TechSpot

"Antivirus 2009" Spyware Removal Instructions

By almcneil
Jan 5, 2009
  1. Techspotters,

    I have encountered a sticky piece of spyware that I want to pass on the removal instructions for so that no one else wastes hours on it. Two weeks ago I had a customer who had a very sticky piece of spyware (SpywareGuard 2008) that after 8 hours of effort I couldn't remove. It was blocking all the known anti-spyware utilities from being installed, running or downloading new updates. Finally, I found a post from someone at another site who said you needed to rename the program to fool the spyware. I did that and it worked. Today, another customer complained of a spyware infection (Antivirus 2009) and although it's a different name, the symptoms are the same (cannot install or run or update anti-spyware utils) I used the same technique of renaming the anti-spyware program and it worked.

    Here are the removal instructions:
    1. Download Malwarebytes' Anti-malware (if the spyware blocks access to download, then use another computer and copy the installation program to the infected computer)
    2. Rename the installation program (mbam_setup.exe to setup.exe)
    3. Launch installation program (setup.exe, be patient, it may sit for a long time at "finished" before it actually does finish!)
    4. Go to the program directory (c:\program files\Malwarebyes' Anti-Malware) and rename the executable (mbam.exe to mbam2.exe)
    5. Launch the executable and perform a quick scan
    6. Remove all detected objects and restart the computer
    7. Launch the executable again and check for updates
    8. Perform a full scan
    9. Remove all detected objects and restart the computer

    For more detailed instructions (with screenshots) see http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

    -- Andy
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...