GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptionHow to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] EmptyHow to Remove ANG AntiVirus 09 (Security Center) [Delete Guide]

more_horiz
This guide will give you easy instructions on how to remove ANG AntiVirus 09.


What is ANG AntiVirus 09? (Information)


ANG AntiVirus 09 is a fake security software which uses fraudulent strategies by displaying false or exaggerated security issues on your computer rather than any legitimate ones to coerce you into purchasing their software.


ANG AntiVirus 09 Screenshot:
How to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] 35jkowy





Symptoms in a HijackThis log:

O4 - HKLM\..\Run: [76112549345328287] C:\Program Files\Common Files\System\mgnc\angpd.exe
O4 - HKLM\..\RunOnce: [65438761234587528] C:\Program Files\Common Files\System\mgnc\rkgnd.exe





Follow these instructions to continue:

1. Please download Malwarebytes' Anti-Malware.

How to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] Startd10

2. Install Malwarebytes' Anti-Malware by double clicking on Download_mbam-setup.exe

3. Follow the prompts. Make sure that Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware are checked. Then click finish.

4. Malwarebytes' Anti-Malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

If you are having problems with the updater, you can use this link to manually update MBAM with the latest database
Spoiler :

How to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] Mbam010


5. Close ALL open Windows, Programs, File or Folders.

6. Make sure you are on the Scanner tab. Select Perform quick scan then click the Scan button as shown above.

7. Malwarebytes' Anti-Malware will now start scanning your computer for infected files as shown below.
How to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] Mbam10



8. When the scan is finished a message box will appear, click Ok to continue.

9. Click Show Results.
How to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] Mbam110


10. You will now be presented with a screen showing you the malware infections like shown below. Yours may look different depending on the infection you have.

11. Click on Remove seletced
How to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] Mbam210


12. When removing the files, Malwarebytes' Anti-Malware may require you to restart the computer in order to do a complete removal. If it displays a message stating that it needs to restart, please allow it to do so.

13. After that you can close the Malwarebytes' Anti-Malware window, your computer is now cleaned.




Files Associated With ANG AntiVirus 09:
Spoiler :





If you are still experiencing problems or difficulties following this guide or require any assistance removing this malware, please post your questions in our Malware Removal forums for free help.

You have to be logged in to post questions. Registration is free. By registering you are privileged to other virus removal resources.
popup pop up alert get rid of security centre alert free report serial registration crack keygen removal remover ANGAntiVirus 09 ANG AntiVirus 09 alert uninstall

Last edited by Doctor Inferno on 24th May 2009, 2:14 pm; edited 2 times in total

descriptionHow to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] EmptyANG antivirus deletion guide

more_horiz
Hi, I have downloaded malware bytes into my computer and run multiple scan, but today was the first day it actually picked up something to do with ANG. It picked up these two things:

HKEY_CURRENT_USER\SOFTWARE\Total Virus Protection (Rogue.TotalVirusProtection) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ANG AntiVirus 09 (Rogue.ANGav2009) -> Quarantined and deleted successfully.

It is still on my computer however. What do you suggest? Should I reboot?

descriptionHow to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] EmptyRe: How to Remove ANG AntiVirus 09 (Security Center) [Delete Guide]

more_horiz
dmbfreak125 wrote:
Hi, I have downloaded malware bytes into my computer and run multiple scan, but today was the first day it actually picked up something to do with ANG. It picked up these two things:

HKEY_CURRENT_USER\SOFTWARE\Total Virus Protection (Rogue.TotalVirusProtection) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ANG AntiVirus 09 (Rogue.ANGav2009) -> Quarantined and deleted successfully.

It is still on my computer however. What do you suggest? Should I reboot?


Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionHow to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] EmptyAntivirus PRO

more_horiz
Thank you for all of the good information, Belahzur. You are providing a wonderful service.

After reading the posts, I've tried to find what files to repair with the help of HijackThis, but must not have all of them. Could you please review my scan to guide me? Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:47 PM, on 7/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Seth\Local Settings\Temporary Internet Files\Content.IE5\OI8A6WE2\winlogon[1].exe
C:\WINDOWS\msb.exe
C:\DOCUME~1\Seth\LOCALS~1\Temp\b.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Seth\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mcrlink.mayo.edu
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://mcrlink.mayo.edu/vdesk/cachecleaner.cab#version=6030,2009,0327,1545
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://mcrlink.mayo.edu/vdesk/terminal/urxvpn.cab#version=6030,2009,327,1607
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://mcrlink.mayo.edu/vdesk/terminal/f5tunsrv.cab#version=6030,2009,327,1558
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://mcrlink.mayo.edu/vdesk/terminal/InstallerControl.cab#version=6030,2009,0327,1604
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://mcrlink.mayo.edu/vdesk/terminal/f5InspectionHost.cab#version=6030,2009,0327,1547
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks Static Application Tunnel Control) - https://mcrlink.mayo.edu/vdesk/terminal/urTermProxy.cab#version=6020,2008,0212,2002
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://mcrlink.mayo.edu/vdesk/terminal/vdeskctrl.cab#Version=6020,2008,0212,2006
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235075836298&h=03f23397b473e180313abd1c3fcd1570/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://mcrlink.mayo.edu/vdesk/terminal/urxshost.cab#version=6030,2009,327,1553
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://mcrlink.mayo.edu/vdesk/terminal/urxhost.cab#version=6030,2009,327,1548
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://mcrlink.mayo.edu/policy/download_binary.php/win32/f5syschk.cab#Version=6030,2009,0327,1557
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: ,C:\DOCUME~1\Seth\LOCALS~1\Temp\1513640526mxx.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10637 bytes

descriptionHow to Remove ANG AntiVirus 09 (Security Center) [Delete Guide] EmptyRe: How to Remove ANG AntiVirus 09 (Security Center) [Delete Guide]

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum