I am getting sporadic reports from friends of getting the uninvited rogue “Antivirus 2009” anti-spyware program on their computers. From what I can find, the “Antivirus 2009” is usually spread via a ZLOB/MediaAccess Codec installer usually found on adult sites, in shady torrent downloads, and from what I call the underbelly of the internet. If you are one to cruise the underbelly, you better be prepared for the consequences. It is not to say there is the possibility infection can occur from what appears to be legitimate means; but the underbelly of the internet is usually the carrier and promoter of these rogue packages. These forms of infection carry what is called a “Trojan” that is basically installed on your computer and disguised as system notifications that lead to websites with rogue anti-spyware and anti-virus programs. If you are seeing random pop-ups prompting you to do system scans and showing results that your system is infected with spyware, etc., then you’ve been had. Do not let desperation get the best of you where you end up using your credit card to purchase of the “rogue” software. Again, it goes back to the old premise, “believe nothing and verify everything”; including the removal sources for these type of malware applications. I strongly advise that if you get infected, do not make any online purchases where you are typing in personal information, such as credit card numbers, etc… The “Trojan”, as I mentioned earlier can or could contain a keylogger which could record and send out every keystroke you make. I do not put anything past these rogue packages. If you do get infected, research the problem, preferably on a clean machine AND, if possible, get someone to help you… These infections are difficult to remove and are usually bundled with so much other malware, that traditional antispyware or antivirus programs have difficulty with completely cleaning these infections. Even a seasoned tech person will tell you these packages are a nightmare and it is not uncommon to do a complete rebuild on the computer.
Research information and Removal Assistance (click on links below):
SmitFraudFix – A tool created to remove rogue anti-spyware applications that utilize Trojans to issue fake taskbar security alerts or that change your background in order to scare you into purchasing the full commercial version of their software.. This is a specialized tool was created in order to help a user clean their system of these infections.
Bill Mullin’s Weblog – Tech Thoughts – Bill, a seasoned blogger and information technology expert, recently posted an article on (VirusResponse Lab 2009) – Removal Solutions which describes a similar circumstance as the Antivirus 2009. Further down in Bill’s blog post you will find additional removal sources.
Tech – for Everyone – Another blogging site that is an excellent resource, with numerous posts, which describes and teaches you what to expect from the underbelly of the internet.
Spyware Techie – A techie’s take on spyware. The site specializes in identifying and providing removal solutions for numerous of these rogue carriers.