AV2009 infection

By JoanEB
Jan 14, 2009
  1. My computer is infected with AV2009
    I am running Win XP Pro SP3 on a Dell Dimension 8200
    After reading around on the tech support forums for a bit of info, I did your 8 step beginning process and am attaching the 3 requested logs to this plea for help.
    You've got a great site going on here - even the questions people ask give information that helps to clear up the muddle in my head - am looking forward to learning a great deal by the time I finish cleaning up this computer.
    As I worked thru the 8 steps, I noticed on re-boots that I was having less and less pop-up problems, so I know you got me on the right road to recovery for sure.
    BTW, my laptop also has the same virus - both computers lived on the same in-home wireless network. Can I use your instructions on both computers, or would the logs be correct for only one of the computers?

    Thanks very much in advance for any help you can give.
    You guys are great and I know this is all pretty much volunteering your time and knowledge.
    Kudos to you all
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Uninstall McAfee (it's certainly not protecting you)

    Then run the McAfee Removal Tool

    Run Startup Control Panel and remove any not required startups: (should be most!)

    Install Avira free AntiVirus

    Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed
  3. JoanEB

    JoanEB TS Rookie Topic Starter

    Is there another way without uninstalling McAffee? I really don't want to do that for another antivirus package.
    Thank you for the Startup Control Panel link - I have wished for such a thing over and over and never knew there was one out there. I absolutely hate it when I install a package and they write themselves into my startup configuration. Is there a utility that I can use to clean out all the unchecked start up programs that are in my msconfig./start list? That would also make me very happy.
    Should I run malwarebytes in Safe Mode?
    Thanks for your time and expertise - I know I am being skittish about the McAffee, but I hope we can get around that and still clean this machine.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Best to uninstall the useless McAfee; the free Avira is about 10X better ;)

    The Startup Control Panel is better than MSConfig program, as it does not put your computer in diagnostic mode
    Note: if you have previously deselected any entries in MSConfig, you can use the MSConfig Cleanup Utility (which is free also :) )

    Malwarebytes should be first updated fully in Normal mode. Though you can then run it in Safe Mode, there is no need to.

    If you decide on keeping McAfee, then you will also need to do an online scan with Kaspersky (I'll instruct later if required)
    Please note: of the many Windows startups and system slowdowns, McAfee is one of the worst (only next to Norton, ie McAfee is in 2nd place, of worst Antiviruses)
    I will re-stress to you, that free Avira is so much better, that even I use it ;)
  5. JoanEB

    JoanEB TS Rookie Topic Starter

    You're winning me over on the Avira - does it have auto updating and real time scanning of files and emails?

    I am hesitant about replacing McAffee because this is a friends' computer, and he knows nothing at all - if I changed him to Avira I would need to be able to have it run as auto as Comcast's Mcaffee.
    As for my machines, as soon as i get his cleaned up, I am going to make these changes on my machines, run all of these programs and utilities, defrag etc and get clean as a whistle and running fast
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Small list of Antiviruses:

    Actually email protection is the draw back on Avira (ie none) But all files, including files accessed through email will be scanned anyway. Email protction is good, but most Antiviruses with this, are usually also the slow ones too. Please refer to the above list for more help

    Yes, that's what they all have
    But Norton and McAfee have difficulty in:
    1. Actually detecting the virus in the first place - how bad is that !
    2. Removing Viruses in use - All others don't have this issue
    3. Massively slowing down your system
    4. Many many many startups
  7. JoanEB

    JoanEB TS Rookie Topic Starter

    I have noticed all the McAffee startups when I am in msconfig/start
    I am convinced of Avira's excellence, but

    I think on my friend's computer I would like to go ahead and clean it without changing the antivirus -
    then when I am done with his, I also run McAffee thru Comcast on mine - and here is where I am going to make the change to Avira, get familiar to it's install and use, then I will take on making the change on someone else's computer. Afterall, I am the one who gets called everytime he gets hijacked so I will be very happy to learn the new avira software and then install it on his computer

    So could we please proceed with this process of cleaning his computer using Kaspersky et al.

    And thanks a million for the link to the msconfig Cleanup utility. I am learning and collecting so many new maintenance utilities that I can hardly wait to start on my own computer. My laptop runs so dang slow that PC Pitstop rates it in the lower 10%, It is a dell 8200 inspiron with win xp and 512 mb memory and I really expect much better than 10% from it - so the chase is on (as soon as I get his computer out of the way)

    Thanks a bunch for your support and help
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    [​IMG] Run Kaspersky Online AV Scanner

    In order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Kaspersky online scanner box button.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
  9. JoanEB

    JoanEB TS Rookie Topic Starter

    I tried to do the Kaspersky thingy but I keep getting an 'update failed, program failed to start' and 'you must be online to use the scanner' error. Checked and I was definitely on line, could go anywhere I wanted.
    Also, I was in internet explorer
    Tried it 2 or 3 times, went off line, back on, tried it again and still nothing but errors from Kapersky, but AV2009 did rear it's ugly head.
    Now what do I do? I'm concerned about getting you all the info you need to help me with this.
    I have run ccleaner, malwarebytes and superspyware over and over until I finally got 0 hits from all 3, in case this helps any. I don't understand then why I still have the av2009 present. Lots and lots to learn here.

    btw, I did also have McAffee disabled
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I haven't even gone through your HJT log in full yet

    Please do the above, and provide another Malwarebytes log
    Then restart (this part has to be done at the end of found and removed Malwares from using Malwarebytes program)
    Then provide a new HJT log
  11. JoanEB

    JoanEB TS Rookie Topic Starter

    av2009 new log files

    Okay, I have re-run Malwarebytes, re-booted the computer, and re-ran HiJack
    The files are attached as requested
    Thanks for all you patience in helping me with this - can't tell you how much it is appreciated
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hey you posted that here too
    Wait a minute...
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    kimsland, it sounds like McAfee may be a free service on the system through Comcast. That should be considered. Even if Avira or Avast seem better, this system belongs to someone else and their ISP is Comcast.

    What do you think?

    ignys, you show only 2 posts and you're banned. Both time you have given another program for malware removal. I addressed that on the other of your 2 posts.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...