AntivirusBEST is a rogue antivirus/antispyware program. The software distributed through the use trojans and fake online malware scanners that tells you that your computer infected with a lot of infections and that you must install AntivirusBEST in order to clean your computer. During installation, the rogue is set to start automatically when your computer starts. Immediately after launch, AntivirusBEST starts scanning the computer and list a variety of threats that will not be fixed unless you first purchase the scareware. All of these threats are fake, so you can safely ignore them.
While the AntivirusBEST is running, your computer will display fake alerts, an example:
AntivirusBEST
Privacy Violation alert!
AntivirusBEST detected a Privacy Violation. A program is
secretly sending your private data to an untrusted internet
host. click here to block this activity by removing the threat
(Recomended).
AntivirusBEST
Spyware activity alert!
Spyware.IMonster activity detected! Its is spyware that
attempts to steal passwords from Internet Explorer, Mozilla
Firefox, Outlook and other programs, including logins and
passwords from online banking sessions, eBay, PayPal.
Also AntivirusBEST will install a Internet Explorer BHO module (QWProtect.dll) that will show warning message “Internet Explorer has found an unregistered version of AntivirusBEST. To protect your computer, please register your AntivirusBEST”. And the program will show fake Windows Security Center that will recommend you register AntivirusBEST.
AntivirusBEST can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing the fake antivirus and any associated malware from your computer is for you.
Symptoms in a HijackThis Log
O1 – Hosts: 70.38.19.201 www.review.2009softwarereviews.com
O1 – Hosts: 70.38.19.201 review.2009softwarereviews.com
O1 – Hosts: 70.38.19.201 a1.review.zdnet.com
O1 – Hosts: 70.38.19.201 www.d1.reviews.cnet.com
O1 – Hosts: 70.38.19.201 www.reviews.toptenreviews.com
O1 – Hosts: 70.38.19.201 reviews.toptenreviews.com
O1 – Hosts: 70.38.19.201 www.reviews.download.com
O1 – Hosts: 70.38.19.201 reviews.download.com
O1 – Hosts: 70.38.19.201 www.reviews.pcadvisor.c.uk
O1 – Hosts: 70.38.19.201 reviews.pcadvisor.co.uk
O1 – Hosts: 70.38.19.201 www.reviews.pcmag.com
O1 – Hosts: 70.38.19.201 reviews.pcmag.com
O1 – Hosts: 70.38.19.201 www.reviews.pcpro.co.uk
O1 – Hosts: 70.38.19.201 reviews.pcpro.co.uk
O1 – Hosts: 70.38.19.201 www.reviews.reevoo.com
O1 – Hosts: 70.38.19.201 reviews.reevoo.com
O1 – Hosts: 70.38.19.201 www.reviews.riverstreams.co.uk
O1 – Hosts: 70.38.19.201 reviews.riverstreams.co.uk
O1 – Hosts: 70.38.19.201 www.reviews.techradar.com
O1 – Hosts: 70.38.19.201 reviews.techradar.com
O1 – Hosts: 70.38.19.201 d1.reviews.cnet.com
O2 – BHO: QWProtectBHO – {44B2C9F5-608D-46de-82E1-26C5BCB85193} – C:\Documents and Settings\All Users\Application Data\AB\QWProtect.dll
O4 – HKLM\..\Run: [AntivirusBEST] C:\Documents and Settings\All Users\Application Data\AB\Installer.exe
Use the following instructions to remove AntivirusBEST (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for AntivirusBEST infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start AntivirusBEST removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
AntivirusBEST creates the following files and folders
c:\documents and settings\All Users\Start Menu\Programs\AntiVirusBEST
c:\Documents and Settings\All Users\Application Data\AB\abest.exe
c:\Documents and Settings\All Users\Application Data\AB\Installer.exe
c:\Documents and Settings\All Users\Application Data\AB\QWProtect.dll
c:\documents and settings\all users\start menu\Programs\antivirusbest\AntivirusBEST.lnk
c:\documents and settings\all users\start menu\Programs\antivirusbest\Uninstall.lnk
c:\documents and settings\All Users\Application Data\AB\ABEST.CAB
c:\documents and settings\All Users\Application Data\AB\svchost.exe
c:\documents and settings\all users\Desktop\AntivirusBEST.lnk
AntivirusBEST creates the following registry keys and values
HKEY_CLASSES_ROOT\qwprotect.qwprotectbho
HKEY_CLASSES_ROOT\TypeLib\{684a7904-2593-4bbe-a90e-cdaf2ac606ae}
HKEY_CLASSES_ROOT\Interface\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}
HKEY_CLASSES_ROOT\CLSID\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1
HKEY_CLASSES_ROOT\AppID\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}
HKEY_CLASSES_ROOT\AppID\QWProtect.dll
thank you soooooooo much!!!!!!