Hello, How do I get rid of this. It keeps popping up Antivirus 2009.

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

Specially step 3 should help…

The first two items on line 3. of Tech’s instructions have been relatively good, MBAM the one to run first if anything.

Thank you for info and links - timing is everything.
I’ve also been getting the AV2009 pop-up for two days (4 times; I just closed the browser from Task Manager each time) and started researching it 12 hours ago.
Already ran full avast! scan (regular and boot time), MBAM, and regular ad stuff with no bad results.
Did a System Restore to a week ago.
Nothing odd seen in my cursory review of HJT log (before or after Restore).
Kaspersky on-line Critical Area scan showed clean, the My Computer scan is running now.
Thanks to all for posting (including the OP), it gives me a starting point. I’ll update if anything is found, and with what.

If you didn’t run MBAM and SAS from safe mode I would suggest you do that as they are more effective that way.

The av2009 can on occasions come to the party with a rootkit to hide it.

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.

• Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
• Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
• F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight

Should I start a new thread? It seems on-topic until there are specifics.
My complete Kaspersky scan came up with:
C:\Documents and Settings\My Name\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-17464990.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\My Name\Desktop\ALL Estate to verify and clear dups\mail\Hotmail (2) - Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 4
D:\compare these\from c to move back checked good\Desktop\Registry Cleaners\RegDrill.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1
D:\compare these\Registry and Disk Cleaners\Ntperfect companion reg clean.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 1

The first is the newest and has a date of 6-24-08; almost 6 months ago.
I really don’t suspect the second since outbound mail is scanned, but …
The last two are from 2005 and never installed on this machine, or the two before it, but it’s the first time it has come up on anybody’s scan.
Suggestions, please (if different from above).

Well it is on-topic, normally we would suggest a new topic so you can get any information specific to ‘your’ situation, but the original poster hasn’t responded in 4 days, so it doesn’t seem so important to do so.

Any JAVA exploit alert would warrant ensuring you have the latest JAVA version. First clear your JAVA cache.

Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
Or JRE version 6 update 11 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html

If the “Infected: not-a-virus:PSWTool.” entries are tools that you installed then no problem, if not then you need to get rid, e.g. uninstall if they have an uninstall or remove.

If you can clear/prune your sent items folder that is being referred to as it would appear there is an infected email in it or the deletion of the .dbx file would lose all in the sent items folder, though your file naming policy has me confused to say the least.

;D ;D ;D
That’s what happens when:
Outlook Express is used for multiple email accounts of different types by two executors of their parents’ estates, lightning strikes in the yard and blows a hole in the motherboard despite a UPS, an EIDE hard drive from it is ressurrected onto a machine designed only for SATA drives - multiple times to make sure it came through, and all the files are dumped to a Desktop folder to sort out and get rid of duplicates.
Is that clear?

Did the FSecure on-line scan aned it found about a dozen tracking cookies and Trojan-Spy.HTML.Fraud; they were cleaned.

Java: Cleared cache. Add/Remove programs shows J2SE Runtime Environment 5.0 Update 6. Guess it’s time for an update. It’s the one that came on the machine a year ago, I think. Will uninstall the old and install the new.

The other two files have been deleted. They were downloaded and never used when I thought I was looking for a Reg cleaner.

No problems today. Either I was over-reacting or we’re getting somewhere. I prefer to think the latter.

Thank you.

Clearer now, if you have got rid of the dups, etc. and what remains I assume that it still contains the suspicious (not so serious as specified as infected) email in the ‘Sent Items.dbx’ mail box, whilst it indicates an suspicious email (likely to be one with an attachment and the only way to track that down may be manually by opening the ‘Sent Items.dbx’ in OE.

Though I don’t know how you might achieve that since it is effectively outside the normal .dbx location and probably not in folder structure of OE. I use OE for multiple accounts with 113 folders, but only one user and I have had fun and games trying to import .dbx files between systems.

It’s way past time for an update of JAVA ;D
The java exploits really are a very good entry point in old versions of java, sorting that out could well have the effect you are seeing.

You have to exercise care nowadays in downloading registry cleaners, etc. there are a number of them which are rogue programs that just tell you your registry it infected/in danger/insert panic term of your choice/corrupt, etc. in the hope to get you to buy/visit a sit and then you could really be in trouble.

Rebooted.
Panda Anti Rootkit and Trend Micro RootkitBuster scans were clean.
Got the Java update. Thank you. I don’t know why it wasn’t automatically updating.
So, now we wait and see?

You’re welcome.

I don’t know anyone that has ever had the JAVA update work, it certainly hasn’t for me. So periodic visits to the site in Tech’s instructions, item 8 would be in order.

It seems to be working now. Booted into Windows today. Update notification. Online update. No need to uninstall old version after. 8)

So, it was not only my dreaming. ;D

WRT Java, once I had java 6 release 10 installed, the next update to 11 ran as promised with no un-install required. This was a change with the 6-10 release and has worked on the ten computers I have updated since. Only once was I asked if I wanted the extra toolbar which I routinely reject.

I think that is on the newer versions JRE 6 Update 10 and from that point it is as you say supposed to uninstall old versions. Though in this update 10 to update 11 I didn’t allow it to do that I uninstalled first, I will wait to see if there are any reports of any possible pitfalls fi the automated uninstall fails.

All I want to see is a proper version update (downloading changed components only) and not having to download the full sodding JAVA installation file every time, a right royal pain in the rear on dial-up.

You are correct that the change is only once update 10 was installed.

I did not install the full package over release 10. On some computers, that package was already downloaded by the check updates routine. On other computers such as my own Vista one, I went to www.java.com and did the update from there.

I did see that it was uninstalling some things but this computer is too fast to see it. I have already deleted the update log. Thus,I do not how much it downloaded.

I needed the update as my Visualroute program did not work properly with release 10. Release 11 fixed those bugs.

Thanks for the update, I guess we are in a monitoring situation to see what happens when update 12 comes along ;D