HomeAntivirus 2009, or Home Antivirus 2009, is a rogue anti-spyware program from the same family as XP Antispyware 2009. Like its predecessors, this malware is classified as a rogue because it utilizes malware and displays fake scan results. Any program that uses deception in order to create sales is automatically placed into the rogue classification. The following guide will explain how HomeAntivirus is promoted, what it does when installed, and how to remove the infection. Images of the program can also be found below.
This rogue is advertised and installed through the use of Trojans that display warnings that state your computer is at risk. When you click on these alerts it will then download and install Home Antivirus 2009 onto your computer without your permission. While installing, HomeAntivirus 2009 will also create numerous files on your computer that are made to appear as infections, but are in reality harmless as they cannot run and are thus unable to affect your computer in any way. Some of the files that were created on our analysis computer when testing Home Antivirus are:
c:\Program Files\Common Files\itihosa.inf
c:\Program Files\Common Files\kupave.sys
c:\Program Files\Common Files\senuryja.inf
c:\Program Files\Common Files\ukanemuh.inf
c:\Documents and Settings\All Users\Application Data\ador.db
c:\Documents and Settings\All Users\Application Data\rocipaz.com
c:\Documents and Settings\All Users\Application Data\yhanat.dl
c:\Documents and Settings\All Users\Documents\ditebyl.lib
Some of the infections that is states are on your computer are:
Home Antivirus will also be configured to start automatically when your computer starts. Once started it will scan your computer and display numerous infections that cannot be removed until you first purchase the program. As was already said, none of the files that are detected are actually legitimate infections, but rather the fake ones that were created when it was first installed. These results are only being shown to scare you into thinking you are infected in the hope that you purchase the program.
While running you will also see numerous security warnings appear from your Windows taskbar. These alerts are used to further trick you into thinking there is a serious security issue on your computer. Some of the warnings you will see are:
Your system was found to be infected with intercepting programs. These can log your activity and damage your privacy. Click here for %s spyware removal.
A piece of malicious code was found in your system which can replicate itself if no action is taken. Click here to have your system cleaned by %s.
Our scan has reported that pieces of malicious spyware code are present on your hard drive. To get rid of security threats, click here for a %s scan.
Privacy is at risk!
Attention, keylogging and intercepting scripts were detected. Your private data may be disclosed to third parties. Click here and %s will remove the infection.
Last but not least, this program will also create a file that launches a window that impersonates the Windows Security Center control panel. It does this by installing a file named c:\WINDOWS\system32\_scui.cpl, which when run will start a control panel that looks exactly like Windows Security Center, but instead promotes the HomeAntivirus 2009 program. It also disables the launching of the legitimate Windows Security Center by adding the following Windows Registry keys to your computer:
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
If you are infected, or have symptoms of HomeAntivirus 2009, then please use the removal guide below in order to remove this rogue and any associated malware.
Self Help Guide
- Print out these instructions as we will need to close every window that
is open later in the fix.
- At this point you should download Malwarebytes Anti-Malware, or MBAM, to scan your computer for any any infections or adware that may be present. Please download Malwarebytes from the following
location and save it to your desktop:
Malwarebytes Anti-Malware Download Link (Download page will open in a new window)
- Once downloaded, close all programs and Windows on your computer, including
- Double-click on the icon on your desktop named mbam-setup.exe.
This will start the installation of MBAM onto your computer.
- When the installation begins, keep following the prompts in order to continue
with the installation process. Do not make any changes to default settings
and when the program has finished installing, make sure you leave Launch
Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.
- MBAM will now start and you will be at the main screen as shown below.
Please click on the Scan Now button to start the scan. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan.
- MBAM will now start scanning your computer for malware. This process can
take quite a while, so we suggest you do something else and periodically
check on the status of the scan to see when it is finished.
- When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different
than what is shown in the image below due to the guide being updated for newer versions of MBAM.
You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
- You can now exit the MBAM program.
Your computer should now be free of the Home Antivirus 2009 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.