What this programs does:

Antivirus Pro 2009 is a rogue anti-spyware program from the same family as AntiSpywareXP 2009 and XP Antispyware 2009. AntiSpyware Pro 2009 is advertised through the use of Trojans that display fake security alerts and messages stating that your computer is infected. These alerts will also automatically install Antivirus Pro 2009 on to your computer.

As part of its installation process, Antivirus Pro 2009 will configure itself to start automatically when you logon to your computer. It will also create a variety of fake malware files on your computer that are completely harmless, but are installed so they are detected by AntivirusPro 2009 when it scans your computer. When Antivirus Pro 2009 starts it will automatically scan your computer and list variety of infections that cannot be removed unless you first purchase the program. Many of these infections are the fake files that the program installed, as described above, as well as legitimate Windows files that are being called infections. It gives these false results in order to scare you into purchasing the software.

While running, you will also find that your Internet Explorer has become hijacked. When browsing the web, Antivirus Pro 2009 will randomly display a screen stating that there has been insecure internet activity and that there is a threat of a virus attack. It then prompts you to either get protection or continue to the site. Regardless of the option you select, you will instead be brought to a web page where it tries to sell you the program. This is just another scare tactic and should be ignored.

The following guide will walk you through removing Antivirus Pro 2009 and any associated malware that may have been installed with it.

Threat Classification:

• Information on Rogue Programs & Scareware

Advanced information:

View Antivirus Pro 2009 files.
View Antivirus Pro 2009 Registry Information.

Entries for this program found in the Add or Remove Programs control panel:

Antivirus Pro 2009

Tools Needed for this fix:

• Malwarebytes’ Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 – HKLM\..\Run: [Antivirus Pro 2009] “C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe” /hide

Guide Updates:

11/04/08 – Initial guide creation.

Automated Removal Instructions for Antivirus Pro 2009 using Malwarebytes’ Anti-Malware:

1. Print out these instructions as we will need to close every window that is open later in the fix.
2. Download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:Malwarebytes’ Anti-Malware Download Link
3. Once downloaded, close all programs and Windows on your computer, including this one.
4. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button.
6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

When the scan is finished a message box will appear as shown in the image below.

1. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
2. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
3. You can now exit the MBAM program.

Your computer should now be free of the AntivirusPro 2009 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log

Associated Antivirus Pro 2009 Files:

c:\Program Files\AntivirusPro2009
c:\Program Files\AntivirusPro2009\AntivirusPro2009.cfg
c:\Program Files\AntivirusPro2009\AntivirusPro2009.exe
c:\Program Files\AntivirusPro2009\AVEngn.dll
c:\Program Files\AntivirusPro2009\htmlayout.dll
c:\Program Files\AntivirusPro2009\pthreadVC2.dll
c:\Program Files\AntivirusPro2009\Uninstall.exe
c:\Program Files\AntivirusPro2009\wscui.cpl
c:\Program Files\AntivirusPro2009\data
c:\Program Files\AntivirusPro2009\data\daily.cvd
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll
c:\Documents and Settings\Bleeping\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk
c:\Documents and Settings\Bleeping\Desktop\AntivirusPro2009.lnk
c:\Documents and Settings\Bleeping\Start Menu\Programs\AntivirusPro2009
c:\Documents and Settings\Bleeping\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.lnk
c:\Documents and Settings\Bleeping\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk
c:\WINDOWS\dyxad.bat
c:\WINDOWS\gutysolyk.dll
c:\WINDOWS\oheva._dl
c:\WINDOWS\uhuleko.bat
c:\WINDOWS\ulysi.bin
c:\WINDOWS\votadiboz.sys
c:\WINDOWS\xocorepen.lib
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\mehydohahe.scr
c:\WINDOWS\system32\owah.bat
c:\WINDOWS\system32\uquhoti.reg
c:\WINDOWS\system32\zuxeme._dl
c:\Program Files\Common Files\buryleto.dll
c:\Documents and Settings\All Users\Application Data\cyqi.sys
c:\Documents and Settings\All Users\Application Data\gemegiqyno.ban
c:\Documents and Settings\All Users\Application Data\pisijupag.dll
c:\Documents and Settings\All Users\Application Data\pymom.lib
c:\Documents and Settings\All Users\Application Data\wivodexy.reg
c:\Documents and Settings\All Users\Application Data\yzotuxeka.vbs
c:\Documents and Settings\Bleeping\Application Data\ydutufuj.inf
c:\Documents and Settings\Bleeping\Local Settings\Application Data\coziguduca._sy
c:\Documents and Settings\Bleeping\Local Settings\Application Data\fapeka._dl
c:\Documents and Settings\Bleeping\Local Settings\Application Data\gukusozy.sys
c:\Documents and Settings\Bleeping\Local Settings\Application Data\iluqopohaz.ban

Associated Antivirus Pro 2009 Windows Registry Information:

HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009
HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”
HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus Pro 2009″

Source: bleepingcomputer.com

Antivirus-Best.com is home to Antivirus 2009, another fake antivirus app.

If you’re infected with Antivirus-Best.com, your browser might always redirect to Antivirus-Best.com. To top it off, Antivirus-Best.com offers a fake system scan and a “free” download of Antivirus 2009. And by “free,” I mean the Antivirus-Best.com download will only cost you your sanity, as Antivirus 2009 launches fake system alerts to try to trick you into buying Antivirus 2009. Some of these Antivirus-Best.com popups read:

The page at http://antivirus-best.com says:
“ATTENTION! If your computer is struck by the virus, you could suffer data loss, erratic PC behaviour, PC freezes and creahes. Detect and remove viruses before they damage your computer!
Antivirus 2009 will perform a 100% FREE and quick scan of your computer for Viruses, Spyware and Adware. Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)”

Despite whatever Antivirus-Best.com says, if you don’t remember how you got to Antivirus-Best.com, the only spyware you’re infected with is Antivirus 2009.

I’ll show you how to block Antivirus-Best.com, and get rid of Antivirus 2009 for free.

Do You Have Antivirus-Best.com?

When you’re infected with badware — whether it’s Antivirus-Best.com, spyware, adware, a Trojan, or a virus — there are a few key symptoms. Have you noticed…

• Slow computer performance: It just takes one parasite like Antivirus-Best.com to slow your computer dramatically. If your PC takes longer than usual to reboot, or if your Internet connection is unusually slow, you may be infected with Antivirus-Best.com.
• New desktop shortcuts or switched homepage: Badware like Antivirus-Best.com may change your Internet settings to redirect your homepage to another site. Badware can even add desktop shortcuts to your PC.
• Annoying popups: Badware can bombard your computer with popup ads, even when you’re not online. Through these popups, you may be tricked into downloading more spyware.

How to Remove Antivirus-Best.com Manually

Before we get started, you should backup your system and your registry, so it’ll be easy to restore your computer if anything goes wrong.

To remove Antivirus-Best.com manually, you need to delete Antivirus-Best.com files. Not sure how to delete Antivirus-Best.com files? Click here, and I’ll show you. Otherwise, go ahead and…

Block Antivirus-Best.com sites:

Stop Antivirus-Best.com processes:

Remove Antivirus-Best.com files:

Unregister Antivirus-Best.com registry keys:

Get rid of Antivirus-Best.com folders:

Note: In any Antivirus-Best.com files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Antivirus-Best.com removal, go ahead and leave a comment.

How Do You Remove Antivirus-Best.com Files?

Need help figuring out how to delete Antivirus-Best.com files? While there’s some risk involved, and you should only manually remove Antivirus-Best.com files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete Antivirus-Best.com files in Windows.

How to delete Antivirus-Best.com files in Windows XP and Vista:

1. Click your Windows Start menu, and then click “Search.”
2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
3. Type a Antivirus-Best.com file in the search box, and select “Local Hard Drives.”
4. Click “Search.” Once the file is found, delete it.

How to stop Antivirus-Best.com processes:

1. Click the Start menu, select Run.
2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
3. Click Processes tab, and find Antivirus-Best.com processes.
4. Once you’ve found the Antivirus-Best.com processes, right-click them and select “End Process” to kill Antivirus-Best.com.

How to remove Antivirus-Best.com registry keys:

(WARNING) Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.

1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
3. To find a registry key, such as any Antivirus-Best.com registry keys, select “Edit,” then select “Find,” and in the search bar type any of Antivirus-Best.com’s registry keys.
4. As soon as Antivirus-Best.com registry key appears, you can delete the Antivirus-Best.com registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”

How to delete Antivirus-Best.com DLL files:

1. First locate Antivirus-Best.com DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Antivirus-Best.com DLL file is located. If you’re not sure if the Antivirus-Best.com DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
3. When you’ve located the Antivirus-Best.com DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.

That’s it. If you want to restore any Antivirus-Best.com DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

Did Antivirus-Best.com change your homepage?

1. Click Windows Start menu > Control Panel > Internet Options.
2. Under Home Page, select the General > Use Default.
3. Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
4. Select Apply > OK.
5. You’ll want to open a fresh web page and make sure that your new default home page pops up.

Antivirus-Best.com Removal Tip

Is your computer acting funny after deleting any Antivirus-Best.com files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.

Want to save time finding Antivirus-Best.com files? Download Spyware Doctor, let it find the Antivirus-Best.com files for you, and then manually delete Antivirus-Best.com files.

How Did You Get Antivirus-Best.com?

Wondering how Antivirus-Best.com ended up on your PC? If you’re infected with Antivirus-Best.com or other badware, perhaps you were using…

• Freeware or shareware: Did you download and install shareware or freeware? These low-cost or free software applications may come bundled with spyware, adware, or programs like Antivirus-Best.com. Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly attached to free software to harm your computer and steal your personal and financial information.
• Peer-to-peer software: Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like Antivirus-Best.com.
• Questionable websites: Did you visit a website that’s of questionable nature? When you visit malicious sites that are fishy and phishy, badware may be automatically downloaded and installed onto your computer, sometimes including applications like Antivirus-Best.com. I recommend you use Firefox web browser, if you don’t already.

Understanding Antivirus-Best.com

If you’re infected with Antivirus-Best.com, you should know what you’re fighting. I’ll explain some definitions related to Antivirus-Best.com.

Antivirus-Best.com May Be Rogue Anti-Spyware

Rogue anti-spyware refers to anti-spyware/antivirus software of questionable value. Rogue anti-spyware may not be proven to protect your computer from spyware, may popup fake alerts or create many false positives about your PC being infected, or may use scare tactics to try to get you to purchase the application. Rogue anti-spyware software may be installed by a Trojan, come bundled with other software, or install itself through web browser security holes. While it is fairly rare, some rogue anti-spyware is created and distributed by known spyware or adware companies, and the rogue anti-spyware may install spyware or adware itself.

Often when you’re infected with rogue anti-spyware like Antivirus-Best.com, you’ll see a false popup security alert like this:

Rogue Anti-Spyware Tactics

Typically, rogue anti-spyware such as Antivirus-Best.com has one or more of the qualities listed below, which is why rogue anti-spyware is considered anti-spyware software of questionable value.

• False positives/fake alerts: Rogue anti-spyware may produce a large number of false positives or use fake alerts, noting that your computer is infected with spyware parasites or other threats that do not really exist.
• Copycat looks: Rogue anti-spyware may copy the look and feel of other legitimate or rogue anti-spyware applications. Often, rogue anti-spyware applications may appear as close clones of other rogue anti-spyware software.
• High pressure marketing: Rogue anti-spyware may use scare tactics or other aggressive advertising and marketing tactics to try to trick you into buying the rogue anti-spyware application. Often, rogue anti-spyware may produce false positives and fake alerts about your computer being infected.
• Poor detection/scan reporting: Rogue anti-spyware may produce poor reports when it scans your PC. For example, rogue anti-spyware may say your computer is infected 11 parasites, but not specify which spyware parasites or what type of parasites. Rogue anti-spyware may also report that your PC is infected with SafeAndClean, but not tell you which related files, DLLS, etc. were found on your computer.
• Weak scanning/detection: Rogue anti-spyware may not only poorly report on computer infection, but rogue antispyware may also poorly scan your PC. Rogue anti-spyware may skip over important folders and files of your computer that should be scanned to detect spyware.

Did Antivirus-Best.com use these tactics to trick you into buying Antivirus-Best.com?

Source: 411-spyware.com