AV2009 (AV 2009) Removal Instructions (av2009.exe)

By Mel Hirtzel on Jul 9, 2008 | Reply

Had a work station encounter this on a Trusted Site… The user insists that she was searching for an address when the screen filled.
After some flustration with shutting down to reboot, I restored a just previous saved registry, allowed me to search down the files etc. in the registry. Just for good measure, I used CCleaner and Registry Mechanic… The mechanic really did the job, I watched the ICON for this AV2009 pest, blink lose it pretty colors and turn to blue, when the mechanic found the link..

By Scott on Jul 16, 2008 | Reply

Why do you suggest deleting shlwapi.dll?
I had to do a repair install of windows because that file is require for logon.exe and other critical processes to run.
At least warn people first.

By Raymonde on Jul 23, 2008 | Reply

I installed the spy hunter spyware and it worked. Thank you for the info. I had to pay to register since after finding the rogue it only removes with the full version.

By cathy brown on Jul 29, 2008 | Reply

i was tricked into purchasing av2009. what recourse do i have?

By Freddie on Jul 30, 2008 | Reply

I was surfing for pomeranian tips as I have one when lo and behold I was hit with this AV2009. It downloaded on a cancel which put up a light with me. So I put it to save. Still it executed. Very persistant so I closed the whole IE Browser. Did not know it executed as I did a complete scan with AVG, with nothing unusual coming up. Today I went to you guys to find out what it was. Thank you folks very much as my problem may be resolved. I did not use the dos as I am not comfortable with it and there seemed to be an indescretion as to what file to go to. Regedit is very dangerous. So I take it in priorities. I went to add/remove and removed. Went to program files and deleted. Went to system 32 files but could not find any related files. All seemed well until the monitor went to sleep and when I clicked it back up, it had the warning. I asked it to IGNORE. So I came back to you guys and did alot of reading. I downloaded spyhunter and it found 2 more files in the registry. It would not remove unless paid for, so I followed instructions here for remove registry values, I went to run, entered regedit, edit, find and I asked find for “av2009″, lo and behold there where the 2 I was looking for, that spyhunter found. Thank the almighty it allowed me to delete them from regedit. Hope this works for you.

By Tom_CQ DX on Jul 31, 2008 | Reply

I spent the last two days trying to get rid of AV2009 which would pop up every few minutes and interupt my work. After finding your recommendation to delete av2009.exc in the Process/Task Manager, I was able to correct the nasty problem in one minute. Thank you so much. You saved me time and money on this one.

By Christian on Aug 2, 2008 | Reply

Isn’t there any free way to do this?

By Ashley on Aug 2, 2008 | Reply

plz help me!
It wont let me to to open the task manager,
and I dont want to pay to get full version of SpyHunter.

do I have to re install windows?

By Patricia on Aug 7, 2008 | Reply

After 3 hours of trying to remove av2009 I finally was able to do it by using task manager. First close all running programs and shut down your computer.
Restart it as usual. Then hold down your Ctrl, ALt and Del keys together,,,the task manager box will open up. Click on the tab at the top labeled Processing. Only the Antivirus 2009 program AV2009 should be running and should show up.
Highlight it and Click on the END process, should be on lower right side. This worked for me and even removed the icon.
Restarting my computer, AV2009 showed up in my program files again,,,but I was able to remove it by clicking on it and hitting delete. This didn’t work before,,,,said it was protected.

If you can’t open up task manager, close all programs running and shut down your computer. Start it up again and hit the F8 key at startup,,,do a systems restore BEFORE the date your computer was infected.

By Helpful on Aug 15, 2008 | Reply

In Task Manager stop av2009.exe process

In Registry search for ‘ieupdates’
Delete all Keys that relate to ieupdates

Search C: Drive for
av2009.exe and ieupdates.exe

Delete those files…reboot

That’s how I fixed mine.

By Mr. Bowtie on Aug 15, 2008 | Reply

If you are still having issues access the Task Manager you need to edit the Registry Key for the Task Manager. As soon as you change this registry key, immediately hit CTRL+ALT+DELETE because I have seen many of these malware proggies revert this registry setting. Another way to permanently eliminate issues with altering this registry is to remove all users but your logon in the permissions of this registry key. The DisableTaskMgr key is probably set to 1 instead of 0. I believe you can right click the key on the left pane to access Permissions. Deny access to all people but your logon, then make the registry change.

REGISTRY KEY:
=============
[Start] [Run] [Regedit]

Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Modify the Value Data Type and Value Name as detailed below.
Data Type: DWORD Value
Value Name: DisableTaskMgr
Setting for Value Data: [0 = Enabled (Default) / 1 = Disabled]

Also, as a separate note…if you are having trouble deleting a file, just rename the file to a different suffix like .OLD and then when you restart the computer the file won’t be locked any longer and you can delete the file from your system.

By akul on Aug 21, 2008 | Reply

hey thanx !! deleting AV2009 from task bar did really work !! i was previously having so much problems but now it is all fine in just a minute!!

By Oj0 on Sep 17, 2008 | Reply

Surely if a file is locked open you won’t be able to rename it either? I just discovered it in a customer’s msconfig but miraculously it was disabled

By Chris on Oct 14, 2008 | Reply

AV2009 tried to download itself on me but I realised it was a spoof and managed to close it all down. However now on every startup I get the message ‘av2009exe has stopped working correctly’ How can I stop this appearing? Or is something more sinister going on?

By magi on Oct 19, 2008 | Reply

i have encounter Av2009 last night an now it is stuck in my pc. I am almost positive I got it from Myspace. I need help!

By Caroline on Nov 2, 2008 | Reply

Yes, it is much more dangerous d uninstall using a manual method due to system loss and failure. Most websites do warn you.

By Jack on Nov 7, 2008 | Reply

I found the files ieupdates and deleted it and there was another named ieexplorer32, im assuming that i shouldnt delete it =, but it would certainly be nice to know

By Joel on Nov 7, 2008 | Reply

My girlfriend went to myspace tonight and this av2009 popped up she was smart enought not to go thru with it and turned off the machine. I came home and immediatly reverted the computer back to the last restore point. Took care of the poppup warning box. Then I removed all the related files and registry entries. So if you catch it fast enough you can go back to your last restore point so you can get onto your machine and fix the problem manueally

By Richard on Nov 21, 2008 | Reply

Found an even easier way to uninstall this bloody thing. Simply locate the Av2009 file in the C Drive under Program Files I think (not sure what its called in English, in Spanish it’s in the file “Archivos de Programa”)and delete, then remove from recycle bin. Worked for me anyway.

By Roland Butter on Nov 23, 2008 | Reply

Find it in ‘Programs’
Change .exe to.txt
Restart computer
Goto ‘Programs’ and delete the file.

By Ellen Dawson on Dec 4, 2008 | Reply

I thought my computer was hosed when I got the AV2009. Couldn’t find it in add/remove programs and couldn’t delete it from program files. Easy fix, took less than 10 minutes including booting time. I pressed F8 when the computer was starting so I could boot in safe mode. After it was loaded, I was given the option to do a system restore from a previous date. I picked a week before I got the virus, it did it’s thing, restarted itself and the virus was gone. I’ve heard that doesn’t work for everyone but it worked great for me.

By Scott mills on Dec 13, 2008 | Reply

scan in dos to get rid of av 2009 I did it and it worked it 3 hours

By jhozel `1 on Dec 29, 2008 | Reply

I cant delete av2009.exe what should I do? Please help.

By Annonomous on Jan 5, 2009 | Reply

I just went to anti-virus 2009 in all programs and uninstalled it =D

By ralph on Jan 9, 2009 | Reply

Our office manager reported that her boss’s machine was infected with av2009. She had experienced an av2008 infection on her home machine, with disastrous results, and so she knew the av2009 security messages were bogus. This machine is protected with the McAfree security center. The McAfree program did report that a file named ieupdate.exe contained a Trojan program and offered to remove it and apparently it did successfully remove it. Unfortunately the damage had already been done and the McAfree program does nothing to remedy the av2009 problem once it is established.

I Tried to unregister the shlwapi.dll and wininet.dll files and got this message: “shlwapi.dll was loaded, but the DllUnregister Server entry point was not found. This file can not be registered.”
I was able to use the task manager to stop the av2009 process.
I found a directory “\Program Files\Anti Virus” which contained the av2009.exe file. I deleted both the directory and the file.
I also deleted instances of the shlwapi.dll and wininet.dll files.
ON the registry I could not find an entry labeled “HKEY_CURRENT_USER\SOFTWARE\ANTIVIRUS” I did find an entry that substituted the “ANTIVIRUS” for a long number and contained the av2009 references.
Anyway, I more or less followed the directions shown here and as far as I can tell removed the av2009 problem

By Sam on Jan 19, 2009 | Reply

Dad downloaded this thinking it was from Micro$oft, got rid of the .exe easily enough through task manager and then editing the .exe in trusty old notepad, deleted some code, added a few swear words

Thanks for listing the files it left behind, cant wait to destroy them ^^

By Sam on Jan 19, 2009 | Reply

As an extra note, on my system the virus used the number 25258658831455650287781510384894 to make registry files it had dumped seem non descript.

By brandon on Feb 2, 2009 | Reply

heres something for all that will be easy!!!! REFORMAT!!!!

By JUDY on Mar 13, 2009 | Reply

I NEARLY LOST MY REALIGION OVER THIS “MESS” THAT CAME UP ON MY SCREEN. THANK GOODNESS FOR FOLKS SMARTER THAN I THAT HAVE EXPERIENCED THE SAME. THE CONTROL, ALT, AND DELETE ON THE TASK MASTER WAS “THE TRICK”… THANK YOU FRIEND. THIS COMPUTER GETS TO SLEEP INSIDE TONIGHT… GOODNIGHT ALL AND PEACE AT LAST.

By Andrea on Mar 25, 2009 | Reply

I have ZoneAlarm which has been deleting a couple of viruses & spyware since I got the AV2009 bug, I also downloaded Spyhunter trial to find the files to delete (did that), also looked for the files in task mgr (found none)
and cant find anything named AV 2009 or full name in a file, program or task mgr. I do have tons of .exe files in task mgr but don’t know which ones are legit or not. I also did a system restore which seemed to help but the next day the AV2009 was still there. I don’t know what else to do! Can anyone tell me how to know which .exe files are real & which are part of the bug? Thanks in advance!