Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Complete fake! The program even displays fake “Windows Security Center”. I will try to clean my computer now and tell you what to do.
Yes, it is a fake; yes, you have been Infected.
Norton must have Blocked at least one Attack which shows that Norton is working; however, the Program must have used another way or style to get in to your computer.
Make sure, if you use a Norton 2008 Program, that you Update your Virus Definitions apon Release and that you do Full System Scan when they are released. You can keep posted with any Virus Definitions' Release or Intrusion Prevention Signatures (Security Updates) by visiting the Security Response Web Page in the Business Section.
Check the Intrusion Prevention Signatures on the symantec Web Site (there should be a Web Link in your Norton Program when it Blocked this) to search for this AntiVirus2009 Signature(s); tried a Search via the Search Box at the top-right of this Web Page but no Results were found for this.
It seems that there is new variant of this malware, as Norton didn't detect it today. To remove manually:
1. Disable av2009.exe process from Windows Task Manager
2. Delete Desktop shorcut and start menu entries
3. Delete "antivirus2009" folder from Program Files (C:\Program Files\)
4. Open Windows Registry Editor, expand: HKEY_CURRENT_USER and delete this key: 65950937568319803479327590579962 from left pane. (key names may differ)
5. Navigate to: HKEY_CURRENT_USER\Sofware\Microsoft\Widows\CurrentVersion\Run and delete value 65950937568319803479327590579962 and ieupdate. Delete file ieupdates.exe from Windows\System32 folder.
6. Remove tempory files: start menu - run: type %temp% and press enter. Delete all files.
7. I've noticed that 2 new files were created at the same time when I installed antivirus2009: winsrc.dll and scui.cpl. I've deleted those files for security reasons.
At least this is what I did, and it seems that antivirus2009 is gone.
I have just scoured my computer for the files and registry entries pertaining to the malware, Vejdin, but I could not find a single trace of any of the files at all.
1. There is no av2009.exe active under Task Manager.
2. There are no desktop shortcut and start menu entries made.
3. There is not a "antivirus2009" folder under C:\Program Files.
4. I could not find either registry keys in RegEdit.
5. I could not find ieupdates.exe in C:\Windows\System32.
5. The files winsrc.dll and scui.cpl could not be found anywhere on my hard drive.
After my full scan with NIS 2008 (with up-to-date definitions), I also scanned my computer using Kaspersky Online Scanner (also with up-to-date definitions) for a secound opinion. Kaspersky also failed to find anything malicious on my computer. I have also scanned my computer using Ad-Aware 2007, Spybot S&S, SUPERAntiMalware, AVG Anti-Spyware 7.5, and Windows Defender, and none of them utilitier could find any malicious files on my computer.
Therefore, I am inclined to think that I have dodged the bullet here. Is there any more checks I can perform on my computer??
Thank you for the helpful information, Vejdin. I greatly appreciate it.
[EDIT: Grammar]
[EDIT2: I should have clarified a bit more in regards to the popups I received. The popups I received, I believe, originated from Firefox, not from Windows itself. The popups were not of the Systems Notification Balloons type. I am not sure if this bit if information would aid my situation.]
HamsterJam wrote:I have just scoured my computer for the files and registry entries pertaining to the malware, Vejdin, but I could not find a single trace of any of the files at all.
1. There is no av2009.exe active under Task Manager.
2. There are no desktop shortcut and start menu entries made.
3. There is not a "antivirus2009" folder under C:\Program Files.
4. I could not find either registry keys in RegEdit.
5. I could not find ieupdates.exe in C:\Windows\System32.
5. The files winsrc.dll and scui.cpl could not be found anywhere on my hard drive.
After my full scan with NIS 2008 (with up-to-date definitions), I also scanned my computer using Kaspersky Online Scanner (also with up-to-date definitions) for a secound opinion. Kaspersky also failed to find anything malicious on my computer. I have also scanned my computer using Ad-Aware 2007, Spybot S&S, SUPERAntiMalware, AVG Anti-Spyware 7.5, and Windows Defender, and none of them utilitier could find any malicious files on my computer.
That's good! It looks like you are not infected, and antivirus2009 is not installed on your computer.