Yesterday, I had two friends email me about their problems with the Antivirus 2009 malware that infected their machine. They both suggested that I make a post about it. This software is apparently a widespread problem. It acts like it’s antivirus software when it’s really a virus itself.

Since the software uses randomly generated registry keys and filenames, it’s difficult to provide instructions on how to manually uninstall Antivirus 2009. However there is software available called Malwarebytes that will scan your computer and get rid of it easily for you. You can download Malwarebytes here.

Here are some notes sent to me from a friend on how he manually removed Antivirus 2009:

• Killed the av2009.exe process using Task Manager
• Took a look at where the Antivirus 2009 shortcut pointed (they put one in the desktop)
• Took a note on the date and time of the av2009.exe file
• Searched the Registry to see if they were any references to av2009.exe. Did not find any.
• Removed the C:\Program Files\Antivirus 2009 directory and all files
• Removed the desktop shortcut
• Removed the shortcut in the Start Menu (be aware they put it in the upper area, where Windows Update is located)
• Rebooted, but then discovered that IE was still infected, in particular when I tried to navigate to Sysinternals. Also discovered that the Security Center applet in Control Panel was not working
• Went to Windows\System32 and found 3 files from about the same time of the infection:
  ieupdates.exe
  scui.cpl
  winsrc.dll
• Again before removing the files I searched the registry and deleted references to ieupdates.exe (register to start automatically) and winsrc.dll (registered as a COM file)
• Reboot again and tried IE and Security Center, both are working now
• To Remove Brastk.Exe and Karna.Dat, boot to safe mode. Delete karna.dat and brastk.exe in C:\Windows (or C:\WinNT) and C:\Windows\system32.
• Delete wini10###.exe in C:\Windows\system32.
• Replace beep.sys in C:\Windows\system32\drivers from a backup source or simply delete it. Make sure the good file does not exceed 10k.
• Delete the entire Antivirus 2009 folder in C:\Program Files.
• Remove the brastk string from the registry under:
  HKEY_LOCAL_MACHINE
  SOFTWARE
  Microsoft
  Windows
  CurrentVersion
  Run.
• Remove the Antivirus 2009 string from the registry under
  HKEY_LOCAL_MACHINE
  SOFTWARE
  Microsoft
  Windows
  CurrentVersion
  Run.
• Modify the AppInit_DLLs string from the registry under
  HKEY_LOCAL_MACHINE
  SOFTWARE
  Microsoft
  Windows NT
  CurrentVersion
  Windows by removing karna.dat.
• Remove the Antivirus 2009 key (entire subfolder) from the registry under
  HKEY_LOCAL_MACHINE
  SOFTWARE
  Microsoft
  Windows
  CurrentVersion
  Uninstall
• Restart Windows normally.  Reinstall your antivirus software.

You can also check out these detailed instructions on manually deleting Antivirus 2009.