Antivirus PC 2009

31 December 2009 Rogue 0 Comment

Antivirus PC 2009 virus may be installed on computers without users consent by means of a Trojan and fake security web sites. These web sites employ malicious script that will drop and install Antivirus PC 2009 on visitor’s computer unconsciously. The same Trojan that spreads this fake program may also pretend as a necessary codec (movie player) from swindle multimedia web sites. It will prompt visitors to download and install the Trojan-infected viewer that it claims essential in viewing the requested movie. Unknown to user, the Trojan will silently install the rogue antivirus programs on computer and starts to modify system file and registry entries.

After full installation of Antivirus PC 2009, it will exhibit symptoms including excessive pop-up alerts and warnings. It is also noticeable that installed legitimate antivirus program will stop working and their particular web sites are blocked. The malware intends to avoid user from downloading updates or additional tools that may be useful to end its existence.

Screen Shot Image:

Antivirus PC 2009 Image

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Show More Details

Characteristics (Analysis)
Antivirus PC 2009 is a rogue security application that will be drop onto computer by a Trojan infection. However, acquiring this rogue application manually is feasible by deceptive means. It will reinvent itself and masquerade as useful or beneficial program to encourage target user to execute its EXE file.

Unlike Trojans and viruses, this potentially unwanted program does not reproduce once executed on the system. It has no propagation effect and neighboring computers are safe from being contaminated with the same threat. However, a Trojan connected to Antivirus PC 2009 may infect executable files locally that cause additional irregularities on general performance of the computer.

Added Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus PC 2009"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Antivirus PC 2009" 
HKEY_LOCAL_MACHINE\SOFTWARE\AVPC2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus PC 2009
Associated Files and Folders:
%UserProfile%\dgtyy.exe
%UserProfile%\Desktop\Antivirus PC 2009.lnk
%UserProfile%\My Documents\tyhhf.exe
%UserProfile%\Start Menu\Programs\Antivirus PC 2009.lnk
c:\Program Files\Antivirus PC 2009
c:\Program Files\Antivirus PC 2009\2.vbs
c:\Program Files\Antivirus PC 2009\avpc2009.exe
c:\Program Files\Antivirus PC 2009\avpc2009s.exe
c:\Program Files\Antivirus PC 2009\bzip2.dll
c:\Program Files\Antivirus PC 2009\libltdl3.dll
c:\Program Files\Antivirus PC 2009\pthreadVC2.dll
c:\Program Files\Antivirus PC 2009\Uninstaller.exe
c:\Program Files\Antivirus PC 2009\data
c:\Program Files\Antivirus PC 2009\data\daily.cvd
c:\Program Files\Antivirus PC 2009\data\self.hdb
c:\Program Files\Antivirus PC 2009\quarantine
c:\WINDOWS\dgtyyuj.exe
c:\WINDOWS\system32\hjmnvpc.exe
c:\WINDOWS\system32\kmiut.exe

How to Remove Antivirus PC 2009

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of Antivirus PC 2009

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Online Virus Scanner:

Another way to remove Antivirus PC 2009 without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.

5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.

Automatic Removal of Antivirus PC 2009

In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.