Antivirus Pro 2009 (AntivirusPro 2009) Removal Instructions (AntivirusPro2009)

By nasrin on Oct 16, 2008 | Reply

Thank you very much.

By Andrew on Nov 2, 2008 | Reply

God damn it I can’t find two of the files listed
And it’s still on my computer

By billyng on Nov 2, 2008 | Reply

Antivirus Pro 2009 mysteriously appears on my laptop this morning. It’s so f*cking annoying. I couldn’t close Internet Explorer and I couldn’t run any applications. How can I remove this Antivirus Pro 2009 without damaging my data? I don’t have any backups of the hard drive recently. Help please.

By jessz on Nov 2, 2008 | Reply

my god! what’s this? I have norton to protect my computer and it still gives me trouble.

By ChrisJohnson on Nov 2, 2008 | Reply

Just look at the latest modified dll’s on your computers. Rename the files then reboot the machines. If it works, then delete the “renamed” files immediately. You would not see Antivirus Pro 2009 ever again.

By Brett on Nov 2, 2008 | Reply

I can’t think of a worse nightware by getting infected with antivirus pro 2009 spyware. It is so stubburn that it would not go away regardless what I have tried.

By cherrie on Nov 2, 2008 | Reply

i hate antivirus pro 2009! hate it hate it!

By mike on Nov 3, 2008 | Reply

I followed your steps on antivirus pro 2009 but red x still shows up on the taskbar. what else could I do?

By SteveA on Nov 3, 2008 | Reply

Have you guys tried to do a system restore? It worked for me. Hope this helps and good luck.

By Ed Brooks on Nov 4, 2008 | Reply

I have Norton AntiVirus but it doesn’t stop ths virus or remove it with scanning but GUESS WHAT? They have a PREMIUM SERVICE to remove this virus.

Anyone want to guess what EyeGouging SOB antiVirus Program I won’t be renewing a subscription for?

By jen on Nov 4, 2008 | Reply

Thanks system restore seems to have worked for me too thanks

By ben on Nov 4, 2008 | Reply

Mine also shows up as AntiSpyware Protection 2009. I found under HKEY_CURRENT_USER\Software\ a folder titled ASProtect. I’m going to try and delete that one.

By Tom on Nov 4, 2008 | Reply

wtf! antivirus pro 2009 showed up after I started the computer earlier and there’s no way I could close all the windows. how can i remove this antivirus pro 2009 spyware? thank u in advance.

By New President on Nov 4, 2008 | Reply

I will prosecute all the people who created Antivirus Pro 2009!!!

By Noah on Nov 4, 2008 | Reply

System restore doesn’t work for me. Restored points disappeared.

By Gary on Nov 4, 2008 | Reply

guess what Ed Mcafee did the same thing to me. I thin the anti-virus people started this to generate cash flow. hmmmmmm

By Eric on Nov 5, 2008 | Reply

Can anyone tell me how to do a system ignore
Man! If I ever find the a-hole who created this nuisance, I will stave his head in with a shovel!

By Laura on Nov 5, 2008 | Reply

the damn thing won’t even let me get to antivirus websites to fix it. oh and restore is a joke… it says I have points that I can go to but BAM it doesn’t work, no changes were made to your computer… baaaah!

I printed the list of files from work today. Hopefully I can sit down tonight and delete them.

By grant g on Nov 5, 2008 | Reply

i am on day 3 of fighting this NASTY F**KING thing. so far i am losing. mcafee sucks.

By janie Brickell on Nov 6, 2008 | Reply

Eric, go to start, help and support. Search For system Restore Wizard. Pick a date that you’re computer was virus free and follow the instuctions. I just did it and it worked for me.

By juan cole on Nov 6, 2008 | Reply

i am so mad at virus 2009, i can’t do nothing, i wish i could find the person who did this-i would pull his tongue out through his arse

By Ziggy on Nov 6, 2008 | Reply

I found another file that came with the “package”: brastk.exe
I removed these files from the windows folder and the autostartup.

By Daniel on Nov 6, 2008 | Reply

How do we get our money back? I purchased the Antivirus Pro 2009 and found out that it was a scam.

By Guy on Nov 6, 2008 | Reply

OK so I downloaded the spyhunter located and deleted the 4 files it found. I have tried deleting these and all the ones mentioned above in safe mode too but they are regenerating each time I reboot :(. How do I get them out of the start up thingy

Thanks

By Guy on Nov 6, 2008 | Reply

“Just look at the latest modified dll’s on your computers. Rename the files then reboot the machines. If it works, then delete the “renamed” files immediately. You would not see Antivirus Pro 2009 ever again.”

Chris any chance of an idiots guide on this one

By Mitch Terrusa on Nov 6, 2008 | Reply

That red circle tripped me up too — Hit Ctrl-ALT-DEL and in the Processes, locate the file BRASTK.EXE, highlight it and then hit end task. In a few moments, point to the red x and it should disappear. That file should be located and removed. Good luck!

By Ed on Nov 6, 2008 | Reply

System restore worked great. Thanks very much!

By Gee on Nov 6, 2008 | Reply

Restore does NOT work for me. No restored date available. It’s all greyed out. I hate Antivirus Pro 2009!!!

By King on Nov 6, 2008 | Reply

I did it! I took out brastk.exe and the virus is gone. Thanks for all the advices.

By Andrew on Nov 6, 2008 | Reply

I am also having the same issue with not being able to get rid of the red X. Everything else is gone, but that X keeps giving me the pop up saying that my computer is infected.
Very frustrating! Any ideas?

By Andrew on Nov 6, 2008 | Reply

I looked for the BRASTK.EXE but it is nowhere to be found and the red X is still hanging around…

By Jimmy on Nov 6, 2008 | Reply

Thanks for this thorough removal instructions. I know it’s my fault not being careful enough, but after 3 hrs of experiment and reboots which includes safe mode. Guess what? Antivirus pro 2009 is now gone. No more fake alerts and no more popups. Hope it won’t come back like some of you guys. Good luck.

By Max on Nov 7, 2008 | Reply

Used system restore, it removed all pop-ups about spyware infections and no antiviruspro stuff is visible… I’m still getting messages about troyans put in “karantän” (no idea what that is in english sorry…)

By Jack on Nov 7, 2008 | Reply

That’s the consequence of surfing xxx sites. You losers!

By JJ on Nov 7, 2008 | Reply

agh!!!!!!!!!! Antivirus Pro 2009 is a b*tch to delete!!! Five Hours!!! No avail!! I want to kill these bast*rd who made Antivirus Pro 2009!

By Jose on Nov 7, 2008 | Reply

Darn it. I have no clues how I got this. It’s such a stupid antivirus pro 2009. I want to delete it.

To Jack, go screw yourself if you are not to help.

By Debb on Nov 7, 2008 | Reply

My friend came over last night and removed Antivirus Pro 2009 promptly. I was very happy until this morning Antivirus Pro 2009 shows up again. What should I do now? I can’t ask my friend to come back again. thanks in advance.

By kenneth on Nov 8, 2008 | Reply

what a mess that av pro 2009 brought to me. my laptop freezes every two seconds.

By thierry on Nov 8, 2008 | Reply

darn kreep won t even let me enter the net!

By pau on Nov 8, 2008 | Reply

Antivirus Pro 2009 is nasty. It is probably the worst virus I have seen in my life. I am 19 years old and I am a computer science major. It took me over half hour to kill av pro 2009. I have to thank for this valuable information here. It is a good starting point to take care of business.

By MP on Nov 8, 2008 | Reply

To Jack’s post of 11/07/08,

You must have been surfing the XXX sites yourself if you’ve found this blog, you loser.

By me on Nov 8, 2008 | Reply

LOL. MP, I can’t disagree with you! Jack is a jackass!

By Jessica on Nov 8, 2008 | Reply

This sounds too technical to a newbie like me. I would be appreciated if someone can rephrase these steps in words an average computer user can understand. I need help badly to remove Antivirus Pro 2009, which has bothered me for a few days and I have to look for solutions on my sister’s laptop. I remain very hopeful that someone can help me. Thank you very very much.

By Chris on Nov 9, 2008 | Reply

I’ve found that this programme is blocking me from updating avg and accessing any sort of security software website! Has made it very difficult to get rid.

By Hamish on Nov 9, 2008 | Reply

Well, nice yo see I’m not alone with this problem. I could not open Task Manager since it was diabled. Finally managed to correct this, but under processes, none of those listed below are present. If I search for brastk.exe and then try to delete it I am told access is denied presumably because it is running even though Task Manager isn’t reporting it. Any ideas??

utynewu.exe
antiviruspro2009.exe
brastk.exe
wini101971.exe

By cindy on Nov 9, 2008 | Reply

This randomly showed up on my computer two days ago. I’m doing all I can to get it off but nothing seems to work. I can’t even find most of the files that you have listed. I don’t want to do a system restore and lose all of my files. HELP

By Rach on Nov 9, 2008 | Reply

Hi
My other half used his card to purchase it when it came up (he believed that we must need it) nothing activated (except a lot of trouble) our lap top does not have the specifications require to run! Do I still need to delete it?
Sorry am such a dummy with this sort of stuff! Although we have spotted a virus and ‘put it in chest’
Any help appreciated, many thanks.

By J.P on Nov 9, 2008 | Reply

Thanks for the advice - IT WORKED !!!
Best regards, J.P

By sarah on Nov 9, 2008 | Reply

Cor blimey!! Thank you so much for all the advice on here, this virus attacked my PC initially and after much cursing and pulling out of hair it’s still there, it won’t allow access to the things you need to delete it…I then used my laptop to try and find a solution…suddenly there it is on the laptop too…how?? the only site i had open was sky.com in order to access my account, can it come through there? nightmare!!

By virusbusters on Nov 9, 2008 | Reply

We contracted this f**kn virus yesterday afternoon. We’ve ran System Restore and it WORKED!!! Woooo hoooo!!!!
To help those not IT-illiterate go to START> All Programs> Accessories (or Applications)> Systems Tools> System Restore - Good luck hope it works for you as it did for us.

By Paula on Nov 10, 2008 | Reply

I did the system restore, too, PLUS, updated my anti-virus security program — that should work for anyone trying to get rid of this thing!!!

By Sharlene on Nov 10, 2008 | Reply

System restore works for me!

By Sharlene on Nov 10, 2008 | Reply

thanks!!!

By Cathy on Nov 10, 2008 | Reply

I’m with Daniel–I purchased Antivirus Pro 2009 thinking it was going to help and I was forced to have it professionally removed for about $100 more.

How do we get our money back???

By cms on Nov 10, 2008 | Reply

System restore seems to have done the trick. Thanks!

By Steven on Nov 10, 2008 | Reply

System restore didn’t work for me! I think Antivirus Pro 2009 took out all my system restore points. I lost the capability to pick a day on the calendar. What’s next????

By kevin on Nov 10, 2008 | Reply

System Restore didn’t work for me either. In fact, now System Restore won’t start, Windows Search comes up with a totally blank screen, and I still have Antivirus Pro 2009.

By danny on Nov 10, 2008 | Reply

I saw the following post from tannmann from another thread. Guess what? It works for me.

—————
I downloaded spyhunter and did the free scan, which showed the location. should be on the C drive. go to search and type C it will come up with uninstall Anti virus 2009.

seams to have worked for me, ran the spy hunter again and it didnt come up.

By Kevin C on Nov 10, 2008 | Reply

System restore also does nothing for me. And the search window comes up but there are no options on the left, it is just a blank blue bar with the stupid cartoon dog. What else can I try??

By This sucks on Nov 10, 2008 | Reply

this happened to me to too on my other laptop!! I cannot even open this website on that computer. I downloaded the spy hunter and I cannot click to open. Can anyone tell me what else to do? None of the associated files are in explore. I searched “antivirus” in the file name and nothing came up.

By This sucks on Nov 10, 2008 | Reply

Oh, yeah, I too have no system restore points to click on. I think I might have a different version of the trojan (OMG, could there be more than one of these monsters!!!) because none of the files listed above are in files and folders. Strange, very strange. As computer lit as I am, I cannot figure this one out on my own. Any tried and true results from someone in my shoes before I spend the professional money? p.s. I never bought the software, I just have the red “X” that screwing everything up.

By Gabrianna on Nov 11, 2008 | Reply

omg… i have a project but it wont let me do it, suposidly its unsafe, plus i cant use my internet!—-

By Fónziè on Nov 11, 2008 | Reply

## TRY THIS IS SYSTEM RESTORE DID NOT WORK FOR YOU! ##

By rsu on Oct 30, 2008 | Reply

Easy way,

1…. As Bart Stratton said and PLUS my own idea..
Here is how I killed it. search “*.exe” Sort by date. For me, this was the same day. delete all the .exe files that installed at the time you got the virus. You should see wini101960.exe, AclntUsr.exe, brastk.exe and some others that all modified at the same time. Delete these files. The files I named I had to bring up my task manager to stop these processes and delete them. It worked for me. I hope it works for you.

2.. To recap, try to delete all the *.exe files installed around the time of infection. If you are unable to delete, just rename the them to dummy name and recreate a same file with nothing in it and make it READ only.

then restart your PC…this time you can go and delete renamed dummy files

#

By Terry on Nov 1, 2008 | Reply

THANK YOU!!! RSU and by extension Bart Stratton.

The procedure worked perfectly. I was unable to delete all files, but the renaming and inserting a blank file worked. I used Note Pad to create the files, be sure to change the extension to “all files” when saving. After saving immediately go to Windows Explorer click the file, go to properties and change the file to “READ” only. Do not delete the new brastk.exe

Good luck.

## IT WORK FOR ME! ##

By Pc doc on Nov 11, 2008 | Reply

Just wait buddy your next, it comes from more than you think now, it was all updated to by pass all protection, and this is a whole new type of virus,

People if you payed for Antivirus Pro 2009 after you received this thing, watch your bank account’s, they have tried to double and triple charge people and even more.

By Brent Raper on Nov 11, 2008 | Reply

Chris,

Thanks for you help. Can you tell me how to “look at the latest modified dll’s” on my computer? I have located some of the dll’s associated with the Antivirus Pro 2009 virus but I’m not sure how to locate the latest modified dll’s.

By Pc doc on Nov 11, 2008 | Reply

do you have av protection right now ?

By Terminator on Nov 11, 2008 | Reply

Folks.. one thing you probably didn’t know is that Antivirus Pro 2009 or spyware a like always tend to change the names or associated files periodically so it’s very very hard to pinpoint exactly what happens or what files to delete.

By Ed on Nov 11, 2008 | Reply

By the way this thing didn’t come from surfing any XXX sites. It probably came because you didn’t do your regular Windows updates like you should have and it exploited a security weakness. It could have hit you from damn near anywhere. This one is truly cruel and victimizes the unaware.

By Mike on Nov 11, 2008 | Reply

Thanks Fonzie. I did a search on *.exe for the last week and it brought up bratsk.exe and wini101960.exe. I deleted wini101960, but it wouldn’t let me delete bratsk. I changed the file name to crap.exe, then shut down my computer. When I rebooted, the Antiviruspro2009 shortcut was gone from the desktop and from the taskbar. I then deleted the crap.exe file. The virus was blocking McAfee before, but now McAfee works again.

By Kate on Nov 11, 2008 | Reply

I purchased this stupid antivirus pro 2009& I want to know if anyone got their money back? In my bank account it says CHRpaycomm who took the money out. But they didn’t leave a number!! Am I just screwed and not going to get my money back?? I cancelled my card also!!

By reversetrio on Nov 11, 2008 | Reply

I tried to do a system restore, but it didn’t work. I clicked “next” on the final page and there was no effect.
I did all that was suggested: deleted associated files and registry items, all except for brastk.exe. I renamed that one. When I restart, a new one has spawned alongside it.
The actual program doesn’t seem to be causing any more trouble, but the red x-ed circle is still there upon startup. It goes away when I crash explorer.exe, but that is just a band-aid. I believe that the red x-ed circle may be brastk.exe since it can’t be deleted because it is in use. Does anyone have any ideas as to how to shut it down for deletion? I don’t feel like leaving it on my computer, even though I figured out how to temporarily disable the circle.

By Pc doc on Nov 11, 2008 | Reply

Report this to your credit card companies to not to pay on it, it’s a internet scam, and to your bank to stop all payments. “Now”. all private info on your pc is at risk, try not to use infested PC until you learn as much as you can about this infest hitting pc’s across Us. and learn proper way to remove because it’s changing itself and all files to fool and to make you do what you think you should do ! it could save your pc from doom, and your info from getting out. careful with this one people

keep close watch.

This new virus is from the Ukraine and more could be coming. good luck.

By Pc doc on Nov 11, 2008 | Reply

And yes this virus can come from a video codec and
or a web page’s just from moving your cursor over a link now, attack’s windows based systems, keep all updates up to date if not every half a day for this one.

tell every one about this one and get the word out because it’s a big problem as we all can see here.

By John on Nov 11, 2008 | Reply

I came VERY close to buying this crap. But for some reason I thought it might be fake. So I googled it to see if it was real and luckily I found this…I downloaded this SpyHunter thing…what should I do?

By TommyN. on Nov 11, 2008 | Reply

John, since you downloaded Spyunter, you don’t have to pay for it, from my understanding, you need to pay $30 for the removal functionality. Now just scan C:\ drive. It’s a decent scanner. It will display the infected files and the path of those infected files. What’s next? Just DELETE them! If it’s “in use”, right-click the taskbar and access Task Manager, from there, end the processes first. If this doesn’t work, try to do it in safe mode. Good luck everybody.

By Pc doc on Nov 11, 2008 | Reply

I wonder how many machines this has taken out, out there in this cruel internet world, i think its a few, this thing really sucks folks let me tell you.
my other computer is my good one and it’s the sick
one “dang-nab-it” ! I heard also today of brand new builders of custom pc’s were having problems
loading systems and internet support for all updates and systems security patches when video
codec’s loaded from some normal sights and between updates i don’t know if this is true but this is mean one.

By Pc doc on Nov 12, 2008 | Reply

Are there any PC’s alive out there with this still ? Still having problems with Antivirus pro 2009 ? or your having slow machine after think it’s all gone ?

any reply’s PC Doc !

By jeff klein on Nov 12, 2008 | Reply

It would be nice to find some commonality. I run Compac/HP SR1910, WinXP,GeForce 8800GTS, Samsung 20X burner, and most recently installed program spade poker. all else standard exc. HDs and ram

By jeff klein on Nov 12, 2008 | Reply

…sorry, and a new USB wireless keyboard, and surfing porn…

By Ceri Sedate on Nov 12, 2008 | Reply

Just thought i’d mention that system restore did seem to work. Thanks for those that spelled out how to use it from start menu and on. Hopefully i’ve fixed this thing once i delete the directory for the piece of #(@$!@

By january on Nov 12, 2008 | Reply

ok I work for a tech spport for a computers on the phone but I hear this every day but a full restore witch brings you compurter to out of the box will fix if but it will also lose all what you put into the computer but it works.. you can try safemode to do a rollback

By Pc doc on Nov 12, 2008 | Reply

Yes this isn’t a bad Idea, but this Antivirus PRO 2009 is even trying to prevent full restores on some PC’s, If you do full restore or can, Update ! Update ! Everything for Windows systems and all Normal legit internet Anti virus and malware programs that you know area real.
and be careful with your backed up previous info
and file’s, corruption could be on them as well, and there could be any one of these bullcrap Pc Killer programs on it as well.

By Marg W on Nov 12, 2008 | Reply

I worked for 2 days to remove the virus. it was very stubborn but I was even more stubborn. I tried to drag the icon to the recycle bin, but it didn’t work. The icon stayed on the desktop, but it gave me a file name. Go to search files, and search all the computer..Type ~impi.exe as the file to search for, click search. This gave me 2 files and I right clicked on them and clicked deleat. they are gone and so is all the things it was doing to my computer. It was so simple if I had known to do this in the beginning. Good luck.

By Mr.J on Nov 12, 2008 | Reply

Pc Doc is an idiot. What kind of BS is that? He doesn’t know what he’s talking about.

By Pc doc on Nov 12, 2008 | Reply

“Ok” Mr.J I’m sorry, You Know !

“I bow to you” !

By Aretum on Nov 12, 2008 | Reply

1. I am fighting hard to get this damn virus out of my system since last 2 days.
2. Its not allowing me to install McCafee AV.
3. Its showing a blank Search screen with just a dog.
4. Its not allowing me to download any AV through internet
5. Is AntiMalware 2009 of any help? I am not able to install it either.

By CNS Digital on Nov 12, 2008 | Reply

oh oops i forgot to mention to run the prog in safe mode

By CNS Digital on Nov 12, 2008 | Reply

btw those claiming to use system restore to fix it are lucky but i doubt they are fully out of the clear. just using system restore does not delete the files associated with this and are sill on your pc. most of people infected with this, the restore points are all gone. so in that case just do what i said in previous post and your good to go.

By Martin on Nov 12, 2008 | Reply

Yes!!! §;) Now its gone. Just follow the Removal Instructions and it will be gone.

PS! You propably dont find every files when you search… Just delete everyone that you find…. and remeber to remove everything from register.

I found in another web, that you need to remove a few more strings from register

HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009
HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”
HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus Pro 2009″

By Mammasmith on Nov 12, 2008 | Reply

I was only able to remove the following files from the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro2009

HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”

HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”

I couldn’t find the following files in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus Pro 2009″

Any ideas??? Thank you!

By Jess on Nov 12, 2008 | Reply

sOOOOOOOOOO upset about this happening! My computer was infected and my other half used his card to buy the software. We will cancel it right away and talk with our bank and CC company, but what about this private information that it has access to? Should I be changing my passwords to my email accounts? What kind of information will they have? Thank you for the help!

By DS on Nov 12, 2008 | Reply

I just got this today and this post helped. Of course the trojan blocked any websites which are helpful - I had to type this site into my blackberry and follow the directions. It even started automatically logging me off after about 3 minutes.
To find the files I had to go tot the advanced tab and search in hidden files. I can’t find anymore files or reg strings but the damn red x is still there. I also can’t restore or use the spyhunter program. Still can’t delete teh brastk file either.
Can anyone help?

By Yard on Nov 13, 2008 | Reply

Yeah, so dont and I mean DO NOT go to chicagotech.net

The trojan lives at that site, it got me twice in one night… second time i was smart and I kicked the dsl out of the wall before it could download antivirus pro. My laptop wasnt so lucky. The site hosts a freeking hacktool.rootkit and the worm to download antivirus pro.

When I kicked the modem out of the wall, the worm gives the red x in the toolbar, but thats it.. it looks like windows, but its not. Kill that thing, Norton r*ped it..

DONT GO TO CHICAGOTECH.NET

By Yard on Nov 13, 2008 | Reply

DS

Update Norton with the latest virus definitions. Then disconnect yourself from the internet. turn off system restore, and run a full scan. A deep scan. Norton should find the Hacktool and kill it. Your red x will go away.
Good luck friend.

By Aretum on Nov 13, 2008 | Reply

I cannot open the window to RESTORE to previous date. Deleting the files mentioned above did not help me either. What should I do? Anyone knows !

By Yard on Nov 13, 2008 | Reply

Aretum,

Disconnect your computer from the internet immediately. Next open the task manager and end the processes mentioned above. Then try to run an antivirus program to get the lump of the files out, then goto your registry and start deleting. Dont use the uninstall hardware wizard, that will just start the hack again. Keep your task manager open and keep ending the processes as they appear. Run a search for the above files. Delete, once you can browse your computer without the virus popping up again, cautiously connect your computer back to the net, download the latest virus definitions. disconnect your computer from the net. Turn off system restore, Run a deep scan, delete any files that norton finds. Then go through your registry again. its a tedious process but most importantly, disconnect your compter from the net.

By buddy on Nov 13, 2008 | Reply

i tried “system restore” as recommended by a lot of people but no avail. Antivirus Pro 2009 still exists. Please help.

By kobe on Nov 13, 2008 | Reply

I don’t have antivirus pro 2009, but it’s called antispyware xp 2009. Are they the same?

By scott on Nov 13, 2008 | Reply

Gave restore a shot. Restore renamed the file ANTIVIRUSPRO2009(2). I I did a search for that file and deleted it. All appears well. Will keep all up to date if it returns.

By Kopey on Nov 13, 2008 | Reply

Well… someone in my house of 6 people picked up this virus somewhere most likely from looking at dirty pictures… but anyways everyone in my house is computer retarded (no offense to anyone out there) except me and im 15. well i came home and noticed the fake alerts and new right away when i looked at the name it was another one of these. I picked up antvirxp08 a few weeks ago which was quite the virus it took me 4 days to get it out. This one however seemed easier i followed the guide but there were a few files however that couldn’t be searched in the search engine. The red X is gone but im not quite sure if its all deleted…

By Dave on Nov 14, 2008 | Reply

## TRY THIS IS SYSTEM RESTORE DID NOT WORK FOR YOU! ##

By rsu on Oct 30, 2008 | Reply

Easy way,

1…. As Bart Stratton said and PLUS my own idea..
Here is how I killed it. search “*.exe” Sort by date. For me, this was the same day. delete all the .exe files that installed at the time you got the virus. You should see wini101960.exe, AclntUsr.exe, brastk.exe and some others that all modified at the same time. Delete these files. The files I named I had to bring up my task manager to stop these processes and delete them. It worked for me. I hope it works for you.

2.. To recap, try to delete all the *.exe files installed around the time of infection. If you are unable to delete, just rename the them to dummy name and recreate a same file with nothing in it and make it READ only.

then restart your PC…this time you can go and delete renamed dummy files

#

I have to re-quote this :p

Thanks!

By Tom on Nov 14, 2008 | Reply

Home computer got this piece o’ crap when someone opened an email saying it was from “UPS” and a shipping invoice needed to be printed. The “invoice” looked like a word document but it was the malware installer.

Many hours later I am still trying to clean up the mess. Those who think they got it removed might find it comes back later. Even though I got rid of brastk.exe and rsnet32 it keeps trying to change files in c:\windows\system32. It tries to put a version of svchost.exe there and some associated DLLs. If A/V doesn’t stop it then it just re-infects the whole system. It even wrote “server.exe” and “autorun.inf” to a flash memory drive to try to spread the infection to other systems.

I hope someone comes up with a one step cleaner program for this because it is nasty and stubborn.

By Helllllp! on Nov 14, 2008 | Reply

Thanks Dave - I’m trying everything suggested and have found the .exe files and managed to delete all except the ‘barstk’ - I’ve renamed it but not sure what you mean or how to create a same file with nothing in it.. can you offer a more detailed explanation for doing this? Thanks v much I’m currently on my work laptop as this hideous thing is on my personal one! Grrrr
Thanks, Helen

By squidney on Nov 15, 2008 | Reply

I too could not get rid of all the files. Everytime I re-booted the thing was back. I tried Fonzies suggestion of renaming the braskt file, creating a new, blank file called braskt, setting it to read only and then rebooting. Yahoo - the damn thing was gone, I quickly deleted the renamed and fake files. We’ll see how permanent a fix it was. Thanks Fonzie!!

By reversetrio on Nov 15, 2008 | Reply

I seem to have beaten it using Fonzie’s advice.

For Helllllp!:
Rename “brastk.exe” to “brastk”. Then open a new text file, leave it blank, and save it in C:/Windows/System 32 as “bratsk.exe”. Then restart your computer, go into System 32 and delete “brastk” and you should be in the clear if you’ve deleted all of the other files suggested. Otherwise, we’ll see.

By reversetrio on Nov 15, 2008 | Reply

I seem to have been wrong.
Brastk is gone, but I can’t update my antivirus software, which means that some components are still here somewhere. I still can’t restore either. I did, however, update windows. When I did, it told me about this trojan program, Win32.Renos, which is very similar to AntivirusPro 2009.

By Daniel on Nov 15, 2008 | Reply

Someone please help me…
1. I can’t delete brastk!!!!
There were two files and I deleted one of them, but my computer denies the other one!!! and the technique you sugested didnt work…
2. When I open run and regedit, it says “The Administrator has denied permission for editing the registry” and something along those lines…
BUT I AM LOGGED ON AS THE ADMINISTRATOR!!!
3. I tried restoring my computer by setting a restoring point, but it says that I can’t and tells me to restart my computer, so i did, and it doesn’t work again…

If anyone has any knowledge on how to solve any of these, please TELL ME….
I need my computer…

By homero on Nov 16, 2008 | Reply

anyone know how to get the web browser to stop redirecting to unwanted sites . I have removed most of this thing but still cann’t get it all, it will not let me install or open spyhunter or several other scanning programs or even visit anti spyware sites on the web

By homero on Nov 16, 2008 | Reply

I have Mcafee and it doen;t find anything but it is still mucking up my pc

By thomas on Nov 17, 2008 | Reply

got a m8’s pc and its got this thing on it. tryed System Restore didn’t work and it will not let me delete files . so i just reformatted. was the olny way to get it working 100% for me….

By professor_gauss on Nov 17, 2008 | Reply

The following is how I got rid of this horrible virus from my laptop (running Windows XP Home Edition). It is based on Fonzie’s advice, above, but I found out that more than that was needed. It took me several hours to achieve success, so I am posting here in the hopes of saving you some time and (possibly) aggravation:

1) Disconnect from the internet.

2) Restore the computer’s configuration to an earlier configuration: Start ==> All Programs ==> Accessories ==> System Tools ==> System Restore ==> Restore my computer to an earlier time ==> Next ==> Select a boldface date on the calendar that looks like it corresponds to a valid configuration that may have been before the infestation occurred. Follow the directions to roll back to that earlier configuration, but do not restart the computer.

3) Find the files C:\WINDOWS\brastk.exe and C:\WINDOWS\System 32\brastk.exe. For each file: Right click ==> Properties ==> Read only ==> OK

(Note: Make sure your Explore ==> Folder Options ==> View ==> Hide file extensions setting is unchecked in order to perform the following steps.)

4) Rename each file fake_brastk.exe

5) Create an empty file in each of the two folders: New ==> Text Document ==> Name (or rename) “brastk.txt”, and make them Read Only (as described above).

6) Rename each file “brastk.exe”.

7) Disable all software from automatically running upon startup: Start ==> Run ==> msconfig ==> Startup ==> Disable All ==> OK

Restart your computer.

9) Delete the fake_brastk.exe file from each of the two folders. Keep the empty brastk.exe files in place, however.

[You may need to repeat steps (2) through (9) more than once.]

10) Install and run a real antivirus program. Perform a complete system scan, restarting as directed, until your system is clean.

The above seemed to go more smoothly for me because I happened to have Spybot Search & Destroy Monitor active on my task bar. This appeared after I tried to run Spybot Search & Destroy (without success). As I was performing the above steps, this monitor kept popping up messages telling me that it had blocked an attempted change to the registry, which probably bought me some time. Also, if you need to download anything to your infected computer from the internet, you can do so by burning a CD-ROM on another computer and letting the infected computer read from it.