AntiVira Av is a fake security program that blocks Windows legitimate applications, hijacks Internet Explorer, displays false information that your computer is infected with viruses, trojans and malware.The software pretends to be a legitimate antivirus but, in reality, it is a totally scam. AntiVira Av is a malicious program from the same family of malware as Antivirus .NET, Antivirus Scan and Antivirus Action. It is unable to detect and remove any infections! The program “detects” numerous false infections in order to trick you into purchasing so-called full version of the software. Thus, do not pay for AntiVira Av, simply ignore all that the bogus software will display you.
Like other fake security software, the authors of AntiVira Av use various misleading methods to distribute their bogus software, e.g. trojans, various misleading programs, social networks (Twitter, Facebook, etc) and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your computer. Remember that the rogue is a highly dangerous application and you need remove AntiVira Av as soon as possible!
During installation, the rogue will be configured to start automatically when Windows loads. Once AntiVira Av is started, it will simulate a system scan and state that your computer is infected with a lot of viruses. The rogue will prompt you to purchase a full version of the program to fix supposedly found infections. Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that AntiVira Av gives you.
While AntiVira Av is running, it will flood your computer with warnings and fake security alerts. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
INFILTRATION ALERT
Your computer is being attacked by a Internet
Virus. It could be a password stealing attack, a
trojan – dropper or similar.
Moreover, AntiVira Av will hijack Internet Explorer so that it will randomly show a warning page which states:
Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer
Of course, like false scan results above, all of these alerts are just a fake. All of them are created in order to convince you that you must purchase the full version of AntiVira Av and, thus, fix the entire system. So, you can safely ignore the fake warnings and alerts.
As you can see, all AntiVira Av does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove AntiVira Av and any associated malware from your computer for free.
Automatic removal instructions for AntiVira Av
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Reset Internet Explorer Proxy options
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 3. Stop AntiVira Av from running
Download HijackThis from here. Run it and click Scan button. Look for lines that looks like:
O4 – HKCU\..\Run: [{RANDOM}] {PATH}\Temp\{RANDOM}.exe
Example:
O4 – HKLM\..\Run: [cudpdogk] c:\docume~1\user\locals~1\temp\akotrowvc\bcgcihiagnz.exe
O4 – HKCU\..\Run: [cudpdogk] C:\Users\User\AppData\Local\akotrowvc\bcgcihiagnz.exe
Note: list of infected items may be different. If you unsure, then check it in Google. Skip this step, if you does not find any malicious lines.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 4. Remove AntiVira Av associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove AntiVira Av. MalwareBytes Anti-malware will now remove all of associated AntiVira Av files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
AntiVira Av removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
AntiVira Av creates the following files and folders
%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe
AntiVira Av creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:18215”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
I just wanted to say that I have NEVER been able to quickly and overall easily find a solution to something like this until now. I appreciate what you all have done here. I was able to follow your instructions and get this virus off my PC within an hour. I was considering cleaning my computer and startin fresh again, but the virus didnt allow me to do anything! The malwarebytes program was great, considering buying it myself now. Again, thanks for the help!
i got this dumb virus earlier today i thought i would never get rid of this crap anyhow this instructions worked thanks and very easy to follow
It worked!! Thank you very much!
This thing was giving me hell until I follow these instructions, thank you so much!! I was able to save my files instead of having to reprogram the whole laptop and lose everything. Does anyone know where this came from?
Thank you so much for your help. It works wonder. I am able to remove this dumb virus by myself 🙂
Okay, pardon my ignorance but…I have printed this out at work and will try to use it when I get home to my infected pc. Given my circumstances, how do I follow step 3? Download Hijackthis from HERE. There will be no ‘here’ when I’m at home on my pc. Is there a way to get to gotrendmicro.com when my pc is hobbled and in this recovery mode? Thanks…and I guess my question applies for the malwarebytes part too…should I try to download these programs on a disc and take em home to my pc?
I cannot get rid of this thing still!!! My malware does not pick up anything, but the hack this does. Any pointers?
Just got it! There was a line hidden a little ways down the list on hack this. Great fix!
THANKS A MILLION!!!!! Luckily my wife had a computer I could look this up on! I was about 30 seconds shy of breaking a ton of valuable equipment! This was simple, and fast, and 100% accurate! It seemed I was completely locked out of any options I could do aside from this. Anything apart from this would require years of computer training.
Thanks, this guide helped for removing the virus. Had to go into registry and change the proxyserver and proxyenable values so I could access the internet again afterwards though. But its all fine now 🙂
Great site! I too though my PC was doomed after being infected by antivira AV. The steps were concise, easy to follow, and effective. I would have thought my McAfee high $ subscription would have blocked this virus. McAfee wanted $89 to remove this virus….
Thank You Malwarebytes!
allen, you need to complete the first two steps, then open the instructions and go to step 3.
@Sean: if your anti malware program is unable to remove this virus, then you should try the manaul removal method prescribed on this page, hope that helps u get rid of the virus,
good luck dude
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:49:55 PM, on 2/12/2011
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\restore\rstrui.exe
C:\WINDOWS\explorer.exe
…
thank you so much
question…my computer will not let me complete step 3. The virus is preventing me from running hijackthis. Does anybody have a solution to this problem? Also am i supposed to perform step 3 while in safe mode with networking or restart my computer in regular mode, because i have no internet connection while in safe mode with networking. Somebody please help i have been dealing with this virus since last night.
OMG Thank you! This has been the only thing I’ve found that worked! Thanks!!!!!!!!!!!!
No problem with the directions. I already had malware so I didn’t have trouble with that, I just needed to update it.
THANKS!!
Thank you; I too thought my laptop computer was junk. Thanks to you it works again. Found this site on my desktop. Step 3 was confusing, then figured out I had to open this site on the infected computer. Thank you again Malwarebytes.
Thank you for your help! This really did the job on my husband’s computer and we’re very grateful.
This thing was giving me FITS! This seems to have worked! Thanks!
Your site just saved my computer from being thrown in the trash, A BILLION THANKS!!!!!!!!!
i also got this virus on windows 7 on my laptop through safe mode i was able to go on the net to get rid of it. but my daughter just got it, she has XP ops. In safe mode she cant get on the net, how dose she get round this? she did click on (safe mode networking). hope you can help.
Someone please help me! I’ve done full system scans with malwarebytes, spyware doctor, and avast!, and have removed some Trojans and malware each time, but the stupid thing is still there! I think it’s maybe because I haven’t done the manual removal, can someone please explain with detail how to remove this thing manually? I really do not want to format my hardrive.
OK I have tried step one & two, I am using a different laptop to read these instructions I do steps 1 & 2 then insure how to download anything BUT at this point my laptop keeps shutting itself off, any suggestions?
My laptop keeps turning off after I complete steps 1 & 2, I am unsure how to download hackthis when OI am on the infected computer? Any suggestions?
thanks!
great walkthru! i spent more time looking for a good site just to help me than in repair! keep up the great work! will recommend highly ! ty!
Superb instructions. I’m no expert and this was easy to follow and resolve. Very pleased to have such a quick solution. Thank you.
I got this virus even though I had Webroot anti-virus 2010 installed on my computer. I called Webroot and they wanted to charge me $129 to have it removed. I will purchase the full version of your software after my Webroot subscription expires. I want to thank you for the guide in removing this virus.
Thanks so much for posting this. I almost went to the geek squad to get it fixed which they said would start at 200 bucks just to do a “diagnostics” test. Glad google did enough diagnostics for me! I was worried my husband would have to do this but it was easy enough for me to do myself. Thanks so much-this was a huge saver!
Jase, try rename HijackThis.exe to iexplore.exe and run it once again.