Rogue antivirus 2009 removal problems

Posted on 2008-11-20
Medium Priority
Last Modified: 2013-11-22
I am attempting to remove antivirus 2009. This program prevents access to malware removal sites so I have downloaded the program malwarebytes onto an other pc and installed it in safe mode on the infected PC via a pendrive.
It would let me install it only after a changed the installers name to something else.
However, though the program installed it will not run.
Even in safe mode.
Has anyone encountered this problem when trying to remove antivirus 2009?  Is there a way around it?
Running windows xp.
Question by:peril
  • 2
  • 2

Accepted Solution

mrsteve-it earned 2000 total points
ID: 23003349
Perhaps try Spybot S&D? Download the main program & the includes, immunise and run a full scan in Safe mode.
LVL 47

Expert Comment

ID: 23003423
You can also try Smtfraudfix or SDFix, these tools also removes Antivirus 2009, rename them also.

Download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)

Or SDFix, (only works in Safe Mode, extract the file and doubleclick on "RunThisBat").

How to use SDFix.

Author Comment

ID: 23003456
Just as you spoke I am running Spybot but via a "ultimate boot for windows cd" (since the malware is not allowing any known antivirus/antispyware to run even in safe-mode.
I'll see what happens when it gets to the end of this scan then let you now.
LVL 47

Expert Comment

ID: 23003458
And if those also fail, then use combofix also need to be rename.

Please download ComboFix by sUBs:

You must download it to and run it from your Desktop. (If using another pc to download the file, rename it also.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Author Closing Comment

ID: 31518677
I couldn't download spybot to the infected machine nor would the malware program allow me to run or update any spyware or antivirus programs. But I had a copy of spybot on a "Ultimate Boot Disk for Windows" CD and ran it from that environment rather than in windows itself.  This found the problem and got rid of enough of the problem for me to then run malwarebytes and get rid of the rest.
Good choice!

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question