Are you Guys Familiar with ANTIVIRUS2009 that found in the Web anywhere?

Is there any one encounters a BINARY FILE like AV2009INSTALL_77013605.EXE?

Hope to hear from you guys!

Thank you",)

I think it’s a rogue antivirus program. Avoid it like hell, cos I heard it’s very difficult to remove :o

Yes, it is a rogue antivirus.

The makers of such crap and alike crap ought to see apple trees grow out off their asses!! (:AGL)

Malwarebytes’ Anti-Malware should be capable to remove this piece of junk :

Greetz, Red.

But can BOClean detect it? Or CPF?

CFP will alert you to it’s install, BoClean is unsure.


Hi duke1959 :slight_smile:

Yes, BOClean should detect it :

42508. RSK-ANTIVIRUS2009

Fom here :

Greetz, Red.


BoCLEAN and CFP3 did not detect while ANTIVIRUS2009 or that crap is Scanning Automatically my System. this Malware program is designed to elude Firewalls, Anti-Malware or even Antivirus. I monitor my AVAST! WEB SHIELD while scanning does files from ANTIVIRUS2009, how sad… no Malware trace were found… COMODO should take Action Against this kind of BANG… TREAT.

Superantispyware takes care of this Virus/Malware
also Avira (After scanned with SAS in Safe Mode) will pick up the rest

Comodo does have protection against it and it’s called Defense+, it will block it if you ask it.

You see, this is the problem with detection. The products are updated every moment just to evoide the detection. They aren’t stupid the malware makers… (sadly)


That’s true too Defense Will block If you know what to do when it comes up…
but if you don’t then you are pretty much toast

that’s one flaw with prevention,
unless it becomes automated :frowning:


my PC is infiltrated with ANTIVIRUS2009 “EVEN” I closed immediately my Browser. my CFP3, BoCLEAN did do nothing… even alerts, CFP3 did not show up! how could you explain this?

(im a Vista user. since you don’t have a Anti-virus yet for vista, i decide not to get any anti-virus because I’m a solid supporter of Comodo. I’m using Comodo FIREWALL PRO 3 and BoClean but to cut it short, my Pc infiltrated with at SYSTEM 32 ROOTKITS while surfing the net… why is this happen? i set my Firewall to a maximum strength but its useless… i Scan my Pc using Firewall Pro 3 Defense Plus but suddenly it appears clean! thats why i downloaded an AVAST HOME FREE ANTI-VIRUS because my Pc is becoming unstable and all my Programs is not working properly. when Avast finally Scan my System, Avast deleted 4-Rootkits that harm my System 32. Thanks to avast… can you imagine Avast outperforms Firewall Pro 3? I tought BoClean is design for Rootkit as well as Firewall Pro 3 But, they do nothing to protect my Pc. i trust comodo but I’m so dissaponted with what happend last time. AVAST HOME ANTI-VIRUS saves my Pc and Repair my Damage system 32 without slowing my PC. I uninstall Comodo MEMORY FIREWALL last day because i makes my PC Slow and it takes a lot of CPU usage. Avast is Lighter Program than Comodo Memory Firewall and (Comodo Antivirus 2.0 “Base on my XP Pc”). i do hope, your Comodo Antivirus 3 will be more effective, LESS CPU USAGE than any other solution out there specially here in philippines.)

Did you checked the health of Comodo Firewall Pro?

Go to Miscellaneous tab → Diagnostics. After comodo repairs the problems, reboot the pc.

I once checked the strength of comodo firewall pro 3 with some leak tests, and the weren’t detected bij cpf 3 because there was something wrong with the config of cpf 3, after repairing cpf 3, the leaktest were detected.

Good luck


can you run a report with this tool, maybe your “settings” are not optimal.

I’ve analyzed this malware before and with CFP i got some popup’s don’t think BOClean will alarm on this.
It first shows you a browser window with an animation as if the scanner is already running, and of course your heavily infected according to this animation, after that i got a prompt for an executable to “solve” the problems.

I ran this in a controlled environment and CFP went loud as hell…

you could try to clean up manually, here is a little help.

Do you have any pop-ups of the virus like : you’re computer has been infected, please download … Or was it just in the browser ? I had it once in the browser and it was no infection…


ZIP and e-mail me the binary file please.

Yeah, give me to please, I want to add it to my malware samples and test it against some products.

skixanneke [at]

H! eXPerience


that is the BINARY FILE. this type of Malware is so effective. it instantly BANGS… on your screen without knowing in any site while you where surfing!

That’s the name of the binary file, we would like you to e-mail the actual file to us so we can analyze it.

H! Ronny

this is my current Firewall settings during my PC is infiltrated with Antivirus2009. i do not Have any Antivirus program during the attack. im using BoCLEAN 4.26 and CFP3.

Firewall Behavior Settings

Firewall Mode [Custom Policy Mode] Alert level [Very High]
Keep an alert on Screen For a Maximum of 300 seconds
Enable Alerts For TCP requests
Enable Alerts For UDP requests
Enable Alerts For ICMP requests
This Computer is an Internet gateway
Enable Alerts For Loopback requests

Attack Detection Settings

Block Host attempting portscans For 5 minutes
Emergency Mode Duration during DOS attacks: 300 seconds
TCP Flood Traffic Rate 20 packets/second
TCP Flood Duration 20 seconds
UDP Flood Traffic Rate 20 packets/second
UDP Flood Duration 20 seconds
ICMP Flood Traffic Rate 20 packets/second
ICMP Flood Duration 20 seconds

Block Fragmented IP Datagrams
Do Packet Analisys
Protect ARP cache
Block Gratuitous ARP Frames

good thing theres AVAST! HOME EDITION thats why, my PC returns it Health. I will uninstall my AVAST! as long as CAVS 3.0 will be available.