Question

Locked

Attention! If your computer is infected...

By rbardy ·
Please read all of this before replying.

I've had several users receive the following pop-up message over the past few months while using Windows XP and IE...

ATTENTION! If your computer is infected,you could suffer data loss, erratic PC behaviour, PC freezes and creahes.
Detect and remove viruses before they damage your computer!
Antivirus 2009 will perform a quick and 100% FREE scan of your computer for VIruses, Spyware and Adware.
Do you want to install Antivirus 2009 to scan your computer for malware now? (Recomended)

It's an annoying pop-up that cannot be removed no matter what I try it seems.

Before you start recommending ad-aware, spybot, hijackthis, symantec, macfee, etc. etc. etc. I'VE TRIED THEM ALL. They didn't work. Please don't recommend another spyware removal tool. This is obviously something more malicious.

Has anyone else encountered this annoying pop-up and how did you remove it for good? It seems to have a nasty habit of replicating.

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

I encountered same problem

by geraray In reply to Attention! If your comput ...

Hello rbardy, I had same promblem. what I did to solve this problem is that I downloaded for free Malwarebytes Antimalware, and it worked out fine for me.
You should give it a try mate.

Collapse -

Try this out.....

Start > run, and type in "regedit".
When in got to "edit > find" and in the box type in "Antivirus 2009 ", and then click on "find next". This will make the registry search for this item, once found just delete it. Once you have done this then (with both keys)"CTRL +F", and this will get the registry to search again for any more items belonging to this bit annoyware, keep on doing this with the keys until all is removed.

Please post back if you have any more problems or questions.

Collapse -

Try geraray's suggestion

by Jacky Howe In reply to Attention! If your comput ...

it claims to be able to remove it.

http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

How to remove Antivirus 2009 (Uninstall Instructions)

Malwarebytes' Anti-Malware http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

Collapse -

If at first you don't succeed try this

by Jacky Howe In reply to Try geraray's suggestion

From another PC download and install these two programs and copy the the installed folders to a USB Stick.
<br><br>
Restart the PC in Safe Mode and turn off System Restore, then run Sophos and then run Spybot.
<br><br>
Download Spybot - Search & Destroy 1.5.2 and install it. Update it. http://www.safer-networking.org/en/download/index.html
<br><br>

Download Sophos and the latest IDE Files. Install it and extract the IDE files to the C:\SAV32CLI folder.
<br><br>
http://www.sophos.com/support/knowledgebase/article/13251.html
<br><br>
Copy and paste the below two lines into Notepad and save the file to the USB Stick as sophos.bat, it will scan and remove. When the Scan has finished check the log file to see what it hasn't removed.
<br><br>
===============================
<br><br>
CD SAV32CLI
<br><br>
SAV32CLI -REMOVE -P=C:\REMOVLOG.TXT
<br><br>
===============================
<br><br>
The Sophos SAV32CLI folder can be safely deleted after it is copied to USB.
<br><br>
When you have finished running the above download and install Malwarebytes and update it. Reboot your PC in Safe Mode and run it.
<br><br>
http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe
<br><br>
Download RootkitRevealer v1.71 and run it
<br><br>
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
<br><br>
Just to be on the safe side when you finish do an online scan with Bitdefender.
<br><br>
http://www.bitdefender.com/scan8/ie.html
<br><br>
Remember to turn on System Restore when you have finished cleaning.
<br><br>
Let us know how you get on.
<br><br>

Collapse -

Went through this twice this week

by jdclyde In reply to If at first you don't suc ...

had two laptops that had the same thing.

I also ran AdAware by lavasoft.

S&D took most of it, but had some it couldn't get, even in safe mode.

regedit was the bit that ripped it out.

I think this comes in the UPS email saying their package was undeliverable, and then has a zip file.

people are stupid enough to wonder what package, when they knew full well that they didn't send anything and the email doesn't have ANY personal information about the sender/recipient. Some people don't deserve to have a computer.

Collapse -

They don't stop to think :)

by Jacky Howe In reply to Went through this twice t ...

I recieved this the other day. It is obvious that you would have to open the executable but it would suck a lot of people in thinking that something had been charged to their credit card.
<br><br>

Dear Gentlemen,
<br><br>
Thank you for using our new service "Buy flight ticket Online" on our website.
<br><br>
Your account has been created:
<br><br>

Your login: my@emailaddress
<br><br>
Your password: passB3BF
<br><br>

Your credit card has been charged for $683.57.
<br><br>
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
<br><br>
Attached to this message is the purchase Invoice and the flight ticket.
<br><br>
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!


Kind regards,
<br><br>
AirTran Airways
<br><br>


It contained an Attachement Ticket_N141-SK.zip
<br><br>

When the zip was extracted it had an exe Ticket_N141-SK.exe and the exe had a Word Icon
<br><br>
Uploaded and tested as with http://virscan.org/
<br><br>
Trojan.Win32.Emold.A
<br><br>
Mal_Banker
<br><br>

Collapse -

The spelling and english is getting better in the scams, too

by jdclyde In reply to They don't stop to think ...

For a while, you could spot them because key words they would misspell or phrases didn't fit.

Got one the other day from paypal, and it DID look convincing. If I didn't already know better, I can see how it would fool people.

=== Here is what I got ==========

From: service@paypal.com <support@ctcu.com>
Date: Thu, Aug 28, 2008 at 9:41 AM
Subject: Notification of Limited Account Access
To: undisclosed-recipients

Due to security measures, we regulary screen our customers account activity. While your account has been reviewed, unusual activity has been detected that requires further verification. For this reason, limitations have been placed to your account, until you confirm your registered informations. In order to remove the account limitations, complete 2 easy steps by clicking on the following link:

Login to your PayPal Account

After all the necessary information will be gathered, the limitations on your account will be removed, and your session will be continued as normally.

Thank you for taking your time,
PayPal Account Review Dept.

Copyright 2008 PayPal Inc. All rights reserved

==================================


I reported it, and got this back from paypal


===================================

Dear jd,

Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team
is working to disable it.

Collapse -

On my third system needing cleaning.....

by jdclyde In reply to Went through this twice t ...

and it goes on....


At least it is easier each time. B-)

Collapse -

I have even had one

by Jacky Howe In reply to On my third system needin ...

from a Bank that I haven't an account with. That one was pretty obvious.

Collapse -

This is how i got rid of it on two of my machines

by XnavyDK In reply to Try geraray's suggestion

I use mbam religiously, I also use sem endpoint which does a good job of blocking it so far.

yet i still cant configure my firebox correctly.. cant win for loosing.. LOL

Back to Malware Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Security Forums