Antivirus 2009 Hijacks The Google Web Site

A new Rogue anti-spyware program called Antivirus 2009 was released this weekend that for the most part, acts just like all the rest. It displays false results, it is advertised through misleading web sites, comes bundled with malware, displays fake results, and requires you to first purchase the software before you can remove anything. What makes this rogue a bit different, though, is how it hijacks the Google homepage and search results by inserting an advertisement for Antivirus 2009.


Now, this is not the first time this is happened, but it is uncommon enough that it warrants discussing. When Antivirus 2009 is installed, it will install a Internet Explorer browser helper object called C:\Windows\System32\winsrc.dll. This program will automatically load when Internet Explorer starts, and when you visit certain sites, it will insert its own information into the web pages that are retrieved. Currently the information that is inserted into the Google home page and search results is a misleading advertisement for Antivirus 2009. The current text of the advertisement is:

Google Tips

Google has detected unregistered Antivirus 2009 copy on your computer. Google recommends you to activate Antivirus 2009 to protect your PC from malicious intrusions from the Internet.

The advertisement is actually one big link that if clicked will bring you to a page at the hxxp://microsoft.browserprotectioncenter.com/ site that says you are infected and should purchase Antivirus 2009.


The tactic being used by this Rogue is to trick the infected user into thinking a well known and highly trusted brand, like Google, is actually endorsing their products. In reality, though, this is just another scam being used to steal your money. If you are infected with Antivirus 2009, you should use the following guide to remove the malware for free. If you have already paid for the software, please contact your credit card company immediately and dispute the charges.

I discovered this injection on one of our clients this morning and, with your help, was able to completely remove Antivirus 2009.
Great article and instructions

Hi I just joined to say thankyou soo much for the guide to remove antivirus 2009. It was very easy to follow and it worked. :-) It was driving me mad and blocking nearly every site i went onto :-( Cant thankyou enuf xx

Just wanted to say thanks to Grinler, Eaglehawk2 and anyone else that may have contributed to resolving this very annoying issue. It showed up on my CEO's laptop today and this information really saved the day!

Thanks again,

otteradmin

Wow, thanks a lot for the assistance, it was fantastic. I was perplexed as i thought my system might need complete formatting.
Good job..
Great doing guys..


--Prando

You guys are awesome! Zapped that Power Antivirus 2009 quickly & easily. Thanks so much!

Cheers for the info.

thx for info.........

Excellent explanation-I have many friends who have gotten the antivirus 2008. I would like to send them your explanation and give you credit for it, if its okay.

Also would you recommend people change their homepage from goggle?

Also would you recommend people change their homepage from goggle?

You mean google. Goggle was an extremely dangerous site to visit. I think it may have been abandoned, but it contained may viruses, including downloading the rogue SpySheriff. I takes/took advantage of the very typo you've made.

Edit: I confirm the site is abandoned, but it could be used for criminal behaviour in the future, so don't go there.

Edited by KingOfIdiocy, 15 August 2008 - 06:04 PM.

rogue antiviruses are so morally corrupt! Well there are worse things in the world... but these people need to get a life!

Kick A$$..

What do you type in google for this to come up?

So i can avoid it.

Edited by samuel3, 31 October 2008 - 10:13 AM.

Thanks for the info... cheers !!