[Warning] Antivirus 2009

[JamesHetfield]

WARNING!

The last days there have been sent out a update from Microsoft, that normally get's downloaded on your computer.
Update: It have spread over LimeWire too, Be aware!
Also be known that your Modem/Wireless can be affected, and websites too if they had it, It's also a Trojan.

DON'T DOWNLOAD IT!

This Microsoft update have been infected by a Malware Virus, called Antivirus 2009.

Malware Virus
Malware Virus are a virus that infects your whole computer, but shows that is it Searching for Viras.
It is fake!

It will infect your computer and blocks any chance to get it moved, if its too late!

But! If you just got it, then I can help you!

Guide:

-- Download Avenger here:
http://swandog46.geekstogo.com/avenger.zip

-- Unpack Avenger and dobbelclick on Avenger.exe

-- A window will appear, where you need to copy this:

Files to delete:
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\ieupdates.exe

Folders to delete:
C:\Programs\Antivirus 2009\


-- Click on EXECUTE - and let the PC reboot.

-- After reboot, a Notepad will show up. With a log for Avenger's Act.

-- Download Link: MajorGeeks.Com - Contacting Download Site

-- Run Hijakthis, pick "Do a system scan only", Fill up the boxes at these names on this list, Close all windows except from Hijakthis, click on Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Live Search
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programs\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programs\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [85075765492458809151971745728395] C:\Programs\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programs\Windows Media Player\WMPNSCFG.exe

Reboot the Computer again, and a Hijackthis Log should appear.

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\winsrc.dll" deleted successfully.
File "C:\WINDOWS\system32\ieupdates.exe" deleted successfully.

Error: folder "C:\Programmer\Antivirus 2009" not found!
Deletion of folder "C:\Programmer\Antivirus 2009" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[Thrillseeker]

Do you habe a source for this microsoft-virusinfected-download? Quite hard to believe...

[JamesHetfield]

Do you habe a source for this microsoft-virusinfected-download? Quite hard to believe...

Source yes, i got it on my computer yesterday. I clicked the Microsoft update and suddenly my webpages was blocked and it lead me to pay 50$ to get the Antivirus 2009, but there didnt come any Program, but viras.

I did what I wrote in the guide I've wroten. Else my bank account would have been cleared.

And it is coming from Microsoft update, but i've heard it have spread out in LimeWire too.

[stoneharry]

I download all microsoft updates automatically and have several anti-virus and spyware. I havn't had any problems and cpu ussage etc is normal?

[sOuLii]

dude i got that one a few month ago... think it was from a german movie streaming site wich got infected. thats like the worst virus you could get ... it keeps shuting down your explorer.exe and blocks ALL your antivirus. keeps downloading more and more viruses on your comp so you should close your connection or better turn your router/modem whatever off. little ****ed even blocked malware bytes and it took me like 5hours when i was trying to remove it...

[JamesHetfield]

dude i got that one a few month ago... think it was from a german movie streaming site wich got infected. thats like the worst virus you could get ... it keeps shuting down your explorer.exe and blocks ALL your antivirus. keeps downloading more and more viruses on your comp so you should close your connection or better turn your router/modem whatever off. little ****ed even blocked malware bytes and it took me like 5hours when i was trying to remove it...

Have you removed it yet?