Does ANY Antivirus detect AntiVirus 2009???

[Majestic]

Hi,

I've seen AntiVirus 2009 (and mutations) on dozens of computers with Antivirus programs such as Kapernesky, Norton Antivirus/Symantec Corporate, AVG etc.. It seems nothing has been able to DETECT the virus before it attacks. Now as I understand it Antivirus 2009 isn't exactly a virus, it's "rogueware" and the only program that has truly gotten rid of it for me has been MalWareBytes Anti-Malware. That said, which antivirus package actually detects this infection BEFORE it hits?

Majestic

 

[TechGuy71]

I think Avira AntiVir does...

 

[Noodle2732]

I've found that Malwarebytes Anti-Malware is very good at getting rid of it for good. NOD32 or Eset Smart Security for the the full package is very good at stopping it getting onto the system in the first place but not good at removing it.

I use Malwarebytes as a Tech Tool and Eset Smart Security as permanent security.

 

[arrow_runner]

I'm pretty sure that was the last virus/malware I'd gotten rid of before I started working so much on the 'business' part of my business.

Anyhow, instead of dealing with the problem directly, I hooked up the client's laptop hard drive to my laptop through a usb adapter and scanned it using Avast! Linux Edition on Ubuntu on my laptop. I just left it and when I came back Avast! had gotten rid of it. I only had a few registry tweaks to do to fix the wallpaper/screensaver and that was that.

The first time I ran into Antivirus2009 I did end up using Malwarebytes as well, but the direct approach was sooo tedious...

 

[Majestic]

Just used NOD32 to remove it yesterday. It also found all of the variants and droppers.

Well if this is the case that Eset NOD32 is detecting it I will be recommending it to my clients. I always clean up with MalwareBytes Anti-Malware (and was also considering pushing that as a real time monitor to my clients on top of that) but I would love to see NOD32 detect it. I'm going to set up a virtual machine and test his

Thanks for the input everybody

Majestic

 

[Checkmate]

Just did a removal with Kaspersky AV today.

 

[wmacquinn]

malwarebytes workes great for me everytime. I've used it at least a dozen times to take off antivirus 2009. And it's free so it's even better.

 

[l337]

Avira, Nod32 are 2 that ive seen intercept it before infection. however with removal i dont think you can beat combofix its just that good xD

 

[schwags]

almost every one of the computer I have had in my shop with antivirus 2009 or one of it's varients had had Avast! antivirus free running on it. I myself use NOD32 and have not been infected, but it seems that Avast! certainly doesn't catch it for now. I take that back sort of, I have seen Avast catch it, but it can't do anything with it. Anyway, Eset seems to be the ticket.

BTW, a combination of Malwarebytes Antimalware and Combo fix are what I use to remove these programs. Hasn't failed me yet.

 

[RyanMeray]

Part of the problem is these Vundo-strains like AV2009 and its ilk are great at making their various iterations use vastly different sigs than previous copies, so while you may find that your current virus definitions do the trick, when the client got infected 2 weeks ago, running the same AV software, there was no detection, nor was there one for a week or so before they finally got a definition downloaded that saw it. At which point, of course, it's too late.

In my experience, Avira and NOD32 are both way ahead of the curve in their detection sigs, and NOD32's heuristics are phenomenal.

I really need to do some Threatfire testing to see how well it works, because in theory it sounds great.