Cary Senior Computer Club

Search this site

Cary Senior Center Computer Club
Home Page‎ > ‎

Evil malware 'Antivirus 2009'

In December I received this description of the horrible experience our club member Winston Hooker had with 'Antivirus 2009' on his two Windows machines.  BE WARNED!

Jim,
I know we discussed this briefly yesterday at the monthly meeting of CSCC, but I would like to elaborate and recommend two additional free programs to eliminate malware.
About months ago, my custom PC was infected by a piece of malware called "Antivirus 2009".  It is a new version of a previous malware Named "Antivirus 2008".  It is a really bad piece of crap and takes over your PC.  You can get it the way that I did buy just opening a webpage during a search on Google.  I know we are all advised not to open attachments from unknown sources, but which of us wants to stop doing internet searches on Google?

Here are the symptoms of what happens when it infects:  a popup window shows up on top of your screen saying that your PC may be infected with a virus.  The window has an authenic looking logo identifying it as some kind of Microsoft virus protection.  It asked if you want to conduct a free scan of your computer to see if any viruses can be found.  If you click the OKAY button at the bottom, it will run a scan and then tell you that you do have a virus which can be removed for a fee of just $29.95.  If you agree to pay, I suspect you will be asked for your credit card info.  I did not go there.
If you just try to exit the pop-up by clicking on the little "X" in the upper right corner, it goes into a loop and repeats the procedure and will not let you out.  I did not know what to do, but I knew I had been had. 

I took my PC to TigerDirect retail store in Durham and they said they could remove it for $50.  I left it and shopped in the store for awhile and came back to tech support desk.  I was then told they needed to reformat my HD to get it off.  I had everything backed up on a external HD which I had with me so I told them to proceed.  They reformatted my hard drive but said I needed to bring in my disk for Windows XP Pro if I wanted them to re-install it.  I told them I had it but it was at home.  They kept my PC and I returned home (8 miles) to get my OS.  I searched everywhere but could not find it so I returned to the store.  They had already installed the OS using their own disk, but told me that I would need to activate the OS withing 30 days or it would become inoperable.  I took the PC home.  The OS worked but all my other data and files on Drive "C" was gone. 

I called Bob S., a friend in Chapel Hill who is a professional computer consultant, but he only works on commercial accounts.  I asked him if there was any way I could activate my OS and he could not help me.  The 30 days passed and my OS would no longer work.  During this time, I needed a pc to I bought a new HP from Office Depot with 500 GB HD and 3 GB ram with dual core CPU for $299.  It came with Vista.  I found that I hated Vista but decided to use it anyway.  I considered adding XP Pro or XP Home and setting up my new PC for dual OS.  I priced XP Pro and XP Home on the internet.  I decided to buy XP Home which my wife also has on her laptop.  I ordered and received a new still in the wrapper copy of XP Home edition.  Then I fould my own copy of XP Pro. 

I called Bob S, my friend in Chapel Hill, and asked him how to re-install my OS.  His answer was too complicated as he wanted me to remove the old copy of the TigerDirect installed XP Pro.  I took my PC back to TigerDirect and asked them to install my XP Pro.  The tech was a different from the one who installed XP Pro (their copy) and he told me he could activate the one they had installed earlier.  I waited at the counter and he inserted a flash drive into my PC and downloaded something and gave it back to me after turning on the computer and shutting it down three times in front of me to show me it was working.  I took my PC home and began to rebuild my files.

After about a week, I began getting a popup saying I needed to activate my Windows XP Pro which the tech had installed, but not activated.  I called Bob S., my friend in Chapel Hill and told him I had found my own OS, but he said that M$ made at least 5 versions of XP pro and that the one I had was different from the one TigerDirect installed so my key would not activate their version.  The second copy of XP Pro installed by TigerDirect has now expired.  I have my original XP Pro and a new XP home edition, neither of which is installed on my custom built PC.  I am now limited to using the new HP PC which is the machine I am using to send you this email message. 
 
Backing up a bit:  After I got my custom PC working again, I was doing another search and got that bastard "Antivirus 2009" AGAIN.  This time I emailed a friend, Bob A., in Stone Mountain, GA.  I met him online about 3 ears ago on the AARP computer forum.  He recently retired from as a civilian employee of the US ARMY where he was an internet security expert.  Before that he was a career US Army internet security expert, but retired from active duty in the army and was hired back as a civilian employee doing the same work.  I told him my story and asked if he could tell me how to get rid of this malware.  He told me that this piece of crap is really bad and cannot be blocked or removed by the free software anti-virus programs like AVG free or AVAST free which I had been using before I went over to AVG a year ago.  He told me this malware is not really a virus but a piece of spyware posing as an antivirus.  He recommended that I download "Anti-malware" from Malwarebytes and "Counterspy" from Sunbelt, then load one, scan and remove whatever it found.  (I did this and found and removed 32 pieces of spyware).  Then remove it, install the second, use it to scan and remove whatever it found.  ( I did this and removed 3 more pieces of spyware).  These two programs will not prevent spyware but will remove it if found on a scan.  Counterspy is supposed to protect your PC if you buy and install the paid version for $19.95 and it's good for one year. 

I later got this same malware a third time during a seach, but this time on my new machine.  I repeated the process described above and found and removed spyware.   Both my PC's are now free of this crap. 

I still need to install and activate one of the two OS's I have for my custom PC.

My point is: some of this spyware is very clever and looks like legitimate warnings from MS.  It can be removed, but it will not be caught or removed by antivirus software programs like AVG. 

Do with this information as you see fit.  I just hope that everyone can avoid the problems I had with this stuff.  Some of it contained some keyloggers and other such stuff that you definitely do not want on your machines.

Winston