Spyware, Viruses, & Security forum

General discussion

New rogue: XP AntiSpyware 2009

by Marianna Schmudlach / October 8, 2008 1:54 AM PDT

Wednesday, October 08, 2008

Thanks to Patrick Jordan for the Rogue update.

XP AntiSpyware 2009 is a clone of WinReanimator and XPSecurityCenter rogues.

This group of rogue security products are usually pushed through Trojan-Downloader.braviax or Trojan.fakealert Trojan.

More: http://sunbeltblog.blogspot.com/index.html

Post a reply
Discussion is locked
You are posting a reply to: New rogue: XP AntiSpyware 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: New rogue: XP AntiSpyware 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Please help
by jthole99 / October 28, 2008 8:18 AM PDT

For a couple days now, I have been getting multiple pop-up ads, many of them "powered by Zedo". Something has also turned off my Windows Firewall three times and changed my homepage to Google three times. Now I am getting a red X and a pop-up message from my toolbar that states "Windows has detected spyware infection"... and it directs me to install a program called Antispyware 2009. I have run my Avast Antivirus, AdAware, and Spybot programs. But they have been unable to clear up this mess. Please help. Jeffery

Collapse -
Antispyware 2009 removal.....
by Marianna Schmudlach / October 28, 2008 9:14 AM PDT
In reply to: Please help

Please download Malwarebytes Anti-Malware or alternate download link

* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
* - Update Malwarebytes' Anti-Malware
* - Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

* On the Scanner tab:
* - Make sure the "Perform Quick Acan" option is selected.
* - Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

* -- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

**If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Did it help?

Collapse -
Please Try This...
by Grif Thomas Forum moderator / October 28, 2008 9:16 AM PDT
In reply to: Please help

Please download Malwarebytes' Anti-Malware from the link below:


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

And IF you are not able to download these tools on your machine, please use a friend or family member's computer and download the Malwarebytes tool and it's manual update from the link below.. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Download Link (Clicking on the links below will immediately start the download dialogue window.)

Malwarebytes Manual Updater link

After doing that, then download the free tool from the link below, install it, update it, then run a full system scan:

SUPERAntispyware Removal Tool

Hope this helps.


Collapse -
by jthole99 / October 31, 2008 3:24 PM PDT
In reply to: Please Try This...

Thank you both. The Malwarebytes program cleared up all my issues completely.

Collapse -
Having the same problem with XP AntiSpyware 2009
by pgrizzaffi / November 12, 2008 10:27 AM PST
In reply to: Please Try This...

I'm having a similar problem. I can trick the virus into letting me install Malwarebytes, but it's not letting me run it or Super Anti Spyware.

Any other tricks I can try?

Thanks a million!

Collapse -
by Marianna Schmudlach / November 12, 2008 10:32 AM PST

Have you tried booting in safe mode? You could try doing a Scan with Avira Rescue cd


If the above doesn't work:

Burn this to a disc http://www.free-av.de/en/tools/12/avira_an...cue_system.html it runs on bootup it also has the burning software built in.

IF nothing works........ Hop over to the MalwareBytes Anti Malware forum as they will need your help:

Very strange... We are looking into the malware which is blocking us from being loaded. If any of you have it in the future, please try doing this and post back your results:

Please download the following scanning tool. GMER

* Open the zip file and copy the file gmer.exe to your Desktop.
* Double click on gmer.exe and run it.
* It may take a minute to load and become available.
* Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.
* Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOG
* Zip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.
* DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.
* Click OK and quit the GMER program.


Collapse -
by pgrizzaffi / November 12, 2008 10:27 PM PST
In reply to: Yes......

Unfortunately, I was unable to run gmer.

I was, however, able to get the rescue disc to burn and I'm running that now. I'll report back when I get some data there.

Thanks again!

Collapse -
So far so good
by pgrizzaffi / November 14, 2008 2:21 AM PST
In reply to: Trying

Thanks for the help!

Avria worked like a charm. It cleaned my system enough to be able to run Malwarebytes to finish cleaning up. Things seem to be running fine for about 36 hrs. now.

I'm currently using Kaspersky but it did not seem to detect whatever I did to allow the 2009 installer to be downloaded (fortunately I knew enough to not actually run the installer!).

I'm considering dumping Kaspersky and going with SuperAntiSpyware as my anti-virus/spyware software. Should that give me better protection or is this rogue getting around all virus/spyware/rogue detectors?

Any advice is appreciated and thanks again for the help.


Collapse -
Great Job :)
by Marianna Schmudlach / November 14, 2008 2:35 AM PST
In reply to: So far so good

SuperAntiSpyware is NOT an Anti Virus program ..... but and Anti Malware program ! This roque is getting around and the Anti Virus programs are slowly but surely getting it now too.

Stay with your Kaspersky for now as an Anti Virus. Keep SAS (SuperAntiSpyware) and MBAM (MalwareBytes Anti Malware) and keep it updated - almost every day updates !!

I also would suggest downloading and installing:


Prevent the installation of spyware and other potentially unwanted software!
Download here: http://www.javacoolsoftware.com/spywareblaster.html

Collapse -
by pgrizzaffi / November 14, 2008 2:37 AM PST
In reply to: Great Job :)

Thanks alot!


Collapse -
(NT) You Are Very Welcome :)
by Marianna Schmudlach / November 14, 2008 3:59 AM PST
In reply to: Killer!
Collapse -
Macro antivirus pro 2009
by susanphelps / November 16, 2008 11:36 AM PST

I am really new at this, but became infected with this a couple weeks ago. Even after running anti-virus, anti-spyware, malware programs, I found is in other files. After 6 days of not finding the virus, it returned; redid the routine and found notation on the cleaned list related to cookies. I finally found the it in Doc & Settings\owner\cookies\owner@scanner.micro-antivirus-2009(2).txt. There were 3 more similar notations. After deleting these, so far so good. Best of luck. Susan

Collapse -
Same Situation as Paul
by LifeOnAString / November 16, 2008 10:20 PM PST
In reply to: Great Job :)

Antiviruspro 2009 was a real pain of a program for several days. With the help of this thread I found Malwarebytes, was finally in the same situation as Paul (Post 6), and the boot CD let the Malwarebytes program fix it. (So far so good... got my fingers crossed.)

Since my Norton was no help as all, as for the complement of programs you recommended to him in Post 10:

- Malwarebytes Free Edition
- SUPERAntiSpyware Free Edition
- SpywareBlaster Free Edition

Would you say the same for me with Norton Internet Security 2009? More? Less? Different?

And how often do you recommend these three free programs be used? Are any important enough to have the purchased version?


Collapse -
Yes, the SAME Anti Malware programs.........
by Marianna Schmudlach / November 17, 2008 12:12 AM PST
In reply to: Same Situation as Paul

Updates for MalwareBytes Anti Malware and superAntiSpyware are almost daily ! Scan regularly..... why not running once a day?


Why SpywareBlaster? Spyware, adware, browser hijackers, and dialers are some of the most annoying and pervasive threats on the Internet today. By simply browsing a web page, you could find your computer to be the brand-new host of one of these unwanted fiends!

The most important step you can take is to secure your system.
And SpywareBlaster is the most powerful protection program available.

Multi-Angle Protection

* Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
* Block spying / tracking via cookies.
* Restrict the actions of potentially unwanted or dangerous web sites.

No-Nonsense Security SpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.


Happy SAFE Computing Happy

Collapse -
Still no problems ...except for Norton
by LifeOnAString / November 23, 2008 5:53 AM PST

The Antivirus Pro 2009 has not returned, so the Malwarebytes program did the trick.

However, in reinstalling Norton, I found that it was about as bad in leaving a mess of files and registry entries. Since my ISP (Verizon) has started to charge $6/month for this junk, I decided to return the $40 copy of Norton I bought to replace and go with the free version of Avast.

Collapse -
Great job !!
by Marianna Schmudlach / November 23, 2008 8:02 AM PST

...and a wise decision to go with Avast Wink

Happy SAFE Computing Happy

Collapse -
Avira Rescue CD Rename Option
by LifeOnAString / November 16, 2008 10:25 PM PST
In reply to: Yes......

When I ran the Avira Rescue CD I chose the "Rename" option for files that could not be deleted. Hope that was right. (All the other choices using the program were obvious.)

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Having Wi-Fi troubles?

From the garage to the basement, we blanketed every square inch of the CNET Smart Home with fast, reliable Wi-Fi.