« InstantAccess
Antivirus Lab 2009 »

AntiMalware 2009

No Comments
GoldSparrow By GoldSparrow in Rogue Anti-Spyware Program | 53 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

AntiMalware 2009 Description

AntiMalware 2009 or AntiMalware2009, is a rogue anti-spyware program. AntiMalware 2009 is usually installed in the user’s computer system with the help of Trojan Zlob or the user may have downloaded it from a malicious website. Once installed, the user may receive annoying popup notifications of imaginary spyware infections. These fake notifications redirect the user to fraudulent websites, such as AntiMalware2009.com, that sell AntiMalware 2009 as a legitimate software. AntiMalware 2009 is not able to detect nor remove any spyware infections. AntiMalware 2009 is an infection itself.

In addition, AntiMalware 2009 is able to emulate a computer system scan and trick users into believing their computer systems are flooded with spyware. The result of this scan is entirely bogus and is only meant to push users into purchasing the “full” version of a rogue software. AntiMalware 2009 may also hijack the user’s Internet browser and display a fake popup notification stating that the browser has been blocked due to the presence of malware.

AntiMalware 2009 may cause system errors and freezes. AntiMalware 2009 is a clone of eAntivirusPro and XP Protector 2009.

Type: Rogue AntiSpyware Programs

Automatic Detection of AntiMalware 2009

 
 

Download SpyHunter’s Detection Scanner
to Detect AntiMalware 2009.

 
 

AntiMalware 2009 Technical Report

As new AntiMalware 2009 details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following AntiMalware 2009 files with its MD5s were created in the system:

File Name File Size MD5
thcr7cj0ea59.exe 1073152 ed862e11798a1eb8ade3367a91936d64
lphc3h7j0er4g.exe 110080 d1246ba60fd8a825fa84eb23167a88b1
lphcvb7j0epbg.exe 109056 d1c464f7833c8f73483c9add4ef39032
lphccs8j0ec0t.exe 35328 ed372ec003a109b7fbde481d85eb1a52
lphcgj0j0ea13.exe 92160 b3ce25d3d32366e53d2abe820de28008
lphcvg6j0ec8r.exe 109056 222546354bd5cd16463a5c3dbbdb1978
lphce0sj0e9ea.exe 109056 f605811d5d780edc088a0124ff6c0bda
lphc7lwj0e9cr.exe 109056 6a95670f745fdd5b7088cbd54e776235
rhcgjoj0ej65.exe 14348 5b98417e55bebd2a47fdd67e53d1c138
lphcv1cj0er1q.exe 35328 73a2cc31bde06c4a9b007fbc6505568d
lphcpf8j0ev63.exe 110080 af5765260f52a51115ecce9e1a9d78eb
lphcgapj0ej5n.exe 110080 d2af7748616f4ecfc57ef39365c7ef8f
lphcro7j0ea2e.exe 110080 65f0e4fe8729eaad86af287b21260d1d
lphcncqj0e5d5.exe 110080 a1d259a46e75710f70e6a002ab5766ee
lphc3nnj0el21.exe 110080 4b12f22496ab3ce4b20e64ec35de5e08
lphc5nwj0etce.exe 110080 89e68a0c7b96cd0d713cbba7c8211f77
lphcvwwj0ec1p.exe 114176 a6bdcfebc4f86e6158517a85020af81d
lphct1wj0ev6n.exe 110080 a4a2f3c4728611b60d1ed8d495600cfe
lphccr5j0e92n.exe 35328 74bce1de622fb4c2c45d68b64732c02e
lphc787j0enqa.exe 136192 6813ef52cf785baaf65a1a3912ebc8b7
lphclraj0e521.exe 63488 2d21a3c92e4edf0a81725ce39f111dd0
lphcg7pj0etg5.exe 130048 b69decdfda14678fde18a62e8d1db171
lphccnqj0e111.exe 110080 b1effa99fc177f84ec02da9d1e051711
lphca74j0ea6n.exe 129536 2d6196c5f13a9ab138a07b7e00e655a7
lphcnwgj0eab5.exe 144896 9f50cf3c0a461fc261e219d5a3bba103
lphcnnbj0eeb5.exe 133120 ca7ff22857dfe216bbcbdf59341be94f
lphc7mej0ea4n.exe 275195 ea732071610f8f424d3886571e7aa54d
lphc3q1j0ec7c.exe 195072 3b62aa1bfabe059f2b10eccf4eea7911
lphcgt4j0etfp.exe 194048 783931afa032844ee4694c85fb04a629
lphce61j0erf3.exe 274901 09858279e231613d60c044cbd45725b4
lphca5sj0ee31.exe 194560 5141fdf6c6d4d219397080bc0b080301
lphca8fj0e365.exe 188416 83fb7128df13fc9a495de604e4692bf0
lphcgt6j0e981.exe 195072 353a151d96e1f02208baff2bd2ac521b
lphclo4j0ep4c.exe 183296 4694e7c18d5153432d9070d336c1f572
lphcaduj0ec69.exe 188416 34290080ab5a43503d02433645b9a9f0
lphcv7jj0epa9.exe 195584 596a12d7381442a0da8cd7f82b0b283b
.tt79.tmp.exe 1612772 88a738f30a866d5a9ff3a1e882b822e9
lphcrtpj0e32n.exe 187904 835850d7a2c781134aa04a32b8935f98
lphc796j0elf3.exe 190464 1a8ce6271acde7994c55c1ef65ccb961
lphc7uvj0eebt.exe 203776 0554e5db1a8a45261de65bf84413c4fb
lphcr0lj0e9fp.exe 194560 e62fbb761c04f2e1229427e2cf7500ea
lphc5t2j0ejc5.exe 199168 9580b408fec5d30e1248cd70a882b07e
lphcpdvj0e74t.exe 203776 b2f01fcee2627f643b8279d115eab8fe
lphc7utj0e583.exe 203776 02518e8011d1820b9fda851fc744bdfa
.tt43.tmp.exe 1614800 080fdc2be8c39b1c4766e91aa2eb66c4
.tt7E.tmp.exe 1617101 d954b8589a40b93cf66f7ee142f741ba
rhcn7cj0ea59.exe 827392 c39c87276d40863b2a6fd36cc3ca4402
lphclwrj0ee6n.exe 194560 70d274d112658ed63aab0705f62975b3
lphcg04j0ene3.exe 110080 c2e75eb5d9fc299cb62955678c6d028a
lphcnnmj0ec7g.exe 133120 eccb3ad1f39b13f0516d4ccd5d6ca7eb
lphcjrnj0ecbn.exe 144384 95e378cc7efff94b371412abcb47b590
lphct6vj0e59c.exe 134144 01c3f755b78d50986a9f9eb0b6754554
lphcjcsj0ev9e.exe 210944 82bd2cbd9a51124ed65eaf713c31b64f
lphcaagj0e1dt.exe 137216 dc3aacd9af00da0df6fc0ca346d07d24
lphcgwnj0eg97.exe 144384 dbdc39922471cb5a7223d1e0cdd5f342

AntiMalware 2009 has typically the following processes in memory:

  • c:\Program Files\thcrkrj0etfg\msvcp71.dll
  • c:\Program Files\thcrkrj0etfg\MFC71ENU.DLL
  • c:\Program Files\thcrkrj0etfg\uninstall.exe
  • c:\Program Files\thcrkrj0etfg\MFC71.dll
  • antimalware2009.exe
  • c:\Program Files\thcrkrj0etfg\thcrkrj0etfg.exe
  • c:\Program Files\thcrkrj0etfg\msvcr71.dll
  • c:\WINDOWS\system32\pphcjkrj0etfg.exe

AntiMalware 2009 created the following directories, files, paths:

  • %AllUsersProfile%\Start Menu\Programs\AntiMalware2009
  • %AppData%\AntiMalware2009
  • %ProgramFiles%\AntiMalware2009

AntiMalware 2009 creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “SMthcrkrj0etfg”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\thcrkrj0etfg
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\AntiMalware2009
  • HKEY_LOCAL_MACHINE\SOFTWARE\thcrkrj0etfg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “AntiMalware2009″

Important Article Disclaimer

article disclaimer
ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 09/18/08 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs


Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2009. Enigma Software Group USA, LLC. All Rights Reserved.