Dear Joseph,

In our ongoing commitment to the security of our customers, we have discovered a vulnerability located within many of our client's websites, including yours. This is a self replicating virus which is found by visiting well-known search engines. When you click on any link it may redirect you to a fake Anti-Virus 2009 website which appears to scan your system and then asks you to download the software. Once downloaded and installed it begins displaying pop ups on your desktop. At this time it collects your FTP user name and password from your own computer and uses that information to upload an exploited file named ".htaccess" to your website. Any visitors to your website will then be redirected to the fake anti-virus website.

We have dedicated our systems administration team to finding a solution to this and are happy to say that as one of the first hosting companies we have successfully cleaned all instances of this virus from our servers more than a week ago, and are continually scanning them to ensure your site does not become re-infected.

While your website is now secure, your computer may still be at risk. Here are two easy steps that will detect and remove this malicious software from your computer and make sure your website will not spread the virus again:

1. Uninstall the fake Anti-Virus software by following the instructions at this link:
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

2. Once removed, change your FTP password from within your web hosting control panel. Once logged in, click on the FTP Manager icon and then on the icon next to the password to change it.

To illustrate the severity of the issue I would like to share some facts with you:

* 26,991 of our customers have been infected with fake Anti-Virus 2009
* 79,469 websites have been spreading the Anti-Virus 2009 infection
* 120,923 malicious files have been removed from our system

We are constantly monitoring our servers for potential threats to your website, and are proud to say that we are among the first web hosts to identify this particular problem, and have been the first to offer a resolution. Your continued and safe presence on the internet is our top priority.

If you have questions regarding any of this information, please contact our support team anytime.

Kind Regards,

Fatima Said, CCO
IX Web Hosting
http://www.ixwebhosting.com

Heh, yeah. I had a service call last week, I had to remove Anti-virus 2009, it replaced the security center with its own. Any website that had the keywords remove & anti-virus would be blocked, and it also killed any installation initiated.

I ended up restoring to an earlier time, and even though anti-virus 2009 wasn't gone, it allowed me to install malwarebytes, got rid of most of the shit on the client's computer and then I finished it off by removing some files by hand.

I wasn't aware that it jacked FTP passwords and uploaded its own .htaccess file to redirect sites. I thought it acted as a filter.

Anyways, just sharing my story on how I got rid of it and to promote malwarebytes (best freeware for removing malware)