1. /
  2. Security Response/
  3. AntiVirus2009

AntiVirus2009

Updated:
August 25, 2008 10:05:25 PM
Type:
Misleading Application
Infection Length:
997,888 bytes
Name:
AntiVirus2009
Publisher:
Antivirus2009Professional.com
Risk Impact:
Medium
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Behavior
This program can be downloaded from a Web page and must be manually installed.

The program reports false or exaggerated system security threats on the computer.








The user is then prompted to pay for a full license of the application in order to remove the threats.




The downloader component may download other misleading applications like XpSecurityCenter along with AntiVirus2009.



Installation
When the program is executed, it creates the following folders:
  • %UserProfile%\Start Menu\Antivirus 2009
  • %ProgramFiles%\Antivirus 2009

It then creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
  • %UserProfile%\Desktop\Antivirus 2009.lnk
  • %UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
  • %UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
  • %ProgramFiles%\Antivirus 2009\av2009.exe
  • %System%\scui.cpl


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Run\"[32 RANDOM NUMBERS]" = "C:\Program Files\Antivirus 2009\av2009.exe"

It also creates the following registry subkey:
HKEY_CURRENT_USERS\Software\[32 RANDOM NUMBERS]

Similar security risks
AntiVirus2008

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver