Posted 30 December 2008 - 06:06 PM
A friend of mine said they got a virus on December 21. Probably either came from free poker or porn. I went over to their house to help them remove it. It turned out to be a trojan called Antivirus 2009. The computer is running XP pro with all the latest updates. I booted into safe mode and there wasn't anything obvious running. Removed a few things with Add/Remove programs. Then used Hijackthis and removed anything that didn't belong. Restarted and Antivirus 2009 hadn't been touched, though most of the other viruses it installed were gone. I had a trial version of NOD32 on my usb drive, but the security policy had been changed to disallow any installations. I figured the fastest and cleanest way to fix it was just to reinstall.
I did a quick format and reinstalled windows over the only partition. I noticed that the windows boot loader listed two different versions of XP. Installed the ethernet drivers. Downloaded drivers from windows updates. Restarted. Antivirus 2009 was back after the restart. Installed the trial version of NOD32 off of my USB drive and updated definitions. It caught one thing right away. I did a full scan including the USB drive and it found another 9 items on the hard drive. Antivirus 2009 popped up tray notifications while NOD32 was scanning and said that it detected destroying the computer or some nonsense like that. When NOD32 was done Antivirus 2009 was still running like normal.
I removed the USB drive. Then disconnected the power cable and let it sit for a minute. Put in the Windows CD made sure I deleted the old partition and did not do a quick format this time. Now when windows booted up there was only one installation. Installed the ethernet drivers from the CD. Downloaded drivers from windows updates. Installed NOD32. Restarted windows. And there was Antivirus 2009 again.
So I'm thinking its still on the hard drive somewhere or its infected the exe files on the flash drive. What I plan on doing later is using DBAN to wipe the HD and USB memory. Find some utility that will allow me to look at the partition table and boot record on both drives. Then install windows.
What I am wondering is if anyone has any experience with this virus or has any other suggestions. Thanks.