Antivirus Scan is a malicious program from the same family of malware as Antivirus Action and Antivirus IS. The software pretends to be a legitimate antivirus but, in reality, it is a totally scam. Antivirus Scan will hijack browsers, block legitimate Windows applications, display various fake security alerts and detect numerous false infections in order to trick you into purchasing its full version. Remember, the program is unable to detect and remove any infections, so do not pay for the bogus software, simply ignore all that it will display you.
Like other fake security software, Antivirus Scan is distributed with the help of trojans or other malicious software. Moreover, the authors of of the fake program may also distribute it on social networks (Twitter, My Space, Facebook, etc) and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your computer. Remember that the rogue is a highly dangerous application and you need remove Antivirus Scan as soon as possible!
During installation, the rogue will be configured to start automatically when Windows loads. Once Antivirus Scan is started, it will imitate a system scan and detect a lot of various infections that will not be fixed unless you first purchase the program. Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that Antivirus Scan gives you.
While Antivirus Scan is running, it will flood your computer with warnings and fake security alerts. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
INFILTRATION ALERT
Your computer is being attacked by a Internet
Virus. It could be a password stealing attack, a
trojan – dropper or similar.
Moreover, Antivirus Scan will hijack Internet Explorer so that it will randomly show a warning page which states:
Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer
Of course, like false scan results above, all of these alerts are just a fake. All of them are created in order to convince you that you must purchase the full version of Antivirus Scan and, thus, fix the entire system. So, you can safely ignore the fake warnings and alerts.
As you can see, all Antivirus Scan does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove Antivirus Scan and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}.exe
Automatic removal instructions for Antivirus Scan
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Reset Internet Explorer Proxy options
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 3. Stop Antivirus Scan from running
Download HijackThis from here. Run it and click Scan button. Look for lines that looks like:
O4 – HKCU\..\Run: [{RANDOM}] {PATH}\Temp\{RANDOM}.exe
Example:
O4 – HKLM\..\Run: [audpdogk] c:\docume~1\user\locals~1\temp\akotrowvc\bcgcihiagnz.exe
O4 – HKCU\..\Run: [audpdogk] C:\Users\User\AppData\Local\akotrowvc\bcgcihiagnz.exe
Note: list of infected items may be different. If you unsure, then check it in Google. Skip this step, if you does not find any malicious lines.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 4. Remove Antivirus Scan associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antivirus Scan. MalwareBytes Anti-malware will now remove all of associated Antivirus Scan files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Antivirus Scan removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivirus Scan creates the following files and folders
%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe
Antivirus Scan creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:30215”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
Your instructions are amazing! it worked straight away!
oh, i sppent hours trying to fix it, and your instructions had it done in a half hour.
thank you, thank you soooo much!
i’m off to go brag now,
thanks once again.
Thank you so much for this guide! Easy to understand for someone who doesn’t know squat about computers, and it worked. Thanks again!
Thanks so much. ended up going out and buying a new laptop. wish i would have found this site first. well now i have 2 laptops!
OMG thank you so much. i was about to sell my computer. But thanks to this all of my computers are working. Not even the technition was able to fix it. THANK YOU SO MUCH!!!!!!!!!!!
*Note: I accessed this site through my PSP. LOL,right?
Thank you!!!!!!!!!
Brilliant tutorial, thank you so much. Laptop healed in under 30 minutes!
I still need help! Everything was workong brilliantly until i got to where you had to cliick on the link because im on my i podand the virus thing has my internet blocked so i cant get to it!
Jade, try repeat the step 2 above and download the suggested programs once again.
I consider you guys to be the true new cyber superheroes. Taking the time to protect innocent folks from the scum-sucking, low life, predatory pond slime who deal innocent people misery. Thank you so very much. I’m buying your product.
I need help! My malware is able to scan but it does not detect hkey as a trojan and when I perform a quick scan no objects are detected. I still have the Antivirus Scan virus!
Thanks for the tutorial. While I was at it, I found out that the following entry in hijackThis refers to an infected file for the Antivirus System as well.
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59274
Once again thanks a lot for such a tutorial which is so easy to follow.
When I did all the steps and restarted the computer I was attempting to fix, the computer did restart, but it entered a blank black screen with the words: “Missing operating system_”.
What is this supposed to mean? Could the entire operating system of the computer be compromised? Is the virus software programmed to react in such a way to external influences?
Nevermind guys. I manually shut the computer down by pressing the power button and got it back running just fine. Cheers. =)
I got this from the lakeside collection website. i downloaded numerous things and then i found this website did it one two three. and now i cant get the other things off my computer. Just my luck. Thank you so much for helping me get this off my computer!!
everytime i do every step the internet will not work in safe mode and when i try without safe mode the lan settings keep changing back to “use proxy server” also, the antivirus will not let me start either malware software… i am becoming a bit frustrated with this, please help >>
Thank you so much! Struggled with this for several hours on my own, and your guide saved the day.
THANK YOU!
nguyen, try use HijackThis. Look the step 3 above.
Mickey, start a new topic in our Spyware removal forum. I will help you to remove this malware in Normal mode.
I follow step three but malwarebytes isn’t finding any infections
I updated my malware and that fixed the problem. thanks for the great tips
Thanks for the easy instructions! This has saved my computer at work and at home!
Followed your instructions, which were easy and comprehensible for a non-geek like me – it worked. Thank you so so much!
These instrucctions SAVED MY COMPUTER!! Thank you so much for all ur help!:)
anything i download of these instructions will not open, due to the virus on my computer im guessing. It wont let me run anything so getting rid of the virus seems to be impossible. what do i do??
My sisters laptop had this happen. I followed the guide step by step and it worked perfectly. Thank you so much. One question though, should i leave the malwarebytes anti-malware software on the computer or delete it? She has mcafee on her computer
Hi,
Im in the middle of doing it now…how do i know which files to check in hijackthis?? Is it all the files that have HKCU or HKLM at the start?? I have 9 of them….
Actually iv lots more than 9….some are gobildeegook and some lool like proper files…. Still confused over which to delete!!
I have followed all the steps and my computer is still infected with the antivirus software. Any suggestions?
I followed the instructions and the antivirus scan is removed. However, I can’t access to the internet after. Is there any way to restore my internet connection?
Thanks, Haha Antivirus scan freaks YOU SUCK!. Once again thanks heaps too you guys 🙂