Antivir
Antivir is a fake security program that will initially redirect Internet browser of the compromised computer to fake security web site. On this site, Antivir simulates a virus scan produces convincing fake results. This practice is extensively used in the operation of rogue security programs anticipating advance acceptance from users. Other than those mentioned, this bogus program tries to install itself on computers either automatically or manually by tricking users on its beneficial functionalities. Automatic installation requires Trojan’s expertise in infiltrating the system invisibly. While manual setup involves heavy encouragement from fake security alerts and Windows task bar warnings.
Antivir is not in any way connected to Avira, an established security software provider. In fact, Antivir virus is perfect impersonator. Highly distinguishable difference between the two is method of propagation. Avira Antivir is promoted on their own web site and standard online advertisements while Antivir virus is spread with the assistance of Trojan. Moreover, Antivir unexpectedly appears on computer and overruns default setup protocol. As soon as it completes loading, Internet access is blocked and provides error page containing the message:
We strongly recommend to discontinue the use of this website. This website has been reported to Microsoft for containing threats that might steal personal or financial information from your computer.
Warning! Visiting this site may harm your computer!
This web site probably contains malicious software program, which can cause damage to your computer or perform actions without your permission. Your computer may be infected after visiting such web site.
To remove Antivir, reliable security application must be used. Avoid having Antivir to remove any threats on computer since already realized that rogue programs has no security module to do such task.
Antivir Screen Shot:
Alias: Antivir Virus
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
Antivir Removal Procedures
Manual Removal:
1. Stop Antivir process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
antivir.exe
2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Antivir entries.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.
5. Exit registry editor.
6. Remove Antivir start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
antivir.exe
7. Click Apply and restart Windows.
Antivir Removal Tool:
Entirely removing Antivir virus does not require complicated process. Only one program is required to eliminate presence of fake security application. In fact, some lenient infection contains “uninstall.exe” file which is sufficient to remove unwanted software. If in case the file is missing, download a copy of Malwarebytes Anti-Malware and install with default settings. Run a thorough scan of the compromised unit and be sure to delete all detected threats.
Using free version of legitimate Online Virus Scanner can help remove other threats not detected by installed security program. This tool can be used to identify hidden threats without
the need to install separate anti-virus application.
Technical Details and Additional Information:
Malicious Files Added by Antivir:
C:\Program Files\AV\antivir.exe
C:\Program Files\AV\UpdateCheck.dll
C:\Program Files\Common Files\Uninstall
C:\Program Files\Common Files\Uninstall\AV
C:\Documents and Settings\All Users\Start Menu\AV
Antivir Registry Entries:
HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform “WinNT-EVI 25.11.2009″
George
Jul 25, 2010 @ 23:20:31
Okay so I have this virus on my vista computer and it won’t let me go to the Internet or any other of my programs.
I can’t get rid of this virus it has blocked everything, can anybody help?
Courtney
Jul 30, 2010 @ 05:45:21
George, I have the same problem, I can’t go into task manager, can’t do anything. Please help!
klklkjkl
Jul 30, 2010 @ 21:11:24
start -> computer -> system restore
Den
Jul 31, 2010 @ 02:11:11
Got hit with this too.
Locked out of task manager, rollback options, and most of my programs.
any hints?
also reported them to the FBI
kimberly
Jul 31, 2010 @ 17:09:17
i got this morning. i couldnt do anything.so i restarted my comp in safe mode(F8 when comp boots back up) and then did a system restore. now its back up runnig perfectly. hope this helps:)
Juan David
Jul 31, 2010 @ 19:16:40
I got hit with this virus and it blocks me from every program that can be used to affected: I try to shut off my Wi-fi and it tells me it can’t be opened because it might be infected. Same with Task Manager and Add/Remove Software in the Control Panel Window. Shoot!!! I hate this thing and I don’t know how to get rid of it mow since I can’t use the Internet to update my REAL Anti-virus. When I opened Internet Explorer, it didn’t let me go to any website claiming “Internet Explorer had detected a threat” on the website. And when I used Mozilla Firefox it still said “Internet Explorer had detected a threat”. And that’s when I found out this was fake. If you let Antivir “scan” your computer for threats, is it iactually nstalling bad files in it??
Alan
Aug 01, 2010 @ 17:13:39
This virus is a pain. I could not open anything: safe mode, task amanger, regedit. Finally, i tried opening task manager right after logging into windows, before any apps loaded. This worked. Somehow, i killed th eright process that stopped the virus from allowing me to open the System Restore function. I restored to yesterday and i am back in business. Now it’s time to run Malware Bytes to get rid of anything that may be lingering. Thanks for your help.
Dave
Aug 02, 2010 @ 07:02:10
Alan,
Thanks to your comments about jumping into Task Manager immediately after start up …. I was able to stop the process and get rid of this #@!$ thing. I got the virus late last night and tried all day to get rid of it. Like you, I couldn’t open anything and after reading about the Task Manager …. I still could not get in long enough to find and eliminate the right process. But after seeing your comment late tonight … I tried again right at start up and killed the @##$!
I have Norton running now to clean up the mess
Dave
Sharon
Aug 02, 2010 @ 08:10:39
Got this darned thing a few hours ago. I did what Kimberly suggested and it worked! Restart in safe mode & then system restore.. Now running Norton.
Chuck
Aug 02, 2010 @ 16:51:11
Alan,
So what was the process you killed in Task Manager?
Joey
Aug 02, 2010 @ 20:11:33
All I did was restart my computer, hit ctrl+alt+delete, and find the program in the task manager and close it. It has some long obnoxious string of letters as its name. Now I’m going to try to find it in my system and delete it. I think a lot of people got infected because it found an exploit through java.
Joey
Aug 02, 2010 @ 20:12:25
Oh and also try to hit ctrl+alt+del right when your desktop comes up before the virus has a chance to open.
Oscar
Aug 02, 2010 @ 23:34:01
I tried booting it up in safe mode to use system restore and it didn’t work at first, but I found that selecting one of the options right as the computer starts up still worked, and after telling the computer to resume normal boot up, I could quickly hit F8 and get safe mode, which let me run system restore, which worked just fine.
Mike
Aug 03, 2010 @ 13:48:06
I had this problem aswell.
What i did was shut the computer down, went into safe mode w/ command prompt and then typed in msconfig into the directory and disabled the start up process that starts this program
nxbcbccc I believe that was the item name in start up on msconfig
Then I proceeded to try and run a system restore for the day before I had this problem, and it just put it back on my computer. So I did the process again and just downloaded Avast, malwarebytes, and ccleaner.
This was able to detect and find at least 3 infected files and the “rogue virus” itself. Not sure if malwarebytes is somehow in cahootz with these people, but it does seem like they are getting alot of advertisement out of it and their program miraculously is able to get rid of it when other better known virus protection software is unable to.
BTW I downloaded Ntune supposedly a nvidia graphics card monitor and tweaker… I believe this is what brought on this virus.
I still seem to have this nxbcbccc file in my start up on msconfig , it is disabled and I have been unable to remove it entirely , if anyone has furthere information please do reply.
tony
Aug 04, 2010 @ 14:11:51
By the way mine is on a wireless netbook so I cant put any CD’s in to remove it
tony
Aug 04, 2010 @ 14:14:37
mine is same and I knew it was something wrong because it didnt look like a IE problem and wouldnt allow me to do anything and my double click is not working as my kid spilled water on the computer . It also directed me to v-a-ra and p-rno sites and I think these Antivir people are affliates who get commission from those sites so they let you go there but I dont think those sites know whats going on.
Ryan
Aug 05, 2010 @ 08:45:05
Been struggling with this for a day or so, then I finally noticed I could system restore from the very first HP loading screen by pressing F11. Hopefully this has worked and i can follow the above steps to rid myself of it completely.
Sin
Aug 05, 2010 @ 19:35:32
If you are fast enough at startup you can launch any program you want before Antivir kicks in and cuts off your ability to launch anything (talking normal mode immediately after a restart here).
As stated above, this gives you a chance to use control + alt + delete to kill off the process (antivir.exe)
Alternatively, you can quickly launch your anti-spyware applications. In my case I was able to launch Malwarebytes Anti-Malware before the virus stopped me, and MBAM then killed it.
Just dont panic, the things that this virus tells you are infected are not infected, it lies to try and force you onto the webpage it goes to if you use its fake scanning interface and from there it will try to hit you with webpage exploit stuff.
Steve
Aug 07, 2010 @ 23:39:00
1. Ctrl+alt+dlete upon starting computer
2. Search processes for a strange name [myn was p2wd3dd2.exe] Close this process off
3. Go to [Start > Run > type “msconfig” > go to startup, find the process u closed off, look at its location, follow it, delete it, restart computer.
4. Solved.
ian
Aug 08, 2010 @ 04:36:57
the cntrl-alt-delete thing does work if you try it before anything else loads, soooo happy i thought my mom’s computer was going to have to be wiped clean, thank you all…ps. the task program was named something random like tsglkgjh. not antivir.exe
jim
Aug 09, 2010 @ 02:29:26
damn i hate this virus
Luke
Aug 11, 2010 @ 07:04:55
Did the whole safe mode then did system restore.
Works perfect. Thank you very much. Just saved me $300.
Mayo
Aug 13, 2010 @ 20:05:53
I was so relieved, I got my programs running again. Thanks so much for the tips. I also did turn off the computer (the on/off button and not the shut down) then turned it back on again and it gave me a choice to go on safe mode. Once in the safe mode, I was able to get into task manager but could not find the virus so I typed “.exe” on Search then all programs with .exe extension popped up and I chose the one that has this garbled letters and deleted it. I did system restore and everything was running again. Hope this helps.
Rauly
Aug 13, 2010 @ 22:25:15
I got hit with this stupid virus. Gonna go home tonight and see if I can get this deleted using the task manager and deleting the correct file.
Karen
Aug 21, 2010 @ 01:47:28
I got this after installing Avira on my computer. I took my computer to Best Buy, and they said they had been swamped with people with this virus. I had to go to SAFE mode and do a bunch of stuff that I don’t understand to get this pernicious virus off! I bought another computer so I’d have a back up if this sort of thing happens again. Then it showed up on my NEW one! I went into processes and closed it. Whatever happens, don’t click on the X to close it! I think it is associated with AVIRA, but my computer geek son swears it isn’t. What do you think? I don’t download anything, and I got it!
Joe
Aug 24, 2010 @ 21:38:15
You also have to go into Control Panel Internet Options and take the proxy server setting off. This is under the Connections tab, LAN settings. If anything, only the Auto detect settings should be checked.
This virus is a real PIA!
Zane
Sep 15, 2010 @ 10:48:29
I got hit with this virus and lost my job over it, I have a baby on the way. Thanks author for ruining my life, see you in the next one.
Emma
Feb 11, 2011 @ 11:34:19
I got hit with this stupid virus too! I have tried many things but nothing has worked yet but thank you all for your comments, i will surely be trying everything you have all suggested when i go home!
Daniel
Feb 16, 2011 @ 21:32:04
I tried the crtl alt del plan but the exe is not listed. This is the second time the damn thing has got me, and i used ctrl alt del to end it the first time. ANy ideas?
tom
Mar 06, 2011 @ 23:27:23
Thanks Everyone I paided to get this virus,something came onto my computer saying it was infected, so i paid for Anti-Virus Software, which was AntiVira-AV Don’t make the same mistake. Up and running from the tips i found here. Thanks Tom
Antivirus Support
Apr 19, 2011 @ 07:57:20
This Antivir program just downloaded itself onto my computer when I never even clicked on it! I tried to stop it from installing but to no avail. I deleted everything I could that was associated with it, but now everytime I go onto my usual websites, even my own homepage, it keeps blocking me! I don’t know what to do to get rid of these annoying website blockings!!!
mary gonzalez
Apr 27, 2011 @ 17:36:13
I CANNOT use ANY application at all. am presently using the computer at the library. I have all my pc specs. Can I install programs to remove this antivirea from here??? or do I have to take my pc to a shop???
Please respond ASAP
Thanks,
Mary G
(347) 886-9542
gonzalezmary4022@yahoo.com