[lazyslackerboy]

I have this Malware virus on my computer and it is called Antivirus pro 2009.Antivirus pro 2009 came out of know were! i did not download it, but while browsing the internet my computer automatically restarted .As soon as my computer rebooted, i got a red X on the bottom right corner of my screen that reads "windows has detected a spyware infection!"knowing it was a virus i then right clicked the red x trying to get rid of it manually,next thing I knew i noticed that it starts to install.

some how this virus has bypassed my Microsoft firewall and has disabled my avg Antivirus 8.0 !. Also when i try to search for help on Google it redirects me to a page advertising AV pro 2009. Antivirus pro 2009 has also blocked websites that could help with the problem.i am currently using my schools computer to write this message.i have also tried multiple anti-malware and anti-virus software's to fix the problem.I tried SpyHunter,RegCure,XoftSpySE,malwarebytes and Spyware Doctor, but as soon as i try to install or update the programs they either do not open or can not fully install.i have also tried to do install in safe mode but the something happens.You guys have discussed how to remove Antivirus pro 2009 but every thing im doing is not working!!! I CANT OPEN ANY PROGRAMS!!!!SOMEONE PLEASE HELP ME IM Desperate!!!!

[Bobby]

hello there,

i see your problem is serious. have you tried removing Antivirus pro 2009 manually? it can block security programs but it can't block you. here's antiviruspro 2009 removal: http://www.2-spyware.com/remove-antiviruspro-2009.html

let us know if you have further problems,
_________________
I reccomend Spyware Doctor and Malwarebytes’ Anti-malware as ultimate protection.

[lazyslackerboy]

ok i did every thing the guide has told me ,but im having problems unRegistering DLLs .Im so confused on how to do it,can y guide me?

[lazyslackerboy]

ok i figured out how to use cdm .But there is no file found ,i manages to delete every thing on the guide, but as i restart my computer, its as if i didn't do any thing...and i still have that red x!!!!

[lazyslackerboy]

ok i got rid of the red x on the bottom right corner of my screen.A man named Gokul on yahoo answers helped me out. but i still cant run programs and i still cant search on google in my firefox browser .

hears what he wrote:

I got infected by antivirus pro 2009, I followed what Mike field said. But the red ballon was coming again and agian thats because of Brastk.exe and Karna.DAT. But I cleared all now. So here is the complete steps,

Step 1 to remove the antivirus pro 2009
Step 2 to get rid of Brastk.exe and Karna.DAt

Step 1 to remove the antivirus pro 2009

Mike fields steps to clear Anir virus pro from your syste, (Thanks Mike)

- Killed the av2009.exe process using Task Manager
- Took a look at where the Antivirus 2009 shortcut pointed (they put one in the desktop)
- Took a note on the date and time of the av2009.exe file
- Searched the Registry to see if they were any references to av2009.exe. Did not find any.
- Removed the C:\Program Files\Antivirus 2009 directory and all files
- Removed the desktop shortcut
- Removed the shortcut in the Start Menu (be aware they put it in the upper area, where Windows Update is located)
- Rebooted, but then discovered that IE was still infected, in particular when I tried to navigate to Sysinternals. Also discovered that the Security Center applet in Control Panel was not working
- Went to Windows\System32 and found 3 files from about the same time of the infection:
ieupdates.exe
scui.cpl
winsrc.dll
- Again before removing the files I searched the registry and deleted references to ieupdates.exe (register to start automatically) and winsrc.dll (registered as a COM file)
- Reboot again and tried IE and Security Center, both are working now

Step 2. To Remove Brastk.Exe and Karna.Dat

Boot to safe mode.

Delete karna.dat and brastk.exe in C:\Windows (or C:\WinNT) and C:\Windows\system32.

Delete wini10###.exe in C:\Windows\system32.

Replace beep.sys in C:\Windows\system32\drivers from a backup source or simply delete it. Make sure the good file does not exceed 10k.

Delete the entire Antivirus 2009 folder in C:\Program Files.

Remove the brastk string from the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi...

Remove the Antivirus 2009 string from the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi...

Modify the AppInit_DLLs string from the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi... NT\CurrentVersion\Windows by removing karna.dat.

Remove the Antivirus 2009 key (entire subfolder) from the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi...

Restart Windows normally.

Reinstall your antivirus software.

Good Luck !!!
Gokul.

this guide really helped me out.it pointed out that the main cause of the red x was the karna.dat and brastk.exe files. But all it did was get rid of the red x,is there some one who knows how to fix this problem.

[Bobby]

hello again,

i got another idea. download hijackthis tool from here : http://www.2-spyware.com/review-hijackthis.html , run the program and post the log created by hijackthis at this forum section : http://www.2-spyware.com/forum/forum8

hijakcthis logs all the running processes and we can check if some of them are malicious.
_________________
I reccomend Spyware Doctor and Malwarebytes’ Anti-malware as ultimate protection.

[SigurjonF]

Hi there

I have the exact same problem and I did everythig in the post and I downloaded the "hijckthis" tool but I cant execute the install file

[SigurjonF]

Is there perhaps a regestry log program don´t need to be installed, or can I install "hijackthis" through safemode

[lazyslackerboy]

SigurjonF there is away to installed Hijack This.first go on another computer,install HijackThis,than copy the installed HijackThis.exe file to a fash card.

[lazyslackerboy]

ok bobby do your stuff http://www.2-spyware.com/forum/topic2122.html