Antivirus 2009 Hijacks The Google Web Site

I only joined this forum to thank you for your help.
I have sucessfully deleted the antivirus2009 , thanks to you.

Gur a maith agat Grinler.

Edited by taytomyname, 19 November 2008 - 11:00 AM.

umm.. Of Course! i'm going to say! THankkks! it's works 1000%.

hey, i just want to poin out..that i just get this windows:


check! it out!

then i get cuz it was't in the INSTRUCTIONS!


anyway,

I just got this rogue. trojan yesterday. I tried to come here but it blocked my access to this site. I was however able to get to download.com and get Stopzilla and malwarebytes.

It wouldnt let me run malwarebytes, so I ran stopzilla and it seemed to work right away. After running stopzilla I was able to run malwarebytes.

This is a tough one, because it blocks most sites with any information on how to get rid of the virus. I got lucky by reading enough in an off topic forum to get rid of it.

I contacted trendmicro and the engineer told me this week there has been a huge number of these types of infections. May be a good idea to print out fix instructions and stick it in a drawer somewhere just to have. I have only one computer so it was pretty frustrating hunting down links while being redirected from every "proven" forum.


Just thought I would share with you all. Good luck!

edited to say: I was on a site about movie clips, something about the hbo series true blood as I remember it. The box came up saying i had a virus, and I have seen plenty of these things and have always hit X and they go away. I hit X and it launched. The Trend Micro guy told me clicking any part of the box will launch it. So for now I would just close my browser if I see anything similar to this.

Edited by JCtitan, 01 December 2008 - 01:46 PM.

hi

here is a different take on it

if you google search "pg equine rescue" and click on the link you get the antivirus 2009 site.
i have tried it on a few different computers and same thing but i can go there direct from through other sites.

i ran malware programs and it was not the computers infected it is google it's self that seems to be infected.

i only figured it out when the owners of the computers told me they just used googles auto complete searches to get to the site.

i tried a google search on a clean computer and bingo.

i suppose they are using googles spiders to clone sites

great site keep up the great work

hi

here is a different take on it

if you google search "pg equine rescue" and click on the link you get the antivirus 2009 site.
i have tried it on a few different computers and same thing but i can go there direct from through other sites.

i ran malware programs and it was not the computers infected it is google it's self that seems to be infected.

i only figured it out when the owners of the computers told me they just used googles auto complete searches to get to the site.

i tried a google search on a clean computer and bingo.

i suppose they are using googles spiders to clone sites

great site keep up the great work

Thanks to this forum, on Christmas Eve my brother helped me vanquish the trojans from that rogue antivirus 2009/2008/360 et al. I think Goggle has a problem, or it seems to have a problem. So Malware Bytes has been installed on my PC. It took care of the problem completely. I agree, Goggle is the problem. Every other site with Goggle ads seem to have problems of some kind.

Great article Grinler! One question, how is this contracted and how can I educate an end user on how to avoid contracting this?

Many thanks,
CMS

This infection has so many attack vectors that there is no one way they may have gotten it.

Here are some of the attack vectors:

• Braviax Trojan had, or is, installing it.
• Fake online video codecs
• Hacked web servers displaying pop-ups
• Spam advertising it
• Major sites advertising it via rogue advertisers.

Well, thats something you need to keep a clsoe eye on. I've never checked (For obvious reasons) but I hear goggle is a huge infecting site. Thats something you have to keep an eye on.

you have to be careful getting music off limewire alot of the songs are infected with this virus.

Thank you for your help.

I have run the malware program and removed the rouge file. I do not beleive Antivirus was installed but the google page still displays the Antivirus 2009 link. What is the best way to remove this?

Thank you again,

Hi jdamit As this is not the malware removal section you need to open a Topic in the Am I Infected forum in the Security section. You will get help there.

Edited by boopme, 18 January 2009 - 10:51 PM.

This solution did not work for me. Scans, removes, restarts, and everything is the same. Also "install this program and then use it" seems like an odd guide to removing a specific malware.

Hi there,

I am a little confused. I appear to - about every other search on google - get shown websites that clearly do not match the search results, often with supposed antivirus websites instead of news.bbc.co.uk which it should say, for example. This seems to be my only symptom and when I go to the google homepage there is no big 'google tips' notification and I have not noticed any other things different with my pc apart from this occasional google search issue. Reading a few reports about this antivirus thing, including your own which most others seem to reference, I'm not entirely sure whether the problem must be with my computer or with google itself.

I have the latest mcaffee software. Should I be concerned?

Thanks for any help you could offer.

Hello wanny,please refer to post #26

EDIT: roaky you should also post there.

Edited by boopme, 22 January 2009 - 10:16 AM.

This solution did not work for me. Scans, removes, restarts, and everything is the same. Also "install this program and then use it" seems like an odd guide to removing a specific malware.

I followed the instruction 2 days ago, and did not work. Did the virus change ?