"Antivirus 2009" Spyware Removal Instructions

Techspotters,

I have encountered a sticky piece of spyware that I want to pass on the removal instructions for so that no one else wastes hours on it. Two weeks ago I had a customer who had a very sticky piece of spyware (SpywareGuard 2008) that after 8 hours of effort I couldn't remove. It was blocking all the known anti-spyware utilities from being installed, running or downloading new updates. Finally, I found a post from someone at another site who said you needed to rename the program to fool the spyware. I did that and it worked. Today, another customer complained of a spyware infection (Antivirus 2009) and although it's a different name, the symptoms are the same (cannot install or run or update anti-spyware utils) I used the same technique of renaming the anti-spyware program and it worked.

Here are the removal instructions:

1. Download Malwarebytes' Anti-malware (if the spyware blocks access to download, then use another computer and copy the installation program to the infected computer)
2. Rename the installation program (mbam_setup.exe to setup.exe)
3. Launch installation program (setup.exe, be patient, it may sit for a long time at "finished" before it actually does finish!)
4. Go to the program directory (c:\program files\Malwarebyes' Anti-Malware) and rename the executable (mbam.exe to mbam2.exe)
5. Launch the executable and perform a quick scan
6. Remove all detected objects and restart the computer
7. Launch the executable again and check for updates
8. Perform a full scan
9. Remove all detected objects and restart the computer

For more detailed instructions (with screenshots) see http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

-- Andy