Antivirus, as I wrote above (Remove Antivirus (AnVi) virus/malware), is a new fake security tool. It is a malicious program from the same family of malware as Defense Center, Protection Center, Data Protection, etc.
Antivirus malware is created with one purpose – to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. The presence of this program on your computer is not desirable, but also dangerous. This fake security utility must be removed immediately after detection. To remove Antivirus malware and other computer parasites that could get on the computer with it, use the instructions below.
Use the following instructions to remove Antivirus malware (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Click Start, Run. Type command and press Enter. Command console “black window” opens. Type notepad as shown below
Command console
Press Enter. Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
You will see window similar to the one below.
Notepad
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.) Double Click fix.reg and click YES for confirm.
If you can`t create fix.reg, then download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.
Step 2. Remove TDSS trojan-rootkit
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
Step 3. Remove Antivirus associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Antivirus malware. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antivirus malware. MalwareBytes Anti-malware will now remove all of associated Antivirus files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivirus creates the following files and folders
C:\Program Files\AnVi\about.ico
C:\Program Files\AnVi\activate.ico
C:\Program Files\AnVi\avt.db
C:\Program Files\AnVi\avt.exe
C:\Program Files\AnVi\avtext.dll
C:\Program Files\AnVi\avthook.dll
C:\Program Files\AnVi\buy.ico
C:\Program Files\AnVi\help.ico
C:\Program Files\AnVi\scan.ico
C:\Program Files\AnVi\settings.ico
C:\Program Files\AnVi\splash.mp3
C:\Program Files\AnVi\Uninstall.exe
C:\Program Files\AnVi\update.ico
C:\Program Files\AnVi\virus.mp3
%UserProfile%\Start Menu\Programs\AnVi\About.lnk
%UserProfile%\Start Menu\Programs\AnVi\Activate.lnk
%UserProfile%\Start Menu\Programs\AnVi\Antivirus Support.lnk
%UserProfile%\Start Menu\Programs\AnVi\Antivirus.lnk
%UserProfile%\Start Menu\Programs\AnVi\Buy.lnk
%UserProfile%\Start Menu\Programs\AnVi\Scan.lnk
%UserProfile%\Start Menu\Programs\AnVi\Settings.lnk
%UserProfile%\Start Menu\Programs\AnVi\Update.lnk
%UserProfile%\Desktop\AntiVirus.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
Antivirus creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
It doesn’t work.
Everything I try to open is blocked.. what do I have to do?
Tim, you can`t complete the first step above ?
Yes, first step is absolutely blocked. When I type command and press enter, Anvi alerts me and doesn`t allow to permit this action. When I download given *.zip file and try to unzip it, Anvi blocks this action again. Are there any suggestions?
You should add that sometimes these steps don`t work in normal mode, but in safe mode, everything is OK. Thanks for good instructions.
try the steps in safe mode with networking.
Worked a treat, though no TDSS trojan-rootkit was found when TDSS Killer was run.
As others have already said, boot up in safe mode with networking then follow the instructions.
Thanks for the help!
I did all the steps on and like Rashid no trojan-rookit was found but when i completed all the steps and restarted my pc again a small window still pops up saying ‘A security threat dedected on your computer, TrojanASPX.JS.Win32. It is strongly recommended to remove this threat right now. click on this message to remove it’.. what shall I do??? because I think that the AnVi will install again :S. and another thing in my ‘All programs’ menu I still have the AnVi program, from where can i delete it because i already tried from Addor Remove hardware… thanks
Claudine, probably your computer is infected with a new/updated version of this malware. Start a new topic in our Spyware removal forum. I will help you to remove the rogue.