[PCWorld]

Post your comments for Antivirus 2009: How to Remove Fake AV Software here

[LightningLockey]

This is a horrible suggestion to give readers. Messing with the registry like this will cause them only more problems. Best to google anti-malware sites or look up places like castle cops forum and major geeks. Get professional help.

[ImaPhake]

I agree with LightningLockey.

While editing the registry is a good way to remove malware it should only be performed by people who know what they're doing in the first place.

Anyone stupid enough to have installed fake AV software on their computer are not likely to have the knowledge needed for editing the registry safely.

[Flashorn]

Hey Jason!!



Nice article. Here is a link on how to remove 2009 manually if your

AntiMalware doesn't do the trick:



Remove AntiVirus 2009 .



FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[Adama]

Hello Jason,

I can tell you from personal experience, what you list as #3 JUST WON'T WORK!

The XP Antivirus is actually a phishin scam and if it gets installed in your computer, it's very hard to get rid of.

We (me helping my daughter) tried doing that, and the fake AV would not allow itself to be removed. You can check my detailed answer to a person with the same problem on this thread.

I don't know about the link suggested in the article, but if anyone posting here has the same problem, please check out this article Then click on the Visit their website link to be taken to the download page. There are very clear instructions there as to what to do to get rid of this rogue program.

[D1ss1dent]

I've encountered and COMPLETELY removed at least four instances of this thing myself - if you just want to see how I did it, skip the following paragraph.
First off, I don't think it's quite fair to call the victim of a rouge anti-malware installation "dumb"; the fact is that this type of social-engineering based attack has become one of the most popular (and, unfortunately, successful) exploit genres currently slinking around on the Internet. I do agree that this fact is a testament to the deplorably low technical literacy of our society at large - but calling people stupid really isn't going to do much to fix that problem.
As for the article: a good start, but it won't take care of everything. To really kill this thing, you do unfortunately need to go in manually. The process is somewhat involved, but I've detailed the process on my blog (and YES, oh skeptics, I tell people to be EXTREMELY CAREFUL when mucking around with system files):
http://technosopher....ivirus-2008-xp/
Hope this helps!

[danger]

This is really a poorly investigated story with terrible information on how to get rid of this crapware. For one thing, this has been around for years, I have removing it from computers for a log time under a lot of different names, the first one being Winantivirus. Most of the people commenting here are right on, go to Bleepingcomputer, Major Geeks or another forum where there are people who know exactly how to get rid of this. I learned a lot of things from these sites, and unless instructed, your average user should stay far away from the registry.

What has worked for me, is to use combofix and malwarebytes in safe mode, but then there are sometimes some leftover executables that need to be removed and you really need to be experienced to know what to look for and where.

[tonymotion]

I just took AntiVirus 2009 off of my dad's computer using "Malwarebytes' Anti-Malware". I installed it, ran it, did a "Quick Scan", and it found stuff, removed stuff, did a restart and the nasty AV2009 was all gone. No work, no fuss.
The program is available for FREE on download.com (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol).
It has a pay version that offers some more stuff, but the free version did the trick for us.
-Tony

[denvermom]

Thank you tonymotion:

I used the Malwarebytes' Anti-Malware free download and it worked for me, too. It took about 15 minutes to do the Quick Scan, then another 5 to remove the bad stuff. Yours was the simplest and most straight-forward solution and I'm so glad it worked!

[coastie65]

I agree in that those not familiar with the registry, shouldn't be poking around in there. I have only had one case where there was any residual leftovers in the Registry and that was one file. There were two in the processes folder as well. Another popular rogue these days, seems to be Spyware Guard 2008, this thing is pretty nasty in itself. This is not to be confused with the legitimate SpywareGuard 2.2. Anyone giving instructions on removal should be very careful and take in consideration who might be reading the instructions. coastie65

[coastie65]

Hey, Yeah that's some real nasty stuff alright. Spyware Guard 2008 is as well and we've had a number of incidents of that as well. On the later, there is a legitmate one SpywareGuard 2.2 , but people mistake it with Spyware Guard 2008 which is a rogue. Anyway, both are real nasty. coastie65

[Pr0fR0s3]

I find it rather disconcerting that while you publish an article like this, you are advertising the very same antivirus program that your article warns about. (Antivirus 2009!)

[mswensn]

I came across a tough fake Anti Virus front called PC Center. Very hard to remove but possible. This fake program downloads itself onto the harddisk and startsup with Windows. During bootup you get a German womens voice in the German language stating your system has been attacked. Your keyboard locks up and the only two things you can do is click on to a hyperlink link they provide on the screen to buy there program, or bring up the task manager. If you try stopping the AV program by using the task manager,you'll end up with a black screen and nowhere to go. What worked for me is clinking on the hyperlink that the Fake AV program provided. This opened my internet browser. From there I typed in a C: prompt and got to the harddisk where I drilled down till I got to the control panel. From there I was able to get into "add/remove programs" and delete the PC Center fake program.

[nffs3]

This procedure worked for me:
When the window comes up saying "your computer is infected," do not click on any part of the window!!!! Instead just go to the start menu and click on logoff. Sign back in when the login window appears. After signing in, you can do a System Restore or Go-Back just to be sure. If you had clicked on the Virus message the Restore options would have been disabled.

Bob