Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Antivirus PC 2009 Analysis and Removal

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

Antivirus PC 2009 is a fraudulent security software program that is designed to scare the victims with multiple system alerts about non-existent malware infections in order to scam them into paying for its purchase.

In addition to creating folder and files in the Program Files folder, this fake antivirus software creates random named files in the Windows folder, System32 folder, Temp folder and My Documents folder presumably to avoid detection.

antivirus pc 2009 01 590x418 Antivirus PC 2009 Analysis and Removal

Antivirus PC 2009 Scare Messages.

A rogue security software such as Antivirus PC 2009 belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

Antivirus PC 2009 Aliases

The fake security software setup file is about 1985386 bytes and it is detected by 33/42 (78.58%) of the antivirus engines available at VirusTotal.

This scareware is known by the following aliases:

  • Adware.AntivirusPC2009
  • Trojan.Win32.FraudPack
  • Trojan-Clicker/W32.Fakealert
  • W32/Renos.BPRC
  • Trojan.Win32.Zapchast

Typical Antivirus PC 2009 Scare Messages

Antivirus PC 2009 Warning: Antivirus PC 2009 has detected harmful software in your system. It is strongly recommended to register Antivirus PC 2009 to remove these threats immediately. Click IE to fix these errors.

Your system is infected! Antivrus PC 2009 detected system security threats on your PC. Detected malicious programs can damage your PC and compromise your privacy. It is strongly recommended to remove these threats immediately.

Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropped or similar. Do you want Antivirus PC 2009 to block this attack?

Warning! Running trial version! The security of your computer has been compromised! click here to purchase the full version of the Antivirus PC 2009 and get full protection for your PC!

Antivirus PC 2009 Associated Files and Folders

  • C:\Program Files\Antivirus PC 2009\avpc2009.exe
  • C:\Program Files\Antivirus PC 2009\2.vbs
  • C:\Program Files\Antivirus PC 2009\avpc2009s.exe
  • C:\Program Files\Antivirus PC 2009\bzip2.dll
  • C:\Program Files\Antivirus PC 2009\libltdl3.dll
  • C:\Program Files\Antivirus PC 2009\pthreadVC2.dll
  • C:\Program Files\Antivirus PC 2009\Uninstaller.exe
  • C:\Program Files\Antivirus PC 2009\data\daily.cvd
  • C:\Program Files\Antivirus PC 2009\data\self.hdb
  • C:\Documents and Settings\malwarehelp.org\Desktop\Antivirus PC 2009.lnk
  • C:\Documents and Settings\malwarehelp.org\Start Menu\Programs\Antivirus PC 2009.lnk
  • C:\Documents and Settings\malwarehelp.org\lvtxrug.exe
  • C:\Documents and Settings\malwarehelp.org\My Documents\lwrmo.exe
  • C:\Windows\dvhelp.exe
  • C:\Windows\System32\lifabcc.exe
  • C:\Windows\System32\vdoepj.exe
  • C:\Program Files\Antivirus PC 2009
  • C:\Program Files\Antivirus PC 2009\data
  • C:\Program Files\Antivirus PC 2009\quarantine

Some of the file names may be randomly generated.

Antivirus PC 2009 Associated Registry Values and Keys

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antivirus pc 2009
  • HKEY_LOCAL_MACHINE\SOFTWARE\AVPC2009
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pc 2009
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pc 2009

Antivirus PC 2009 Associated Domains

This scareware was observed accessing the following domains during installation and operation:

  • antiviruspc2009 .com
  • antiviruspc-stat .com
  • secure.websoftwarebuy .com

Note: Visiting the domains mentioned above may harm your computer system.

Antivirus PC 2009 Removal (How to remove Antivirus PC 2009)

The free version of MalwareBytes’s Anti-Malware appears to remove Advanced Defender Scareware.

  1. Use an alternate browser like Firefox or Chrome to download MalwareBytes’s Anti-Malware and CCleaner Slim version or use a removable drive to transfer them to the affected computer.
  2. Install and run MalwareBytes’s Anti-Malware. Go to the Update tab and check for updates. Once the update is completed, open the Scanner tab and choose a full-scan. Once the scan is completed, click “Show results“, confirm that all instances of the rogue security software are check-marked and then click “Remove Selected” to delete them. If prompted restart immediately to complete the removal process.
  3. Turn System Restore off and on
  4. Install, scan and clean the temporary files with CCleaner Slim version.

If you cannot run the above procedure in normal mode, try it in Windows Safe Mode. Just make sure that you run the routine again in normal mode.

You should now be clean of this rogue.

If you are still unable to get rid of this malware, please visit one of the recommended forums for malware help and post about your problem.

Antivirus PC 2009 Scareware — Screenshots

Antivirus PC 2009 Scareware — Video

Note: The Antivirus PC 2009 installation and removal was tested on a default installation of Windows XP SP3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

You may also like to read



{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: