Antivirus 360 is a rogue antivirus/antispyware program. The fake antivirus is fresh version of Antivirus 2009 . Antivirus 360 uses scare tactics (fake alerts and false positives) to trick users into buying the fake software. Antivirus 360 is distributed through the Vundo trojan. Once infected with Vundo trojan your computer will display large amount of pop-ups that tells you that your computer is infected and you should download and install Antivirus 360 in order to protect your computer.
During installation, Antivirus 360 configures itself to run automatically every time, when you start your PC. Once running, Antivirus 360 will scan your computer and list a large amount of infections, but some of these “infections” are actually legitimate Windows files:
C:\Windows\System32\explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\alg.exe
Antivirus 360 may drastically slow the performance of your computer.
Symptoms in a HijackThis Log.
O2 – BHO: (no name) – {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} – C:\Windows\System32\winconfig.dll
O4 – HKCU\..\Run: [12840894984709702141078366734454] C:\Program Files\A360\av360.exe
Use the following instructions to remove Antivirus 360 (Uninstall instructions).
1. Remove trojan Vundo.
Some variants of Antivirus 360 uses trojan Vundo to install itself.
- Download VundoFix and save the file to your desktop.
- Once it downloaded, double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it’s done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES.
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
2. Remove Antivirus 360 files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Files to delete:
%windir%\system32\winsystems.dll
%windir%\system32\winconfig.dllFolders to delete:
%ProgramFiles%\A360Then click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
3. Remove Antivirus 360 associated malware.
Using Malwarebytes Anti-Malware.
- Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
- Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Using SuperAntispyware.
- Download SUPERAntiSpyware.
- Close all programs and Windows on your computer.
- Double Click SUPERAntiSpyware.exe to install the application.This will start the installation of SUPERAntiSpyware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing click on the Finish button.
- You will see a message stating that you should update the program before performing a scan. Click Yes. As SUPERAntiSpyware will automatically update itself.
- You will see SUPERAntiSpyware setup wizard. Follow the prompts. To close the Wizard press Finish.
- Protect home page dialog will be open. Click on the Protect Home Page button.
- You will now be at the main program.
- Click Scan your computer. Click Next.
- The scan may take some time to finish,so please be patient. When the scan is complete, result of scanning will be open, click OK.
- Click Next to start removing the found threats.
- If you are asked to reboot the machine, choose Yes.
Antivirus 360 creates the following files and folders.
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk
%UserProfile%\Desktop\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360
%UserProfile%\Start Menu\Antivirus 360\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360\Help.lnk
%UserProfile%\Start Menu\Antivirus 360\Registration.lnk
c:\Program Files\A360
c:\Program Files\A360\av360.exe
If you need help with the instructions, then post your questions in our Spyware Removal forum.
downloaded Avenger and we copy and pasted text in input script box but keep getting error
Error:could not set driver Image Pat
aborting execution(error 0:the operation completed successfully)
what should i do next, thanks
Gary, please follow the steps.
Followed instructions & altho it took 5 hrs, it cleaned AV360 off the computer (thx!), but now can’t connect to the internet. Reset all internet options to original, but no luck. Checked motem: working fine. Any suggestions?
Molly, please follow these steps.
Thx, Patrik, but I can’t get on the internet from the affected computer – this is someone elses. Any other suggestions from here?
Ask us for help at our forum.
thanks for the help on geting rid of this fucking program u are the best
I downloaded Malwarebytes Anti-Malware but the programme will not open when i try to do a scan.
Please help
yoggie, Ask us for help at our forum.
Hi Patrick
I was able to open Malwarebytes Anti-Malware and delete all infected files.However now i cant access any web pages.I keep getting a message saying the web page has been blocked and recommended that Antivirus 360 be installed.
I cant even get to the forum.The popup are gone but all my webpages are affected.please help.
Try to use another browser – Firefox or Opera.
Hi Patrick
Thanks this worked.Opera is a much better browser than internet explorer.
Thanks for your help !
I HATE YOU ANTIVIRSUS 360.. I HATE YOU!!!!
RESTORE THE COMPUTER….GO TO THE RESTORE MENU TO THE PREVIOUS DAY… THEN BYE BYE ANTIVIRUS 360
YOU WILL NOT LOSE YOUR INFORMATION ON YOUR COMPUTER..
this proram is fucking shit full all the gay assholes who made it first anti 2009 now 360 won’t you motherfuckers ever give up this vundo thing has been working for 30 min and it didn’t find anything yet and those popups are killing me hey patrick need some help here my google chrome is unsable and internet explorer is shit uniblue spyware needs update and 360 is driving me crazy
Thanks very much for these notes, I found them easy to follow and they helped rid my computer of the horrible Antivirus 360. Thanks again
ICE, ask us for help at our forum.
No more pop-ups! NO more slow computer! Thank you Thank you Thank you This worked so well!!!
Patrik-You rock! It’s 4:25 am. I deal with this after I get some rest. I was already to crash out and I was checking email before this hit. I’m real angry, I just did a fresh install of my xp os less than 36 hours ago! My computer was a virgin! Not anymore…, the only thing I can think of as to how I picked this up – I was watching vids on youtube and youtube downloader to copy a few? Other than that no freaking idea. Thanks for the detail instructions. By the way I am using the latest versions of Avast and Zone Alarm free. Avast has a great on-access protection module that will intercept most of this crap before it lodges on your system. Those poor boys at Avast will need to take some more benzedrine and open a fresh pack of smokes so they can solve this one! You rock Patrik THANK YOU!
hi, i just done the Scan for Vundo, however, it said that there is NO infected item… so that there is no item for me to delete 🙁 besides, my computer swtiches to a blue screen and said that my computer is infected by a spyware and restart again EVERY 5 MINS!! may i know what can i do now…? thank you.
also, when i start the avenger, there is an error: “invalid script: a valid script must begin with a command directive. Aborting excution!” 🙁 then what should i do?
yuki, please follow these steps.
sorry patrik, i can’t even get into the forum 🙁 please help me:(
yuki, reboot your computer in the Safe mode.
Manually remove these two files:
c:\windows\system32\winsystems.dll
c:\windows\system32\winconfig.dll
Remove the folder: c:\Program files\A360
Reboot your computer in the Normal mode and run Malwarebytes Anti-malware, perform a scan.
thank you Patrik!!! i’m almost there!
after i entered safe mode, i can successfully deleted the file C:/windows/system 32/winconfig.dll, and the folder C:/Program files/ A360. However, i couldn’t finf the file c:\windows\system32\winsystems.dll 🙁
After that, i restarted my computer in normal mode, and it seems that the Antivirus 360 doesn’t exist anymore! now i feel much better, really thx!! then what should i do now in order to COMPLETELY delete that Antivirus 360??
Run Malwarebytes Anti-malware, perform a scan.
Make sure that everything is checked, and click Remove Selected. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected.
Its all 🙂
for step 2, I downloaded avenger from the link. When I try to run avenger, it flashes a message box very quickly that I think says I need to click OK to use avenger. The message closes faster than I can click ok or press enter. Any guesses what I need to do to run avenger? I have tried in safe mode and normal mode.
Thanks for any advice
Owen
Owen, boot your computer in the Safe mode. Manually remove these two files: c:\windows\system32\winsystems.dll, c:\windows\system32\winconfig.dll
Remove the folder: c:\Program files\A360
Reboot your computer in the Normal mode and run Malwarebytes Anti-malware, perform a scan.
hey patrik, i cannot run malwarebytes Anti-malware since the language displayed had some problems… it’s neither english nor chinese eventhough i chose it at the very beginning. where can i download an english or chinese version of malwarebytes Anti-malware ?
thanks!
yuki