Antivirus 2009 Beware

There must be varients of the Antivirus 2009 malware as Anti-Malware has removed all traces the many times I've used it at work. Although they are getting clever as a recent version I have seen pops up with a fake BSOD and loading screen advising you that your "Antivirus 2009 is out of date".

 

Sounds like your machine has been hit by an increasingly common hack technique.

Basically, it works like this: Your machine becomes infected. The first thing the virus does is makes a little, innocent looking alteration to your registry. Then it does its more noticeable effects.

The registry modification it does is basically to tell your machine to go straight to a particular web page as soon as you start your browser. This page downloads the virus and runs it, just in case your antivirus software had previously removed it. Sometimes the virus installs a little downloader to re-download its payload everytime you restart your machine. Both these strategies are difficult for antivirus software to detect.

There is a piece of software called 'HijackThis' which helps you identify dodgey registry modifications. I would start by trying that (I used it in the old days before I switched to Linux for my hime OS).