AV2009 virus - causes fake security popups

[happyappygirl]

AV2009 the fake anti-virus

My PC became infected this week, I'm assuming from the kidlet visiting MySpace (a favorite infection site)...it whacked my AVG antivirus and firewall, AND the downloaded new version of AVG. It bogged the pc down, and eventually froze it. I often had to reboot twice to be able to even use it. It was a real pain.

According to my research, it primarily gains access through acceptance of 3rd party cookies and 'Active 'X' which in this case displays some type of security icon, or pop-up warning, which in reality is a 'Click-jacking' whereby the real action you perform is hidden behind the visible display; so when you tick anything, the malware installs itself.

Unlike typical pop-up advertising (stopped with available blockers) 3rd party cookies are entirely different critters. The recommendation is to turn off "3rd Party Cookies", and always leave them off.

INTERNET EXPLORER: Tools> Internet Options> Privacy> Advanced: here check 'Override automatic....'; 'Allow session cookies'; 'Allow 1st party cookies'; & 'Block 3rd Party Cookies'.

FIREFOX: Tools> Options> Privacy: here UN-CHECK 'Accept 3rd Party cookies'
Because architecture of the Internet (notably 'Flash' scripting), vulnerabilities are readily exploited in Internet Explorer, & it is now urgent that you use
Firefox with current 'NoScript' add-on, which will prevent "Click-jacking'.
NoScript: https://addons.mozilla.org/en-US/firefox...

I had to download and install a Malware program Malwarebytes.org to wipe it off my pc. The malware program found over 100 infected files, including ROOT files. I then had to download AVG again, and rescanned the pc. The rescan with AVG 8.0 found an additional 80 or so temp files to delete!

[warneckutz]

I've removed this virus from about 5 different computers. I found a program by Malwarebytes - "Anti-Malware". Seemed to solve the AV2009 problem on all of the systems.

[happyappygirl]

Quote:

Originally Posted by warneckutz

I've removed this virus from about 5 different computers. I found a program by Malwarebytes - "Anti-Malware". Seemed to solve the AV2009 problem on all of the systems.

did u read my post?
I used the same software.

[rwethereyet]

Quote:

Originally Posted by happyappygirl

AV2009 the fake anti-virus

My PC became infected this week, I'm assuming from the kidlet visiting MySpace (a favorite infection site)...it whacked my AVG antivirus and firewall, AND the downloaded new version of AVG. It bogged the pc down, and eventually froze it. I often had to reboot twice to be able to even use it. It was a real pain.

According to my research, it primarily gains access through acceptance of 3rd party cookies and 'Active 'X' which in this case displays some type of security icon, or pop-up warning, which in reality is a 'Click-jacking' whereby the real action you perform is hidden behind the visible display; so when you tick anything, the malware installs itself.

Unlike typical pop-up advertising (stopped with available blockers) 3rd party cookies are entirely different critters. The recommendation is to turn off "3rd Party Cookies", and always leave them off.

INTERNET EXPLORER: Tools> Internet Options> Privacy> Advanced: here check 'Override automatic....'; 'Allow session cookies'; 'Allow 1st party cookies'; & 'Block 3rd Party Cookies'.

FIREFOX: Tools> Options> Privacy: here UN-CHECK 'Accept 3rd Party cookies'
Because architecture of the Internet (notably 'Flash' scripting), vulnerabilities are readily exploited in Internet Explorer, & it is now urgent that you use
Firefox with current 'NoScript' add-on, which will prevent "Click-jacking'.
NoScript: https://addons.mozilla.org/en-US/firefox...

I had to download and install a Malware program Malwarebytes.org to wipe it off my pc. The malware program found over 100 infected files, including ROOT files. I then had to download AVG again, and rescanned the pc. The rescan with AVG 8.0 found an additional 80 or so temp files to delete!

I wonder if this is my problem? I had AVG on my computer, and I got a message that it was outdated. I had AVG 8.0 installed on there. I uninstalled the AVG 8.0 and when I tried to reinstall it, it wouldn't let me. I'll try to download the above Malware program and then try to reinstall AVG.

[warneckutz]

Quote:

Originally Posted by happyappygirl

did u read my post?
I used the same software.

Oh crap, sorry! Short attention span mixed with some side reading and iTunes shuffling... sorry!

[happyappygirl]

Quote:

Originally Posted by rwethereyet

I wonder if this is my problem? I had AVG on my computer, and I got a message that it was outdated. I had AVG 8.0 installed on there. I uninstalled the AVG 8.0 and when I tried to reinstall it, it wouldn't let me. I'll try to download the above Malware program and then try to reinstall AVG.

That's exactly what happened to mine. The popup window was IE, and the antivirus outdated msg was from Norton Antivirus, and i use AVG and Mozilla, so i knew i had something going on.
you'll prolly have to uninstall and download AVG again. The virus corrupts install files even on the zipped version. I downloaded it again after i wiped the virus out.
Make sure you run a full AVG scan again after you run the malware. You'll be surprised at how many files were left.

[Dan_Daly]

SpyBot Search and destroy does a good job as well. http://www.safer-networking.org/en/home/index.html It has saved me in the past.

[TotalEclipse31]

AV2009 is a nasty little bugger. I've removed it from so many peoples pc's. I've had people come to my bank closing their accounts because they actually paid for the program since it says you have to download it to fix the problem. I use SmitFraudFix. Works Great. Easy to use. And a tiny program.

[latiger12]

Quote:

Originally Posted by happyappygirl

AV2009 the fake anti-virus

My PC became infected this week, I'm assuming from the kidlet visiting MySpace (a favorite infection site)...it whacked my AVG antivirus and firewall, AND the downloaded new version of AVG. It bogged the pc down, and eventually froze it. I often had to reboot twice to be able to even use it. It was a real pain.

According to my research, it primarily gains access through acceptance of 3rd party cookies and 'Active 'X' which in this case displays some type of security icon, or pop-up warning, which in reality is a 'Click-jacking' whereby the real action you perform is hidden behind the visible display; so when you tick anything, the malware installs itself.

Unlike typical pop-up advertising (stopped with available blockers) 3rd party cookies are entirely different critters. The recommendation is to turn off "3rd Party Cookies", and always leave them off.

INTERNET EXPLORER: Tools> Internet Options> Privacy> Advanced: here check 'Override automatic....'; 'Allow session cookies'; 'Allow 1st party cookies'; & 'Block 3rd Party Cookies'.

FIREFOX: Tools> Options> Privacy: here UN-CHECK 'Accept 3rd Party cookies'
Because architecture of the Internet (notably 'Flash' scripting), vulnerabilities are readily exploited in Internet Explorer, & it is now urgent that you use
Firefox with current 'NoScript' add-on, which will prevent "Click-jacking'.
NoScript: https://addons.mozilla.org/en-US/firefox...

I had to download and install a Malware program Malwarebytes.org to wipe it off my pc. The malware program found over 100 infected files, including ROOT files. I then had to download AVG again, and rescanned the pc. The rescan with AVG 8.0 found an additional 80 or so temp files to delete!

I think I have this :(

[TotalEclipse31]

LATIGER, Use any of the programs mentioned above and it should fix it for you. Just let us know if you have any questions.