[NT50]

AV 2009 Removal Procedure
I am posting this due to the complex removal of this Spyware/Virus.
You can not install antivirus program nor anti-spyware programs. It also disables Windows Updates and more.
Lately the new installation procedure of the AV 2009 has had me backed up in a corner and could not figure out how to rid of this pest.

Here is the procedure.

Goto another computer and download MalwareBytes. Also download the the definition updates here
Disable System restore also. Now rename the installer and the definition updater to something like killerapp and killerupate. (If you do not it will not install). When you are installing it will freeze at the end. Just reboot the computer to safe mode. Run the definition update program. Goto the directory that Malwarebytes is install and rename the mbam.exe to imgoinggetya.exe (or some different name) Now run the newly rename program and run a quick scan. Reboot when asked and boot back to safe mode. Run a FULL scan now and reboot back to safe mode if asked. Run another full scan again.
There will be programs automatically run that you can get rid of using HiJackThis Get the zip version due to you can not install HiJackThis.

Once you have run scans in safe mode to nothing is found then you can boot to full mode. You will then need to run a full scan with MalwareBytes again and also run a virus scan. (I used NOD32)

It will take a while and be patient but this procedure works.

Hope this helps

[augie]

Thanks for the Malwarebytes program suggestion NT50. My gf got infected with the Pro Antispyware 2009 yesterday, and I've seen other similar names. Luckily, as it turned out, only one part of it installed due to my other protection, not sure what it was that stopped the rest from loading.

All I had to do was kill the process prospy.exe or similar, I didn't write it down, in task manager and I then was able to download and install malwarebytes according to your instructions. There was only one key that was detected so that was real good. I will still run other scans to make sure there are no remnants, oh her updates were not done for 6 months but she doesn't want me to touch her laptop, thinks I'll blow up the install like I do with my rig! Go figure eh?

Anyways I added Comodo's BOClean along with what she already had, Spybot, Avast and PCtools. Hehehe, she owes me now. Thanks again Jeff.

[NT50]

I have seen variations of this program also. There are three incidents that it got fully installed and I never could get rid of it. I guess I needed to be put in my place. I did not think there was a virus/spyware that I could not get rid of. One variation of this program installed itself in about 10 different locations/variations. I got rid of about 8 and could not find the other. I had system restore turn off and it would still recreate itself after every reboot. I would have the system running smooth and then all of a sudden, bam it would all show back up again.
This program is mainly associated with porn but you can also get it by download some "video codes". I am not sure why so many people fall for this but they do.

"Click here to watch this funny video", but first you have to download our codec.

[kd1966]

Social Engineering........... at it's best/worst

[augie]

Well Jeff, I know for sure that she doesn't do porn. She clicked on a picture she found somewhere and that's what happened, she knows not to accept any unrequested offers to download something. I'm just thankful to not have had to deal with what you got.