Antivirus 2009 Malware

One of my client recently got a malware called antivirus 2009. I am sure people working in the IT industries have head of this nasty malware, there are many different type of strains of antivirus 2009 malware. The one I had to face today was a nasty one. Here is what happened and how I removed it

1. I had to use logmein to remotely support the client, luckily I had removed local administrator access from this user or else it might of done more damage
2. Desktop had antivirus 2009 ad all over
3. Task Manager showed many unknown process and antiviru2009 process running that I could not end task
4. www.google.com search results were being misdirected to harmful websites
5. Manually type in the website to work around this problem
6. Tried installing malwarebytes, was able to install it but failed to start. It looks like the malware has prevented  malwarebytes from running
7. Tried installing hijack this, same thing, was not able to run
8. Combofix, this is a special anti-malware tooled from bleepingcomputers they are very effective against different types of malware.
9. Rename combofix to ‘a’  before running just in case the malware tried to prevent combofix from running
10. Finished running combofix and restart the computer
11. Combofix was able to remove most of the antivirus 2009 but just in case lets run malwarebytes again
12. Ran malwarebytes , performed a quick scan and removed additional malware.
13. Ran malwarebytes full scan and remove additional malware.
14. Remove system restore
15. Removed Symantec Antivirus and installed Microsoft Security Essentials (free)
16. Defrag and Ran CCleaner
17. Microsoft Update
18. Change IE settings back to default
19. Computer was running perfectly normal and faster than before!

It is important to always make sure IE setting are changed to default, many malware make changes to your IE setting , proxy setting so your likely to get infected again. Make sure to delete your infected system restore and create a new one once you disinfect the computer.