The Antivirus 2009 trojan is one of the most annoying pieces of virus/malware out there. It comes in a variety of flavors including Antivirus 2008, AntiMalware 2009 and Doctor Antivirus. It creates a fake Windows Security Center and tells you that you are not protected by an antivirus even though you may have one installed.

It also creates a browser hijack object that uses Internet Explorer to display popups saying that you are infected and need to download the full version of Antivirus 2009 or similar product. In addition, it will also place notifications in your system tray that will display popup notifiers about internet attacks and infections.

Removal of this trojan is fairly easy. You will need access to the internet to download a program called 'MalwareBytes Anti Malware'. If your infected machine is unable to access the internet, goto a machine that can and download the program from: http://www.malwarebytes.org

When installing the program on the infected machine, make sure to check for updates before running a scan. This will ensure that you have the latest definitions to remove this and other infections.

Run a 'Full System Scan'. This takes considerably longer than a 'Quick Scan' but scans the whole hard disk, which I recommend since the trojan can burrow it's way down pretty deep.

After the scan is complete, make sure that all of the items in the window are selected and click 'Remove Selected'. You may need to restart your computer for all of the items to be removed. I would also recommend running a second scan after the system has been restarted.

At this point, Antivirus 2009 has been removed from your system. There still may be traces of it left however. Check for traces of the following and delete and/or rescan as necessary.

Here are a list of files associated with Antivirus 2009:

Note: Some of these entries are random named.

%UserProfile%\Desktop\Antivirus 2009.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
%UserProfile%\Start Menu\Antivirus 2009
%UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
%UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
c:\Program Files\Antivirus 2009
c:\Program Files\Antivirus 2009\av2009.exe
c:\WINDOWS\system32\ieupdates.exe
c:\WINDOWS\system32\scui.cpl
c:\WINDOWS\system32\winsrc.dll

These registry entries are also associated with Antivirus 2009:

Note: Some of these entries are random named.

HKEY_CURRENT_USER\Software\75319611769193918898704537500611
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"

I hope that you found these instructions to be useful. If you have any input, suggestions or comments, please post a comment. The more information people have to get rid of these infections the better.

Knowledge is Power.....

Thanks for reading!!!