Chevrolet Corvette Stingray C7 Forum - View Single Post - Any Computer Experts? 2009 Antivirus virus

Ject · 03-15-2009, 12:19 AM

If Antivirus 2009 has been installed on your system some how without your permission or you are seeing a popup advertising on your desktop (taskbar?) or recommending that you use Antivirus 2009 to clean your system..... then you have the zlob trojan.

Follow the instructions below for FREE removal.

Please update this program before scanning.
http://www.malwarebytes.org/forums/i...showtopic=5178

Edit...Any problem removing in normal mode ....try scanning again in safe mode (without networking)
how to enter safe mode (for sh!ts and giggles): http://www.pchell.com/support/safemode.shtml

If the above doesn't work try Removing Antivirus 2009 (Manually): ONLY attempt this if you are familiar with Regedit. Pleas.. please.. please.. create a backup of your regedit before ever changing anything in it.

1. Press Ctrl + Alt + Del then find and End the following processes:
* av2009.exe
* AV2009Install.exe
* Antivirus2009.exe

2. Delete the following files from your PC:
* %UserProfile%\Desktop\Antivirus 2009.lnk
* %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
* %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
* %UserProfile%\Start Menu\Antivirus 2009
* %UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
* %UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
* c:\Program Files\Antivirus 2009
* c:\Program Files\Antivirus 2009\av2009.exe
* c:\WINDOWS\system32\ieupdates.exe
* c:\WINDOWS\system32\scui.cpl
* c:\WINDOWS\system32\winsrc.dll

3. Click Start > Run, type regedit, Find and delete the following registry entries:
* HKEY_CURRENT_USER\Software\
75319611769193918898704537500611
* HKEY_CLASSES_ROOT\CLSID\
{037C7B8A-151A-49E6-BAED-CC05FCB50328}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\
{037C7B8A-151A-49E6-BAED-CC05FCB50328}
* HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run "75319611769193918898704537500611"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run "ieupdate"

If all goes well, this fake Antivirus 2009 software should now be removed from your computer.
Both Methods have effectively worked for me on customer PC's
Enjoy!

03-15-2009, 12:19 AM	#2
Ject aka Patrick Drives: '10 Camaro 2SS '04 Silverado Join Date: Jan 2009 Location: Derby Kansas Posts: 3,072	If Antivirus 2009 has been installed on your system some how without your permission or you are seeing a popup advertising on your desktop (taskbar?) or recommending that you use Antivirus 2009 to clean your system..... then you have the zlob trojan. Follow the instructions below for FREE removal. Please update this program before scanning. http://www.malwarebytes.org/forums/i...showtopic=5178 Edit...Any problem removing in normal mode ....try scanning again in safe mode (without networking) how to enter safe mode (for sh!ts and giggles): http://www.pchell.com/support/safemode.shtml If the above doesn't work try Removing Antivirus 2009 (Manually): ONLY attempt this if you are familiar with Regedit. Pleas.. please.. please.. create a backup of your regedit before ever changing anything in it. 1. Press Ctrl + Alt + Del then find and End the following processes: * av2009.exe * AV2009Install.exe * Antivirus2009.exe 2. Delete the following files from your PC: * %UserProfile%\Desktop\Antivirus 2009.lnk * %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk * %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll * %UserProfile%\Start Menu\Antivirus 2009 * %UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk * %UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk * c:\Program Files\Antivirus 2009 * c:\Program Files\Antivirus 2009\av2009.exe * c:\WINDOWS\system32\ieupdates.exe * c:\WINDOWS\system32\scui.cpl * c:\WINDOWS\system32\winsrc.dll 3. Click Start > Run, type regedit, Find and delete the following registry entries: * HKEY_CURRENT_USER\Software\ 75319611769193918898704537500611 * HKEY_CLASSES_ROOT\CLSID\ {037C7B8A-151A-49E6-BAED-CC05FCB50328} * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Browser Helper Objects\ {037C7B8A-151A-49E6-BAED-CC05FCB50328} * HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run "75319611769193918898704537500611" * HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run "ieupdate" If all goes well, this fake Antivirus 2009 software should now be removed from your computer. Both Methods have effectively worked for me on customer PC's Enjoy! __________________ Current Modifications: Your average Bolt-ons & Suspension Upgrades GForce Engineering: 9" Rear End, Strange Pro Iron Case w/Moser Nodular 3.70:1 Detroit locker, 3.5" Solid Drive Shaft Last edited by Ject; 03-15-2009 at 12:34 AM.