UNH CIS Signals

Computing Alert: AV 2009

CIS Staff

February, 2009

Trojan The AntiVirus (AV) 2009 malware family is wreaking havoc across campus, costing many students, faculty, and staff hours of time to both identify and remove this Trojan while slowing computers to a crawl. Here are some quick FAQs to get you up to speed.

 


What is AV 2009? Is the warning message legitimate?

There are multiple versions: XPAntivirus 2007; XPAntivirus 2008; Antivirus 2008; Antivirus 2009. All versions are similar in appearance and perform essentially the same malicious function. A message pops up, saying that your computer is at risk and that you need to download a virus scanner. This message is not legitimate. It is a scam. AV2009 is actually a form of malware (short for malicious software). Malware is any program designed to corrupt or damage your computer, including viruses, Trojans, and spyware.

How do you get it?

Webpage ads are the most common method of infection. While visiting certain webpages, a seemingly legitimate message appears –masked to appear as coming from your anti-virus software. The message reports “x# of viruses have been found on your computer” and asks if you would like to clean them.

How do I avoid getting it?

If this message appears, kill it. Hit your Control-Alt-Delete keys. Go into Task Manager. Select the browser you are running. Choose End Task.

How do I know if I have it?

Once AV 2009 is installed, you will receive multiple notices that your computer is infected, and will then be prompted to visit a website to purchase anti-virus software. These websites will ask for credit card information to purchase the product (which is then “netted”), and also gives thieves the opportunity to take control of your computer. PLEASE DO NOT PURCHASE THESE PRODUCTS OR GIVE UP ANY PERSONAL INFORMATION. Symptoms include slow computer performance, pop ups, disabled anti-virus software and limited internet access. If no action is taken, the infamous Windows blue screen will eventually appear, and you will not be able to login to your computer.

How do you get rid of it?

AV 2009 is an advanced program and is difficult for the average user to remove. Removal requires an advanced technical knowledge of virus removal and registry editing techniques. Students who suspect their computers have been infected can take them to the IT Support Center in Dimond Library (Main Floor, Level 3) for assistance, free of charge. For a fee, faculty and staff who suspect their computers have been infected can take their machines to the Computer Service Center (located at the MUB - Level 2 East, Room 213) for assistance.