PC Security 2009 is another fake computer security application developed in the tradition of rogue programs. Computer users may download PC Security 2009 unknowingly by drive-by-download method, which means it can be acquired by visiting malicious websites. If PC Security 2009 was installed, a number of pop-up alert and warning messages will flood computer screens that advise users to register the program in order to remove the threats. Pretending as legitimate, PC Security 2009 can easily convince victims to obtain the paid version through its own payment processing web page.
What PC Security 2009 Does?
The threat will run and scan computer for threats.
It will modify Windows Registry and add the following entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\PCSecurity2009
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\PC_Security2009
- HKEY_LOCAL_MACHINE\SOFTWARE\PC_Security2009
- HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”
- HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”
- HKEY_LOCAL_MACHINE “info”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “PC Security 2009”
The threat will drop the following malicious files:
- %UserProfile%\Application Data\ciwizatyvo.vbs
- %UserProfile%\Application Data\equcetovyf.scr
- %UserProfile%\Application Data\huwo.lib
- %UserProfile%\Application Data\netekoh.pif
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Security2009.lnk
- %UserProfile%\Cookies\qyciq.exe
- %UserProfile%\Cookies\tufubyvyv.inf
- %UserProfile%\Desktop\PC_Security2009.lnk
- %UserProfile%\Local Settings\Application Data\dofevura.ban
- %UserProfile%\Local Settings\Temporary Internet Files\ehyzubi.ban
- %UserProfile%\Local Settings\Temporary Internet Files\teqiqu.dl
- %UserProfile%\Local Settings\Temporary Internet Files\xujite.vbs
- %UserProfile%\Start Menu\Programs\PC_Security2009
- %UserProfile%\Start Menu\Programs\PC_Security2009\PC_Security2009.lnk
- %UserProfile%\Start Menu\Programs\PC_Security2009\Uninstall.lnk
- c:\Program Files\Common Files\edydule.db
- c:\Program Files\Common Files\sisejemaqy.pif
- c:\Program Files\Common Files\wepyta._sy
- c:\Program Files\PC_Security2009
- c:\Program Files\PC_Security2009\AVEngn.dll
- c:\Program Files\PC_Security2009\htmlayout.dll
- c:\Program Files\PC_Security2009\PC_Security2009.exe
- c:\Program Files\PC_Security2009\pthreadVC2.dll
- c:\Program Files\PC_Security2009\Uninstall.exe
- c:\Program Files\PC_Security2009\wscui.cpl
- c:\Program Files\PC_Security2009\data
- c:\Program Files\PC_Security2009\data\daily.cvd
- c:\Program Files\PC_Security2009\Microsoft.VC80.CRT
- c:\Program Files\PC_Security2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
- c:\Program Files\PC_Security2009\Microsoft.VC80.CRT\msvcm80.dll
- c:\Program Files\PC_Security2009\Microsoft.VC80.CRT\msvcp80.dll
- c:\Program Files\PC_Security2009\Microsoft.VC80.CRT\msvcr80.dll
- c:\WINDOWS\bezyneluri.dll
- c:\WINDOWS\hitamoja.db
- c:\WINDOWS\jagavodo._dl
- c:\WINDOWS\uwojevuk.reg
- c:\WINDOWS\xyqimomyte.inf
- c:\WINDOWS\system32\_scui.cpl
- c:\WINDOWS\system32\exeneqaze.vbs
- c:\WINDOWS\system32\ezecep.scr
- c:\WINDOWS\system32\loturyk.db
- c:\WINDOWS\system32\sibajisehe.exe
- c:\WINDOWS\system32\xyluny.dat
- c:\Documents and Settings\All Users\Application Data\hipeh.vbs
- c:\Documents and Settings\All Users\Application Data\imevata.exe
- c:\Documents and Settings\All Users\Application Data\juvugyx.sys
- c:\Documents and Settings\All Users\Application Data\tihavodyru.dl
- c:\Documents and Settings\All Users\Documents\emytijy.bat
- c:\Documents and Settings\All Users\Documents\etycipifez._sy
- c:\Documents and Settings\All Users\Documents\uzasezo.bat
How to Remove PC Security 2009 Manually
1. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
– Click Start > Run
– Type in the field, regedit
– Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
– Base on the given location above, browse and delete the file
– If no location is given, click Start>Search> and search for the file.
– If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
How to Easily Remove PC Security 2009
1. Print this procedure as we need to close all programs running later.
2. Download AntiMalware Application here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
– Update the program
– Launch the program
7. The tool will run and update itself after installation. Close it after the update.
8. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode
9. Click on the icon and start to Perform Full Scan to begin scanning your computer for PC Security 2009 related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit AntiMalware Apps and restart your computer.
14. PC Security 2009 and all its files are now removed from your computer. To guard your computer from this threat and avoid future infections, you may want real-time protection from a full version of anti-malware program..
