Vista - Virus Response (Lab) 2009

Has anybody heard of the fake anti-virus "Virus Response 2009", and it's clone "Virus Response Lab 2009". Better yet, has anyone had any luck FULLY removing it?

I have 2 client machine here (XP Pro and Vista Home Premium), and I've manage to sort of get rid of this sucker, but still there remains a Taskbar Notification icon that I can't get rid of, and it's still there even in Safe Mode!

The only "solutions" I've found require downloading and installing some other piece of suspect software.

I've searched Avast, Kaspersky, Symantec and AVG websites, all of which have no references to this. Which makes me believe it's still too new...

Nope sorry this is the first time I heard of it. Thanks for the heads up about it too.

And it's a particularly nasty one too. In my attempts to remvoe it, I found traces of it's activities, and I've already given my customer a headsup to have all their online backing logins changed...

Hi Peter,

Have a look at this video from YouTube:

Thanks Dwarf, but our Indian friend in that video neglected to mention that somehow even the Manual Removal Instructions, in concert with CCleaner, HijackThis and Process Explorer does not fully remove it.

A taskbar noticfication still remains that I am unable to track down. It's not a service, because disabling ALL services doesn't stop it. Disabling ALL startup items doesn't stop it. Even removing Policy Run registry entries that MSCONFIG doesn't see didn't stop it.

This "Virus Response Lab 2009" somehow evens starts in Safe Mode Command Only! No matter what I do...

Hi Peter,

Can you post an image of this notification, together with any text associated with it?

Your timing could not have been any worse! The customer has instructed me to just go ahead and use the restore disks, which I started about 15 minutes ago!

What I can tell you is what the icon in the noticifcation area looks like, and what it does.

It looks like the "Windows Updates" shield, except it flashes bettwen a Blue and Yellow version of itself, and if you click on it's notification balloon, or left click or right click on the icon itself, it tries to open up a page to virusXXXresponseXXX2009DOTcom (I've deliberately obfusticated the address for safety reasons with XXX and DOT). I've never allowed the page to open, so I can't say what happens beyond that....

Some extra files that I deleted, and that for some reason are not mentioned in any of the "solutions" I've found are "qttask.exe", "qttasku.exe" and "qttaskm.exe", all in "C:\Windows". They appear to be part of Quicktime, but End Tasking either one does nothing, as each monitors the other and just starts them up again, so cannot possibly belong to Quicktime...

Oddly enough, before I started the Recovery Disk, I also forcibly removed Grisoft AVG by deleting the Program Files entries, and the notification went away, so it would appear to have targeted AVG.

Uncertain if this will give you any new pointers Chaps, but it's the latest blog on the Microsoft Malware Protection Centre site;

Microsoft® Malware Protection Center : FakeXPA... Journey of a Rogue

May help in some small way.

I'm guessing the fakers don't use exact Microsoft interfaces is because they don't want to do anything wrong, like copyright violations. Wreaking havoc is ok though.

So ive had this virus response lab problem for about 2 months now, and have just ignored it....tell now. One day i was Instant Messaging when a window popped up and it said it was some virus remover, three of them popped up and then it started deleting a bunch of files and i right away clicked out of it.

About a week later(today) i havent been able to click anything because when i click something it refreshs a billion times or clicks the program a billion times.....I am sick of this virus.

PLEASE HELP