the company to complain and they advised running it in safe mode. That seemed to get rid of MS Antivirus 2009, but my computer was totally messed up after that--a complete disaster. I had no choice but to reformat and reinstall the operating system. I laughed at the predicition above that this takes 2 or 3 hours. For one thing, I was unable to do it myself because I was unable to boot from the XP installation disk. I know how to change the boot sequence in BIOS, but it did no good. So I had to pay a guy $90 to install XP. That was done in a day, but to get a complicated system such as I have back to normal takes a lot more than 2 or 3 hours. In total I've spent the last 4 days working on this.

What I wish I understood is this: The m*****f***ers who created MS Antivirus 2009 are in it for the money. That means they have to have a bank account somewhere and a merchant account with a credit card processing service. It ought to be possible to track them down. I wish I could--I'd kill them.


Anyone infected with the MS Antivirus 2009 malware just needs to run Microsoft's latest Malicious Software Removal Tool which cleans the mess up.





To get rid of MS Antivirus 2009 or any similar spywares or adwares like Antivirus 2009, you don't need to resort in wiping out your files, it just needs cleaning. What I do is i use process explorer, autoruns, avenger and some other programs to find where they are hiding. It only takes 30 minutes to an hour to fixed this issue. If you need assistance I can also use a remote connection and take control of the system until issue is fixed. For remote assistance Teamviewer is the tool for that.

The comments to this entry are closed.

Contact Us

  • At Consider It Fixed, we welcome and value your business.

    Call when your computer or network annoys you.

    Call to get into the cloud.

    Call for help migrating to Google Apps or hosted Microsoft Exchange Server.

    Call or send email to ask a question.

  • phone:
    (860) 985-7300
  • email:
  • Click here to submit a Quick Quote Form for a phone or tablet repair.



My Photo

Recycle Here


Fuel My Blog