Beware the False Prophet!

Having recently doled out some advice on staying safe online I guess it was kind of inevitable that a “security situation” would come my way – one of our computers was infected a few days ago. But in case you’re wondering, the False Prophet I’m referring to is not me!

No, it’s a particularly insidious piece of malware which purports to be looking out for your best interests, in order to con you into installing it. I’m referring to a trojan called “Antivirus 2009″ (also known as AV 2009) which appears to propagate by infecting legitimate websites. Here’s what Google Safe Browsing has to say about it.

antivirus 2009 malware

Antivirus 2009 is malware

This is the window you’re presented with if you have the misfortune to surf by an infected website. Most people who are shown this will be concerned, and rightly so, what with all the nefarious stuff floating around cyberspace these days. The implication is that your computer is infected with something dreadful, and you’d better take steps to rectify the situation, or face the consequences.

It seems their strategy, once you’ve installed the software, is to repeatedly warn you that your system is infected with something, and the only remedy is to purchase the full version of their software to clean up the mess.

In case I haven’t already made it clear, let me stress that this is not genuine anti-virus software. It’s a scam which preys on people’s fears and sincere desire to protect themselves online.

What should you do?

Firstly, don’t install the software! Now I know that it’s not necessarily always obvious where messages like this originate – you may well be shown something similar by a legitimate antivirus program that you have on your system. My best advice is to read the message carefully, including the window title, which will often give you a clue as to the application responsible. In this case it’s fairly clear that it’s coming from a website, which should raise your suspicions. The poor spelling and grammar are also a telltale sign that everything is not OK!

How to remove AV 2009

If you’ve fallen into the trap, all is not lost. Fortunately AV 2009 doesn’t appear to be particularly malicious or destructive, and is fairly easy to remove. In my case, AVG detected and removed it without any manual intervention (although it took a few reboots to root it out completely). If that doesn’t work, try a Google search – there’s plenty of advice from those who’ve done it.

This again highlights the need to be vigilant online, and to keep your defences up: firewall, virus protection and browser security settings.

Be safe.

Related posts:

  1. How to stay safe online

30 Responses to “Beware the False Prophet!”

  1. Gravatar of Sire 1 Sire

    I never listen to those pop-ups. They are a damn nuisance and the last thing I would do is to download something just because they said I should.

  2. Gravatar of Rodney Smith 2 Rodney Smith

    Sire: no, neither do I. But it isn’t all that obvious that this is a pop-up – it’s deliberately made to look like a normal system window. I think this is particularly confusing, especially for novices who don’t necessarily differentiate between different things happening on their computer. I also find that often they’re scared of breaking something, so just do whatever the “computer” tells them to. Either that or click the button just to get rid of the annoying window!

  3. Gravatar of Sire 3 Sire

    True, I suppose then if that is the case they will have to learn the hard way. I’ve always taught my kids not to just click anything without reading it fully, especially if it occurred while they were surfing the net.

  4. Gravatar of Martin 4 Martin

    Sadly this is, or perhaps should be, illegal. It is a “con” isn’t it? Who’s the company making this software and why aren’t they rotting in jail?

  5. Gravatar of Caleb 5 Caleb

    L.O.L. I see this type pf thing all the time. Actually it’s a witty little marketing trick,but c’mon!

    This is akin to the Emperor in StarWars who creates the wars then comes back with the so’called “only solution” which is his rulership…

  6. Gravatar of Rodney Smith 6 Rodney Smith

    Martin: good question!

    Caleb: sounds like a few governments I know!

  7. Gravatar of Vedetta 7 Vedetta

    Don’t install anything you didn’t chose, and research a bit before you chose what to install. That’s a good rule.

  8. Gravatar of Matt Helphrey 8 Matt Helphrey


    I hate this virus with a passion! It infected two of my home computers and one laptop. I think its because one of my roommates keeps installing it because he is dupped by the false message.

    Anyway, I downloaded Malwarebytes anti malware, ran it once and it solved the problem.

  9. Gravatar of Dover 9 Dover

    I run Linux, so periodically go malware trolling and was actually exploring this one the other day. The nasty thing about AV2009 is that once you visit their page, it is designed in a manner that you will either end up closing your browser or downloading the file. It is actually quite an interesting process of using images that look like pop-ups, scare tactics, and pop-ups that you can’t close.

    I will have to keep AVG in mind next time I am working on someones computer that has become infected with it.

  10. Gravatar of Coral Snake 10 Coral Snake

    I have seen this popup before, when clicking on certain entries on the search engine results. But what surprises me, is that the search engines even display the these results at the top of the results. After getting these I always scan of viruses as I am scared of them.

  11. Gravatar of Rodney Smith 11 Rodney Smith

    Snake: In my case it was from clicking a legitimate link that had been hacked / infected. According to the site owner, their ISP had reported that over 10 thousand of the sites on their servers had been affected.

    The moral of the story is simply to be aware, and respond appropriately if you end up on an infected site.

  12. Gravatar of Tail 12 Tail

    Sometimes they are so real looking. It is important that we teach our kids also to avoid these mal wares.

  13. Gravatar of Atniz 13 Atniz

    Thanks for the information on this virus. I will scan my computer today, see if there is any virus.

  14. Gravatar of Rodney Smith 14 Rodney Smith

    Atniz: it’s always a good idea to do regular scans. But if you had this infection, I’m sure you’d know it – it’s no shrinking violet!

  15. Gravatar of Agolf Cartson 15 Agolf Cartson

    Luckily I didn’t fall for this one but I have to admit that it is a really clever and sneaky way to lure people into installing it. It looks very safe and legit and I can see why most people would want to click to install it.

  16. Gravatar of Yiim 16 Yiim

    Popups können wirklich störend sein.

  17. Gravatar of Mikael 17 Mikael

    I think it is so sad that we’re seeing things like this getting more and more common. Why can’t we just enjoy that the Internet has been invented and that it is evolving every single day.

    I guess it is human nature (for some humans) to want to take advantage of others no matter what they’re presented with. It’s a shame.

  18. Gravatar of Rodney Smith 18 Rodney Smith

    Mikael: yes, it’s still pretty much the wild west out there. We should all learn to play nicely so regulation isn’t needed, but we see in society everyday that some people will always try to step on others and ruin it for everyone by forcing us to have all sorts of security which slows everything down and generallly gets in the way.

  19. Gravatar of Mikael 19 Mikael

    Unfortunately I think that these things will only grow over time and we’re probably going to see some regulations made on how, who and for what to use the internet. I don’t know how they’re going to do it but I think we should just enjoy the freedom we have online while we have it :)

  20. Gravatar of Rodney Smith 20 Rodney Smith

    The problem has always been the international nature of the Net. Individual countries may as well not bother trying to regulate because you can’t stop people from other countries breaking your laws from across the border. And if you try to control things like China’s been doing, it just amounts to censorship, which is a very slippery slope none of us really wants to go down, I reckon.

  21. Gravatar of Mikael 21 Mikael

    We couldn’t agree more on the censorship part, but I can’t see how we’re heading anywhere else but that direction with more and more phising, spamming and trojans invading our privacy every single day. I believe that spam is up to about 80-85% of the total emails sent…

  22. Gravatar of Rodney Smith 22 Rodney Smith

    Yes, but that would require international co-operation on a scale that I just can’t see happening. We’re all too busy trying to blow each other’s heads off!

  23. Gravatar of Mikael 23 Mikael

    Maybe it does but I can easily imagine local restrictions that would make everything more difficult for everyone. For instance our government had a great idea about a year back that all the ISPs should record and store all data transfer taking place by their customers for a period of a couple om month. Totally ridiculous and luckily it didn’t go through. :)

  24. Gravatar of Hosted VoIP 24 Hosted VoIP

    I suppose then if that is the case they will have to learn the hard way. I’ve always taught my kids not to just click anything without reading it fully, especially if it occurred while they were surfing the net.

  25. Gravatar of Bluetooth Home Phones 25 Bluetooth Home Phones

    read it fully is great. researching, as some one had mentioned,is an amazingly good idea. there are people out there, and there always have been, and there always will be, that are doing these things. i’m not completely sure, but i think they are making money off this whole deal.

  26. Gravatar of Dieta 26 Dieta

    I like how they used (recommended) after the question. It’s a nice touch that’ll surely get them more “users” but well at least it’s not destructive.

  27. Gravatar of Ryan Edward 27 Ryan Edward

    These things are a BIG problem for average web surfers. Sure bloggers and webmasters know better and never click on them but my kids and my mother will click anything without reading it first.

  28. Gravatar of Rodney Smith 28 Rodney Smith

    Ryan: I totally agree.

  29. Gravatar of Mark Walusimbi 29 Mark Walusimbi

    Pop-ups are a nuisance and the last thing I would do is to down something just because they said I needed it.

  30. Gravatar of Noclegi Gory Stolowe 30 Noclegi Gory Stolowe

    This is the most clever idea I’ve seen for a while. A malware that acts like an antivirus software is great idea for anyone who want to harm other web users. But it is difficult not to fly into this trap. I don’t know if I would. Maybe not, but sometimes everyone is close to become a target for some hacker, cracker or spammer. And sometimes our shields are lowered so the surprising attack can be devastating.

Comments are currently closed.