Antivirus .NET is a fake security program that blocks Windows legitimate applications, hijacks Internet Explorer, displays false information that your computer is infected with viruses, trojans and malware.The software pretends to be a legitimate antivirus but, in reality, it is a totally scam. Antivirus.NET is a malicious program from the same family of malware as Antivirus Scan and Antivirus Action. It is unable to detect and remove any infections! The program “detects” numerous false infections in order to trick you into purchasing so-called full version of the software. Thus, do not pay for Antivirus .NET, simply ignore all that the bogus software will display you.
Like other fake security software, the authors of Antivirus .NET use various misleading methods to distribute their bogus software, e.g. trojans, various misleading programs, social networks (Twitter, Facebook, etc) and spam emails.Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your computer. Remember that the rogue is a highly dangerous application and you need remove Antivirus .NET as soon as possible!
During installation, the rogue will be configured to start automatically when Windows loads. Once Antivirus.NET is started, it will simulate a system scan and state that your computer is infected with a lot of viruses. The rogue will prompt you to purchase a full version of the program to fix supposedly found infections. Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that Antivirus .NET gives you.
While Antivirus .NET is running, it will flood your computer with warnings and fake security alerts. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
INFILTRATION ALERT
Your computer is being attacked by a Internet
Virus. It could be a password stealing attack, a
trojan – dropper or similar.
Moreover, Antivirus.NET will hijack Internet Explorer so that it will randomly show a warning page which states:
Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer
Of course, like false scan results above, all of these alerts are just a fake. All of them are created in order to convince you that you must purchase the full version of Antivirus .NET and, thus, fix the entire system. So, you can safely ignore the fake warnings and alerts.
As you can see, all Antivirus .NET does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove Antivirus .NET and any associated malware from your computer for free.
Automatic removal instructions for Antivirus .NET
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Reset Internet Explorer Proxy options
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 3. Stop Antivirus .NET from running
Download HijackThis from here. Run it and click Scan button. Look for lines that looks like:
O4 – HKCU\..\Run: [{RANDOM}] {PATH}\Temp\{RANDOM}.exe
Example:
O4 – HKLM\..\Run: [audpdogk] c:\docume~1\user\locals~1\temp\akotrowvc\bcgcihiagnz.exe
O4 – HKCU\..\Run: [audpdogk] C:\Users\User\AppData\Local\akotrowvc\bcgcihiagnz.exe
Note: list of infected items may be different. If you unsure, then check it in Google. Skip this step, if you does not find any malicious lines.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 4. Remove Antivirus .NET associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antivirus .NET. MalwareBytes Anti-malware will now remove all of associated Antivirus.NET files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Antivirus .NET removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivirus .NET creates the following files and folders
%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe
Antivirus .NET creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:30215”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
zack, you have completed the steps 1-3 ?
THANK YOU SOOOOO MUCH!!!!
now i can play my com again
Thanks. My son got this yesterday. I found your site and am working to get rid of it. Malwarebytes just came back with a list of files it got rid of.
I am re-running Malwarebytes with a full scan. Afterward, I’m going to re-run HijackThis. May I post my log and you look it over and let me know if there’s anything else I need to get rid of?
Here is my log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:30:51 PM, on 2/4/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
G:\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
…
—
End of file – 10864 bytes
Is there anything else I could have missed?
Just wanted to say Thankyou very much followed the instructions and has worked a treat. Much appreciated KevO
This was the perfect remedy. I was infected by antivirus.net and could not do anything! My law office was at a stand-still. Now everything is up and running again. Thank you for this advice!
Thank you so much for providing this service. I guess I”ll have to re-evaluate Webroot as it did not stop Antivirus.net from getting thru. How can these people continue to operate without facing any penalties? I can’t believe how they could shut down my antivirus protection and remove my restore points, then lie to me about being infected when they were the cause of my infection!
Great tutorial. You are incredible. Muchas gracias!!
Fantastico! Now a friend!!!
This damn virus had me wondering about what to do for a while … thanks a lot for the clean tutorial to delete it.
thank you so much it really works
Thank you for the helpful instructions. However when I try to download RKill or malwarebytes I get the following message:”Your current security setting do no allow this file to be downloaded” Any sugsgestions? I have tried to download both from numerous other sites as well and get the same message. Thanks
Thanks!
Thanks. I thought my laptop was screwed for good.
I was able to quickly get this off of my machine using a differnt method. I was previously infected with the similar “System Tool” malware virus and a forum like this suggested using F8 to go into safe mode so i could system restore. (It worked btw)
This is what i tried as soon as i saw this crap pop up on my screen however: When the virus launched the first step is to immediately activate task manager and look for some funky program you don’t recognize and kill it. If you chose the right one, it will quickly dissapear. Next step is to go into your internet options as described above to fix the “proxy” problem caused by the virus. Now you’ve got your web back. I next launched malwarebyte’s antivirus which found the offending files and threw them in quarantine where they belong. Worked like a charm
by the way, if you are unable to get into safe mode, download malwarebytes, or get the web back try deleting the virus manually. i found it in this directory on my PC: C:\Users\Dennis\AppData\Local\Temp.6078838786645123.exe. There were about 4 files in that temp folder (you can view by date and note the time the files showed up)Delete them and restart
I am so grateful for this article. I thought I would have to buy a new hard drive to get this virus off of my computer. These instructions worked like a charm and now i dont have to worry about getting chewed out by my wife in the morning. lol Thank you so much.
Thank you SO VERY MUCH for this help. I am not really a computer person but this really did help! I was quite scared and ready to think I’ll have to wipe out everything from my computer but this is a MIRACLE! Its really hard to trust any sites nowadays but thanks to everyone who left comments on here, that was the reason why I trusted this fully and it worked! One think I found out from somewhere else was that download of the items listed in here are to be done in a USB drive. Or at least thats the way I did it.
Anyway, once again, Thanks a lot!
Best advice ever!
Tried other websites but this was by far the easiest and clearest. (This demo also works with Vista) Just a quick question though, after completing all the steps, I got a folder full of backup stuff, what should I do with it??
Thanks
After following the steps I re-scanned my daughter’s laptop with malware and it showed no infected objects however, the logo at the bottom of the screen and pop ups are still occuring and we cannot access the internet or load an anti-virus disc. Any idea’s?
what about ones that start in HKUS?
THANKS! Your solution and instructions were superb. I am not very computer literate, but you made it really simple to remove this extremely annoying virus.
I cannot thank you enough for this information. I was ready to take my computer to a tech to have it cleaned out. Your step by step instructions worked perfecttly. I have never encountered such a malicious application that so quickly affected my entire system. Kudos!
HELP!!
I have started my laptop in safe mode but I can’t connect to the Internet. I can do a system restore. I do have the program malwarebytes anti-malware on my laptop and I’ve ran it twice in safe mode. But it’d not picking anything up. Am I missing something?? If anyone can help me that would be great.
Thanks all.
James.
i installed malwarebytes software and removed the infections (while in the safe mode) then it told me to restart and i went back to normal mode but i still had it. then i realized i skipped the first steps of removing the processes and apps of it but i couldnt find any when i used hijackthis. am i supposed to be in safe mode with networking or normal mode? bc i cant get on the internet in normal mode
Got to the point where you install hijackthis, but It says the installer is not available in safe mode, I tried step 2 a few more times and nothing anything I can do?
Windows 7 Home Pro
hijackthis says “Your hosts files cannot be accessed. Warning”
Skipping step to malware bytes.
it works! thank u soooooo much. who ever made the antivirus.net should be shot! this virus just creeped up in my laptop.
hi, i used your instructions and it was EXCELLENT , thank you thank you and thank you
You guys are awesome!!! I thought I had totally screwed up my girlfriends laptop . I followed the instructions and got it working again. Only a bunch of a#$holes would make such crap!!!! Thank goodness for the good guys…..
You guys are awesome. Follow the instructions and this will work!!!