MS Antispyware 2009 is a rogue application, which is distributed by one or more sites such as msantispyware2009.com, There are several variations of this malware, each creating different filenames and registry entries. [All the tools/ software mentioned in this article are fully functional freeware]
Check your security and your browsing habits: Insecure browsing habits will bring you more trouble than you expect, specially in the days to come. Click here to read more...
Trojan Removers: As you might be aware that this malware could be installed by a Trojan, you will need to remove that Trojan as well. Try these free tools. Click here to read more...
Preparation: Search for and keep the windows operating system disk ready, if you got one with your computer. Or check if there is a Restore Partition on your hard disk, in that case you won't require an extra disk. It is advisable to have a functioning antivirus application on your computer. You will also need to install CCleaner, and a Firewall application, you can choose one of the firewall applications listed at the end of this article.
Turn system restore off :This is necessary in order to remove the virus files that may be stored inside the system restore backup files, you can turn it back to ON after the computer is cleaned. Click here to read more...
Remove Processes from Task Manager Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for a process named msas2009.exe select if found and press the End Process button. It will prompt you , say yes, and then close the Task Manager. There may be more processes belonging to this malware. If you use a freeware tool called "Zenturi program checker" You may be able to see the path of a process in the task manager, and from the list of malware files given in this article you may be able to locate the malware processes from windows genuine processes .
Removing a Program from windows startup: The system configuration utility can be started in xp and in vista by typing msconfig in the run box. The run box can be opened in xp by clicking on Start > run
After the system configuration utility window is open, Click on the Startup tab, that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the path of the program on the hard disk, that will give you a clear idea, what program that is. Locate and uncheck the entries if found C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 Uncheck the boxe in front of these entries. Also look at other entries, if you find an entry of any of the malware files listed in this article, uncheck that too. This step is very important. The further cleaning depends on cleaning this list. Press Apply , Press Close/Ok , at the next prompt select "Restart the computer".
Searching andd Deleting the Folders / files on the hard disk After restarting the computer, use the windows search utility to search forAntivirusXP. This search will find all its folders on the hard disk , delete the folders from the hard disk. You may find the folder in more than one location. Delete its all instances.There are some more files other than this directory. You may need to enable to view hidden files and folders if you can not see the folders listed below. In XP, Control panel > Folder options > View . Locate "Hidden Files and Folders", select "View hidden files and folders" , press Apply, press ok.
Variation1 and 2) c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 Delete all the above folders if found.
Variation3) Apart from the above folders, these additional files were located. Delete these files if found. They are created inside legitimate folders. C:\Windows\System32\twain32\local.ds C:\Windows\System32\twain32\user.ds C:\Windows\Temp\_ad5.exe C:\Windows\Temp\_ad5.tmp C:\Windows\System32\twex.exe C:\Windows\Temp\3.tmp C:\Windows\Temp\4.tmp
apart from the keys above, additional registry keys are found HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Drivers HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Drivers\Video HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Drivers\Video\Options
Using Antivirus Application: Follow this step, if even after applying all the above steps, the virus still shows its presence in the computer. Click here to read more...
Using the system file checker (optional)
Follow this step if you notice trouble in the normal functioning of windows. This utility will check and replace the damaged/ altered or missing system files. Click here to read more...
If you are unable to access one or more sites during the repair process
- if possible use another computer to download the software needed for repairing your computer, and then copy and transfer it to the infected computer using any available means like a pen drive. - if you are using only internet explorer, and if it is blocked from visiting some of the security related sites, try to download/ install Firefox browser, and see if you can use it for the same purpose.
