Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus2009


  • Please log in to reply
9 replies to this topic

#1 HighlightSteve

HighlightSteve

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 17 November 2008 - 09:17 PM

My computer pick this up a few days ago. I think I have finally identified this as Antivirus2009. I'm looking for guidance in its removal. I ran Hijackthis and found av2009.exe under section 04. I tried running Mbam, but it is being blocked from running. What's next? Thanks!

BC AdBot (Login to Remove)

 


#2 wolsno

wolsno

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 17 November 2008 - 09:46 PM

Have you tried removing what you found in hjt manually? If you can't delete a specific file you can try renaming it, re-booting and then deleting or you can try a utility like Unlocker or programs like ComboFix but be careful - programs like that are not to be used without qualified help.
What's your level of expertise? There are some methods that work very well if you have access to another machine and can follow instructions to d/l and make a bootable disk with the proper tools on it.

#3 Kefka

Kefka

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 17 November 2008 - 10:04 PM

Apologies if I'm not authorised to give advice yet, but I helped remove this and "antimalwareguard" from a relative's pc the other day and found a very simple way to get Mbam to work despite the malware trying to block it.

Just rename the file.
If it's already installed, just go to where it was installed to (usually program files > malwarebytes antimalware...) and rename mbam.exe to anything else (e.g. "lol.exe" - make sure it remains an exe file), then run it. If it isn't installed yet, you'll have to rename mbam-setup.exe as well.

Good luck!

#4 wolsno

wolsno

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 17 November 2008 - 10:15 PM

make sure it remains an exe file

Just for total accuracy it doesn't have to stay an exe - could be any file format that Windows recognizes as being executable so .bat, .com and a couple of others will work too.

#5 Kefka

Kefka

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 17 November 2008 - 10:17 PM

make sure it remains an exe file

Just for total accuracy it doesn't have to stay an exe - could be any file format that Windows recognizes as being executable so .bat, .com and a couple of others will work too.


Fair enough :thumbsup:
I forgot to mention that it's probably a good idea to rename it back to mbam.exe after the scan is complete and you have closed the program (but before you reboot), as I'm pretty sure it will need the proper name for it to start up after a reboot and finish cleaning off some hard to remove files...

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:29 PM

Posted 17 November 2008 - 11:35 PM

Please post the MBAM log here for review ,thanks.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 backoo

backoo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 18 November 2008 - 10:47 AM

Hello
I am infected with this antivirus as well on my daughters laptop. on the laptop I cannot do anything so I downloaded mbam
on my P.C. and saved it to a external hard drive I plugged the external hard drive into my daughters laptop and move the file to the desktop I cannot run the program it will not open.
I looked in program files to change the name as suggested but I cannot see the file there
can anyone help Thankyou

#8 wolsno

wolsno

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 18 November 2008 - 11:12 AM

move the file to the desktop I cannot run the program it will not open.
I looked in program files to change the name as suggested but I cannot see the file there
can anyone help Thankyou

If you moved it to the desktop it will not be in program files... If the installer (your download) is what you moved to the desktop did you then run it to install it? What happened?

#9 backoo

backoo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 18 November 2008 - 03:03 PM

wolsno
thank you for your reply I right click the icon on the desk top and changed the name to lol.com, I was then able to run and install the program. I clicked to open it and it would not open so I right click the icon and change the name to lol.exe
I then went to program files and changed it to lol.exe. Should I have stuck to the same name
THANK YOU
PS I have just changed it to lol.com but cannot open it
cheers

#10 backoo

backoo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 19 November 2008 - 10:45 AM

HI
I read in another post about opening the program in safe mode.I tried that and it still will not open, I get a brief hourglass
then nothing Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users