Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009


  • Please log in to reply
2 replies to this topic

#1 bob65536

bob65536

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 30 December 2008 - 06:06 PM

A friend of mine said they got a virus on December 21. Probably either came from free poker or porn. I went over to their house to help them remove it. It turned out to be a trojan called Antivirus 2009. The computer is running XP pro with all the latest updates. I booted into safe mode and there wasn't anything obvious running. Removed a few things with Add/Remove programs. Then used Hijackthis and removed anything that didn't belong. Restarted and Antivirus 2009 hadn't been touched, though most of the other viruses it installed were gone. I had a trial version of NOD32 on my usb drive, but the security policy had been changed to disallow any installations. I figured the fastest and cleanest way to fix it was just to reinstall.

I did a quick format and reinstalled windows over the only partition. I noticed that the windows boot loader listed two different versions of XP. Installed the ethernet drivers. Downloaded drivers from windows updates. Restarted. Antivirus 2009 was back after the restart. Installed the trial version of NOD32 off of my USB drive and updated definitions. It caught one thing right away. I did a full scan including the USB drive and it found another 9 items on the hard drive. Antivirus 2009 popped up tray notifications while NOD32 was scanning and said that it detected destroying the computer or some nonsense like that. When NOD32 was done Antivirus 2009 was still running like normal.

I removed the USB drive. Then disconnected the power cable and let it sit for a minute. Put in the Windows CD made sure I deleted the old partition and did not do a quick format this time. Now when windows booted up there was only one installation. Installed the ethernet drivers from the CD. Downloaded drivers from windows updates. Installed NOD32. Restarted windows. And there was Antivirus 2009 again.

So I'm thinking its still on the hard drive somewhere or its infected the exe files on the flash drive. What I plan on doing later is using DBAN to wipe the HD and USB memory. Find some utility that will allow me to look at the partition table and boot record on both drives. Then install windows.

What I am wondering is if anyone has any experience with this virus or has any other suggestions. Thanks.

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 30 December 2008 - 06:45 PM

Hi bob65536 this link may help, http://www.bleepingcomputer.com/malware-re...-antivirus-2009 :thumbsup:

#3 bob65536

bob65536
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 30 December 2008 - 09:33 PM

I used DBAN on the HD and USB memory stick. Installed windows. Downloaded windows updates. Restarted several times... and Antivirus 2009 seems to be gone. I think the most likely possibility is that it infected the binary files on my USB memory. So people that have this virus might want to be careful about backing up their data if they plan on reformatting the drive.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users