Quantcast

Don't have an account? Register Now! Forgot password?

Related Articles
Maximum IT
SEE MORE MAXIMUM IT
Ask the Doctor

Removing Rogue 'Security'

Posted 11/04/09 at 02:45:45 PM  by The Maximum PC Staff

comment Commentsprint Printemail EmailDeliciousDiggStumbleUponRedditFacebookSlashdot

Ask the Doctor LogoPC MightyMax 2009 was included with the purchase of my new HP a6827c with Windows Vista.  After trying out MightyMax I decided I didn’t want it due to its obscene costs. I obtained the instructions for removal—go to the Start menu, go to the PC MightyMax folder, and hit the uninstall button, but the software does not fully uninstall. Help!

—Shannon Swank

 
Doctor, I managed to get two computers infected with AntiVirus2009, simply by following a link to a video review online. Both machines run Windows XP Professional SP3. One is a Dell Vostro laptop, the other is a desktop I built about three years ago.

I’ve run Malwarebytes’ Anti-Malware, which removed a bunch of copies, Rogue Remover, SuperAntiSpyware, ThreatFire, and ZoneAlarm Internet Security, but every so often a new browser window will suddenly open and try to access AntiVirus2009.com. I’ve looked at every website on the Internet (well almost) and nothing I’ve tried will get rid of it on either computer. The only way I’ve been able to keep using the computers is to manually block antivirus200*.* in ZoneAlarm. Every time I check the log, there’s entry after entry where it tried to send an ICMP ping to that website or tried to open Firefox to access it. I’m at the end of my rope. I don’t know what else to do and I’m sure that there are other people out there having much the same problem as I am. Is my only hope to re-install Windows?

—Steve Rugg

 
Ah, our least favorite kind of malware: the kind that masquerades as useful software. Here we have two of the most insidious and widely spread flavors. PC MightyMax is a fake antivirus app that throws up false positives in an attempt to get you to pay for it. The Internet is full of people trying to remove PC MightyMax, and the general consensus is that Malwarebytes’ Anti-Malware (www.malwarebytes.org) will remove the program. If not, you’ll have to remove it manually. Start the Task Manager and end the following processes: pcmm.exe, ExeAfter.exe, PCMightyMaxSetup[1].exe, and any other processes with PC MightyMax in the title or location. Then run msconfig and prevent them from running at startup. Reboot and delete the folder. Run CCleaner (www.ccleaner.com) to remove registry crud.

Antivirus 2009 is another faux-security malware program, but it’s even more insidious. Since you’ve already tried Malwarebytes’ Anti-Malware, which effectively removes most malware (including, for most people, Antivirus 2009), but your problems persist, you’ll want to check out our full malware-removal how-to for detailed instructions on purging your machine of baddies. If your problems persist even after a thorough scrub-down, however, you may have to reinstall Windows. It sucks, we know, but not as much as a security-compromised PC.

 

SUBMIT YOUR QUESTION Are flames shooting out of the back of your rig? First, grab a fire extinguisher and douse the flames. Once the pyrotechnic display has fizzled, email the doctor at doctor@maximumpc.com for advice on how to solve your technological woes.

 

COMMENTS:7
TAGS: malware, ask the doctor, PC MightyMax, AntiVirus2009
COMMENTS
avatarDon't forget to clean the registry

Submitted by JohnP on Sun, 11/15/2009 - 3:50pm

 Amonst all of these antivirus and antimalware programs, you need to have at least one and better two registry cleaners. Registry cleaner will remove the nasty reg lines that keep reloading the malware. Sometimes the antimalware will catch these but not always.

I use  RegSupremePro and Tuneup Utilites for reg cleaners. RegsupremePro is the best of the two but TuneUp has a lot more features.

Login or register to post comments
avatarThe problem with most

Submitted by big_montana on Fri, 11/06/2009 - 6:02am

The problem with most spyware is that it likes to hide out in your system restore, so even after you think you have successsfully removed it; after a reboot it restores itself form system restore and reinfects your system. You will need to disable system restore (doing so will delete and restore points you have created), I also disable the system restore service as just disabling system restore does not always do the trick.

Login or register to post comments
avatarfought almost daily

Submitted by linkmaster6 on Thu, 11/05/2009 - 11:49am

I've fought AV08/09/10 Windows Police Pro almost daily here a few months ago, Spybot does wonders on them but not so great on police pro. Its not antivirus or antimalware but revo works nicely on some of them

Login or register to post comments
avatarAntivirus 2009 removal

Submitted by Bluntknife on Wed, 11/04/2009 - 2:21pm

Antivirus 2009 is an easy one.

 

I've gotten rid of it a bunch of times using combofix. You'll just need to clean up the rest of the folders manualy after you run it.

 

But there is a new one. Called Antivirus pro or something, Blocks all antiviruses from running (blocks the .exe) blocks combofix, malware bytes, even from booting into safe mode (Gives you a blue screen)

 

Since I don't have a usb dongle or anything, I just put Linux mint on my laptop. 

Login or register to post comments
avatarCan't run .exe's

Submitted by Hg Dragon on Wed, 11/04/2009 - 2:35pm

The link I posted has a small reg fix if launching .exe's (well, trying to launch them, actually) results in a command prompt window that flashes by quickly or nothing at all for that matter.

Login or register to post comments
avatarI've removed Antivirus 2009

Submitted by COMMANDER_COOK on Wed, 11/04/2009 - 1:42pm

I've removed Antivirus 2009 and similar things many times from many computers and never had any problems doing so. (although one computer prevented some of my AVs from running-no surprise that Adaware caught some 500 threats).

I use Hiren's Boot disk to do most virus cleanup as I don't want to connect an infected computer to a network or connect a flash drive.

Hiren's boot cd is considered Warez, but it is a lifesaver.

Mcaffee gives a false positive on some of the older versions of this disc because it contained an unofficial mcaffee definitions updater, but rest assured it was not a virus.

Login or register to post comments
avatarAntivirus 2009/2010/XP/Windows Police PRO

Submitted by Hg Dragon on Wed, 11/04/2009 - 1:07pm

I hate, HATE, HATE! this particular piece of Internet filth and all of it's mutations. I spent an entire week removing this pile of garbage form three infected machines at my office (and one of them was a repeat offender...). I found a nice site with some version-specific tools to remove the nasty liitle tidbits that Malware Bytes/SuperAntiSpyware/Spybot leave behind for whatever reason.

 http://www.myantispyware.com/2009/07/27/how-to-remove-windows-antivirus-pro-uninstall-instructions/

The sidebar on the right will take you to version-specific removal tools. It's helped me quite a bit with one particularly deep-rooted install.

Login or register to post comments

This Month's Issue
Maximum PC
SUBSCRIBE NOW
AND SAVE!
FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works