|Home > All Tips > Spyware
AntiVirus 2009, 2010 & 2011 Removal
There are many ways that cyber criminals operate to try and get your hard earned money. If they can't actually steal it from you then they will try and scare you into giving it to them by making you think there is something wrong with your computer and the only way to fix it is by buying their program.
Antivirus 2009, 2010 or 2011 is a fake anti spyware program often referred to as scareware. Once it gets on your computer it will popup with fake virus scans or Windows Security Center alerts saying your computer is infected. Then it will try and get you to buy the software to be able to clean the infections off of your computer. It may have other names such as XP Anti-Virus or Internet Antivirus etc.
Here is an example of a scareware program called Internet Antivirus 2011. Notice how it says it found 20 potential threats on your computer that need to be removed. If you try to go through the removal process it will say it can't remove them unless you pay for the full version. These threats that it said it found do not actually exist on your computer and were generated by the fake antivirus software to scare you into thinking you have these issues.
Antivirus 2011 etc will often block many programs on your computer saying that they are either infected or may cause serious damage to the system. So when you try to run your legitimate anti spyware software or even disable Antivirus 2011 using msconfig it won't let you. It may even prevent you from using Internet Explorer or another browser to get online to try and download a fix for this spyware. It even keeps running in Safe Mode where many other spyware infections don't. One interesting way around this is if you go through the purchasing process as if you were going to buy the software it will open your web browser taking you to their page and thus allow you to get online. Just be sure not to give them any personal or credit card information!
If you open Task Manager you can look on the Processes tab for any processes that are running that shouldn't be. You can look for something that doesn't belong such as uww.exe running under your username rather than SYSTEM. You can end the process and then see if it closes the program. Then you can search for that executable file and delete it after you stop it. Keep in mind that it will want to keep trying to start it every time you try and run a program. You can go into your services and disable that service if you can find the right one. It may be called something like Windows Security Alerts.
One great tool for getting rid of this infection automatically is Combofix. If you can download it or copy it from another computer and run it on your computer it most likely will get rid of the program. You may need to stop the process or service from running before you can run Combofix.
If you do get rid of the infection with Combofix you should run other programs such as Malwarebytes' and Spybot to make sure you have nothing else running on your computer.
Viewing and Troubleshooting Windows Services
Using Windows Task Manager
Malwarebytes' Anti Malware
Removing and Preventing Spyware Infections