Antivirus 2009 RRS feed

  • Question

  • A message keeps popping up on my computer to install Antivirus 2009. How do I get rid of it

    Monday, November 3, 2008 9:32 PM


All replies

  • Hi, I don't know how to get rid of it but I really need to find out, as my husband   installed it on my laptop and I can't get rid i've tried add/remove and it just stays there so any help would be great


    Thank you anyone

    Monday, November 3, 2008 10:13 PM
  • Antivirus 2009 is a new rogue anti-spyware program


    Check out this Link for info

    Tuesday, November 4, 2008 2:14 AM
  • This is an indication of a malware infection.


    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2


    If  you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details. For international information, see your local subsidiary Support site.



    Tuesday, November 4, 2008 2:04 PM
  •  jnvette wrote:

    A message keeps popping up on my computer to install Antivirus 2009. How do I get rid of it

    Hello, I am a PC Tech. This is a real virus not a antivirus program. It has been being picked up when people search on google or aol. You actually need to contact your Real antivirus provider and they will send you directions on how to get rid of it. It is a very harmful virus and needs to be taken off immediately.

    MysticMist Magic
    Wednesday, November 12, 2008 4:54 PM
  • Apparantly it is now coming in through Yahoo!, too!  I don't use Google or AOL and it just showed up on my system.  So far it has only popped up when I tried to enter one specific website.  It showed as a pop-up window with the Microsoft Security icon telling me that I might be infected with a certain virus.  I didn't download anything because my security told me that it couldn't verify the license and it said it was for XP and I have Vista.  I verified this by going to a few other sites and it didn't show up.  Could it be that it's embeded into that specific URL? 

    I have some pretty good security on my system so how did it get in my system?

    I deleted the history and temporary files, but the pop-up keeps showing up.

    What do I have to do to get rid of the pop-up?




    Wednesday, November 19, 2008 12:30 AM
  • Okay guys.  I'll be the first to admit that when it comes to computers, I'm no rocket surgeon.  But I can't help the feeling that Mr. Boots and his MS buddies don't fully understand what happens with this program, so I'll walk you through my experience:


    1.  First, I ended up with exactly the same displays and dialogue boxes that you can see if you log into Windows Live and search for "antivirus 2009."


    2.  In the main Live OneCare dialogue box, I was suddenly confronted with red bars and boldface warnings telling me that my antivirus system was disabled; any attempts to turn it back on resulted in a new dialogue box telling me how OneCare failed, and referring me to the OneCare website for help.  I'd click on the links and arrived at webpages that looked like authentic Windows help pages.  However, I would also be sent to webpages that had a plain-looking warning message about unprotected surfing, with two hotlinks on it, giving the appearance of an option to either a) go to the Windows Antivirus 2009 website and purchase this malware program; or, b) proceed directly to my destination page - "(not recommended)" [sic].  Any attempt to choose the latter resulted in...nothing.  There was no way to get off the page except to go to the A2009 website or to hit the back button.


    3.  I went back.  After turning some command line prompt "on" and "off", downloading a OneCare "anti-malware" program to my desktop [more on this below], then downloading two more apparent repair programs (neither of which produced a typical MS-type icon on the desktop) - and all of which failed, I finally bit...and uninstalled OneCare, with the intent of reinstalling it, as per the instructions on these web pages that my original copy of OneCare had linked me to.


    4.  I reinstalled OneCare using the "90-day Free Trial" download per these instructions; but now, according to my new copy, I have only 15 days remaining in my subscription - despite the fact that my subscription wasn't due to expire until July 2009.


    5.  Here's where the fun starts:  After the reinstall, I signed into Windows Live, using "enhanced security," and saw the little padlock in the address bar.  I surfed around MS/Windows webpages, looking for help on recapturing my original subscription, to avoid having to pay 50 bucks for the program that didn't catch the malware that seems to have told me to uninstall it in the first place.  That's when I noticed it:  Despite being in the "enhanced security" mode, whenever I tried to link to a "contact support" webpage, I would end up on a page that had the same font and general layout of the previous page, but: a) would lose the banner, across the top of the page, where the "Windows Live" or MS logos usually appear; and, b) would take me out of enhanced security [the padlock would go away].  I discovered that for some of these links, I could get around this by right-clicking over the (seemingly) authentic MS link, copying the shortcut, then opening a new tab and pasting it in the address bar.  Eventually, however, I'd end up in the same place, with a webpage having no enhanced security and no MS or Windows logos, but telling me to do other things to my computer that I can only imagine will end up costing me more money.


    6.  This is why I clicked on the "not helpful" link for the response to this problem.  Nothing against Mr. Boots, but despite having a) downloaded and run another malware program [MBAM?], that managed to find and - so it said - remove A2009; b) uninstalled MBAM; c) reinstalled OneCare and run a complete tune up; and d) read about two thousand unhelpful FAQs and webpages, I still can't <<"contact support">> and find the answers to these questions:


    i)    How do I know if I've really removed all of this program?

    ii)    Why does my 50 dollar OneCare program need a separate malware program, anyway?

    iii)   And why was I told to download it only after my computer was so thoroughly infected with a virus that punished my 50 dollar program so badly that it now can't even get out of bed, much less make it to the toilet?

    iv)   If I download ANY MS/Windows applet/diagnostic/patch program/troubleshooter/whatever, and install it, only to find that its icon is not really an icon, but rather that icon-like thing that looks like a dry erase board, can I be assured that it's really an authentic piece of gear from the boys in Redmon?

    v)   Is there any reason why, while navigating around in the vaunted "enhanced security" presidential suite of the MS/Windows Virtual Hotel/Webspace, I should expect to be linked to a webpage without padlocks ("Our apologies, sir, but there are some rooms available at the local YMCA....")

    vi)    Are there any webpages in MS/Windows space that don't have the MS or Windows logos/links across the topmost banner?

    vii)    Are you really going to make me pay - again - for a new subscription to WindowsLive "CareOnce (Then Rollover and Die While Spyware/Malware/Anyware Has Its Way With My Computer)"?

    viii)   Is this a genuine MS/Windows forum, or are the losers who wrote this fluid-filled and still-sticky Trojan sitting at home, reading this rant, and laughing their stinkin' asses off at how clever they are?

    ix)  "And what kind of a name is 'Poon,' anyway?" ["Comanche Indian."] - from the movie Fletch


    Would really appreciate some varsity help with this.

    Wednesday, November 19, 2008 4:15 AM
  • ROFLMAO!!!!! (I'm not laughing at you, but at your colorful description! Thanks, I neede a chuckle!)

    Wow!  I'm really glad I didn't spend the money for Windows Live One Care, I'd really be upset!

    I've run my AVGFree8 twice and it has found and moved this FakeAlert thing to the virus vault.  (It gives me this really long file location (.......Temp.Int.Files\Low\Content.IE5......))  However, when I click on this one particular website that comes up in a search, I still get the popup!  I don't get it, though, if I manually type the address in!?!?!?!

    I also downloaded and ran Malwarebytes Anti-Malware, which didn't find anything but I still get the popup!!!!

    Does anyone know how this got on my computer, where it's hiding and more importantly.....how the **** do I remove it?


    A very frustrated Cruzgal!

    Wednesday, November 19, 2008 5:12 AM
  • Helidoctor, I fully understand that this is a nasty infection and it is miserable when it is not caught by OneCare.

    I ran into the drive by attempt to install this and OneCare stopped the variation that I bumped into. However, these things constantly evolve. In my case, removal was fairly easy - I simply deleted the Temporary Internet Files and Cookies after closing the browser and it was confirmed gone by running the latest free scanner from Eset, makers of NOD32.



    Here is how to reach support - 

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     And, yes, that isn't very helpful, but it will get you there.

    Unofficial path - send me an email at sboots@mvps.org with a subject line including "OneCare" (to get past my spam filtering) and in the message body, tell me what country you are in, your forum nickname, and paste this link:


    I am not online 24x7, so you may be waiting for a reply, but I'll do my best to hook you up with support.



    Wednesday, November 19, 2008 6:41 PM
  • Try this solution I found at microsoft.com, it worked for me last night! 


    Click on the start button (lower left hand corner of your task bar).


    Click on "Programs"


    Go to the name of the software that you want to remove "AntiVirus 2009", you should see an "Uninstall" selection, directly under it.  Click on that and it will remove the software under a minute!


    Wednesday, December 3, 2008 4:06 PM
  • It doesn't actually remove it at all.

    Wednesday, December 10, 2008 4:02 PM
  • OneCare definitions (and Windows Defender and the MSRT) dated 12/09/2008 and later should detect Antivirus 2009 (as Win32/FakeXPA).  Please let us know if you have success in removing that using OneCare.



    Thursday, December 11, 2008 2:46 AM
  • I have found that if you download "windows defender" from the "downloads and trials" section of microsoft.com it will remove the "Antivirus 2009".

    Thursday, December 11, 2008 6:19 PM
  • You answered my questions.  Thank you very much for your reply, reb.  Since OneCare shares Windows Defender's  malware signature definitions, that should put a dent in Antivirus 2009, for now at least.


    • Edited by Dave__M Saturday, December 13, 2008 3:15 AM spelling/grammar
    Thursday, December 11, 2008 9:28 PM
  • Hi,

    I managed to get this virus on my computer (Dell Inspiron E1505) as a random pop-up and it didn't do too much damage..that is, I called dell within one day of the problem and a technician helped me to delete it using many programs, including CC Cleaner and SUPERAntispyware Free Edition.  The best idea, as he said, was to kill the virus but a technician was needed to obtain programs like these unless you knew what to do.  If you get this virus- CALL your computer provider ASAP and get it cleaned; it will stop and passby programs like McAfee and Ad-Aware. 


    I found a way around it..

    Once it was cleaned-- I discovered Microsoft System Restore.  On the control panel, in category view, click PERFORMANCE AND MAINTENANCE.  On the top left, on my computer- system restore is an option.  Once anything is downloaded on your computer- including this virus- a system restore point is automatically made BEFORE the download occurs.  If your computer managed to do this before you got the virus, you can return to the restore point and not lose and new files.  This managed to allow my computer to go back to normal and stay clean...at least as far as I can tell as of right now.

    Hope this helps.
    Wednesday, January 7, 2009 4:00 AM
  • I have this 2009 pop up online scanner problem too. Every 15 minutes the screen pops up and I disabled it today by turning off the "b.exe" in the start up tray. This is not a fix as I want this ____ out of my system! New computer and one unhappy customer!
    Monday, January 12, 2009 7:42 PM
  • This is about the only thing that I have found to remove Antivirus 2009
    http://www.malwarebytes.org/   but the virus is smart so save it to your
    desktop and then right click on it and rename it to something else like
    xxx.exe the start it.  When it installs do not install to the default folder
    the virus will detect it and stop it from launching  when you install take
    both options at the end to update and launch.... good luck  this is the
    absolute worst malware I have seen wish somebody would plant a
    small nuclear device at their location
    Thursday, January 15, 2009 1:44 PM
  • I was able to use task manager and shut down the antivirus 2009 in applications and prosesses, then did a file search for antivirus 2009, found it in progran files and in documents, then manually deleted them both. Ran Windows Defender and haven't been bothered with it since. 
    Friday, January 16, 2009 6:19 PM
  • Google ComboFix.exe and click on the link from Bleeping Computer.

    This is THE easiest program I have used to remove a number of infections from infected computers.
    • Proposed as answer by Illuminati017 Monday, January 19, 2009 10:26 PM
    Monday, January 19, 2009 10:26 PM
  • I went to install Defender but it asks me to uninstall OneCare first.  Not sure I want to do this since I am waiting on a answer from OneCare support.  Not only is my browser hijacked but if I try and go to a security related site like TrendMicro, I am prompted to login in locally with an id and password.  This thing is vicious.  Hopefully OneCare will be able to remove it and get my browser back working
    Friday, January 30, 2009 11:46 PM
  • Hello AllanA1, I wouldn't attempt to install Defender at this point but you could run the Malicious Software Removal Tool. To run the tool open the Start Menu>Run, and enter mrt.exe in the Run box.
    Saturday, January 31, 2009 3:52 PM
  • ... you have got scareware.... it is just a trick from hackers. it can however lead to trojan horses
    Friday, April 2, 2010 6:37 PM