Antivirus XP Pro 2009 same game, different name....

We recently saw another morph of the infamous Antivirs XP\Vista\2008\2009 calling itself Antivirus XP Pro 2009; this one was a nightmare. The end user was complaining that he could not get any programs to load because this sucker was using such a high amount of memory, he was unable to get online without being redirected to their website and he had no access to his task manager.

We tried going in through safe mode with networking and this little booger had everything so tied up that we couldn't get it to function in safe mode; it had close to 100 instances of install.exe running! We wound up going in through just the main admin account on the computer, used a CD to drop in combofix, malwarebytes and SuperAntispyware but before we ran them, we renamed them. Combofix was "Fixme", Malwarebytes was "ThisBytes" and SuperAntiSPyware was "Supermomma". The renames worked but it still took a while. First we ran the Combofix and it finally loaded after about 15 minutes but from there it was all down hill.

After getting the admin account cleaned up, we went to switch to the other user account and it was password protected. Since the client never supplied us with the password we had to take our chances. Full functionality had been restored to the admin account at this point. The client called later and apparently it had only been removed from the admin account (hence why its best to do this in safe mode!) so we walked him through running the security software and he was able to get it cleared off his account as well but guess what? His wireless doesn't work now so most likely it had corrupted his wireless drivers......