Antivirus 2009
Recently around the office the Antivirus 2009 bug has been popping up a lot. This fake antivirus software isn't terribly clever in it's execution, as fake antivirus software that is actually a virus is an old trick now, it is shockingly pervasive having infected 4 or 5 laptops here this last month. Sure I could use this as a podium to rant that my office really ought to keep stricter controls over the PCs we have on the network, but since most of our employees are expected to have their own personal laptops to work from, I can't really restrict their rights on their own personal machines.
In any event, using a few utilities I've had very good luck removing this virus and all the little bits and pieces it leaves behind without damaging the OS.
The Quick Fix:
For those of you are certain that the infection you are experiencing is "Antivirus 2009" my advice is quite simply to download Malwarebytes Anti-Malware, update, run the full scan and presto, your computer will be fixed. Malwarebytes is the essential one to run because it is of the software I tried, the only one that managed to kill all Antivirus 2009 background processes and get it to stop replicating.
After running Malwarebytes, I also reccomend using Spybot Search and Destroy to help remove any sypware, adware or other _____ware buddies 2009 might have invited to the party.
For those who would like more in-depth diagnosis and instruction please read on.
Diagnosis:
Antivirus 2009, is a fake Antivirus software that installs to your computer primarily by malicious websites tricking the user into thinking that a scan has been run and a virus was found on thier PC. The user then installs Antivirus 2009 (the real virus) thinking it will remove the nonexistant one.
I've also seen it piggyback along with P2P downloads, wares, and other less than reputable downloads.
Computers with Antivirus 2009 will often have a pop-up window or taskbar tray application that runs a "scan" of thier computer. This program can have other names, but the behavior and purpose is usually the same. For tips on how you can tell fake software from real software see this article.
Closing the application will close the window, but not stop the program. Using Ctrl-Alt-Del to bring up the task manager will allow you to see the "antivirus2009" process, but killing it will only temporarily disable it. Deleting the file that executed the process will also only slow it down as it is replicating.
The Fix:
The first order of business is to stop it from replicating and remove the offending files. The best software for this is Malwarebytes Anti-Malware. Once you have downloaded the installer, it's as simple as clicking next until it completes.
Upon loading the program click the update tab and run an update.
After that run a full scan. Once the scan is complete, click the show results button in the lower right hand potion of the window.
Remove all the bad files found by Malwarebytes. The system may ask to reboot. Do so if prompted. Upon restarting, your system should be free of the Antivirus 2009 Virus. You may want to run additional scans (Such as Spybot Search and Destroy, AVG Antivirus, or Avast!) to check for other malicious programs
How to Keep Yourself Protected in the Future.
A little education goes a long way when it comes to preventing virus attacks on your computers. In the case of Antivirus 2009, most people could prevent the installation or escalation of this infection by knowing how to identify spoofed virus warnings.
The trick isn't so much knowing what to look for in a fake warning but knowing what a real warning looks like, and only react to those.
Step one: download and use a reputable Antivirus program. This way if you do recieve a message saying that "your computer is unprotected" or some other alarmist statement the virus writers use to get your fear going, you'll know this isn;t the case.
Among my favorites are AVG Antivirus and Avast Antivirus. Why? Well, that might be a topic better suited for a separate post... something I'll get to eventually no doubt.
The next thing to do once you have installed your choice antivirus application, is to actually use it. Run a scan, run an update, take it for a walk in the park. Get to know your software a bit. So that when the time comes you'll be able to better guage if the information you are getting seems to be from the application you are using.
If the look of the warning, the name of the software, or other clues don't seem to match up. You are likely looking at a hoax. Better yet, a good antivirus software package will go so far as to prevent the hoax from making it to the screen or at least bailing you out of trouble if it does.
In the end, viruses are everywhere and the best way to make sure your system is safe is to apply a little human intelligence and think criticaly not emotionaly when security is in question.
In any event, using a few utilities I've had very good luck removing this virus and all the little bits and pieces it leaves behind without damaging the OS.
The Quick Fix:
For those of you are certain that the infection you are experiencing is "Antivirus 2009" my advice is quite simply to download Malwarebytes Anti-Malware, update, run the full scan and presto, your computer will be fixed. Malwarebytes is the essential one to run because it is of the software I tried, the only one that managed to kill all Antivirus 2009 background processes and get it to stop replicating.
After running Malwarebytes, I also reccomend using Spybot Search and Destroy to help remove any sypware, adware or other _____ware buddies 2009 might have invited to the party.
For those who would like more in-depth diagnosis and instruction please read on.
Diagnosis:
Antivirus 2009, is a fake Antivirus software that installs to your computer primarily by malicious websites tricking the user into thinking that a scan has been run and a virus was found on thier PC. The user then installs Antivirus 2009 (the real virus) thinking it will remove the nonexistant one.
I've also seen it piggyback along with P2P downloads, wares, and other less than reputable downloads.
Computers with Antivirus 2009 will often have a pop-up window or taskbar tray application that runs a "scan" of thier computer. This program can have other names, but the behavior and purpose is usually the same. For tips on how you can tell fake software from real software see this article.
Closing the application will close the window, but not stop the program. Using Ctrl-Alt-Del to bring up the task manager will allow you to see the "antivirus2009" process, but killing it will only temporarily disable it. Deleting the file that executed the process will also only slow it down as it is replicating.
The Fix:
The first order of business is to stop it from replicating and remove the offending files. The best software for this is Malwarebytes Anti-Malware. Once you have downloaded the installer, it's as simple as clicking next until it completes.
Upon loading the program click the update tab and run an update.
After that run a full scan. Once the scan is complete, click the show results button in the lower right hand potion of the window.
Remove all the bad files found by Malwarebytes. The system may ask to reboot. Do so if prompted. Upon restarting, your system should be free of the Antivirus 2009 Virus. You may want to run additional scans (Such as Spybot Search and Destroy, AVG Antivirus, or Avast!) to check for other malicious programs
How to Keep Yourself Protected in the Future.
A little education goes a long way when it comes to preventing virus attacks on your computers. In the case of Antivirus 2009, most people could prevent the installation or escalation of this infection by knowing how to identify spoofed virus warnings.
The trick isn't so much knowing what to look for in a fake warning but knowing what a real warning looks like, and only react to those.
Step one: download and use a reputable Antivirus program. This way if you do recieve a message saying that "your computer is unprotected" or some other alarmist statement the virus writers use to get your fear going, you'll know this isn;t the case.
Among my favorites are AVG Antivirus and Avast Antivirus. Why? Well, that might be a topic better suited for a separate post... something I'll get to eventually no doubt.
The next thing to do once you have installed your choice antivirus application, is to actually use it. Run a scan, run an update, take it for a walk in the park. Get to know your software a bit. So that when the time comes you'll be able to better guage if the information you are getting seems to be from the application you are using.
If the look of the warning, the name of the software, or other clues don't seem to match up. You are likely looking at a hoax. Better yet, a good antivirus software package will go so far as to prevent the hoax from making it to the screen or at least bailing you out of trouble if it does.
In the end, viruses are everywhere and the best way to make sure your system is safe is to apply a little human intelligence and think criticaly not emotionaly when security is in question.
Labels: antivirus 2009, virus removal
posted by Rob Lynch | 2:00 PM
0 Comments:
Post a Comment
<< Home