AntiVira AV
AntiVira AV is fake security software that belongs to the same family as Antivirus .NET. This unwanted program causes malfunction for the infected computer and forces user to obtain the paid version of it. Several security web sites are promoting AntiVira AV as computer protection software. But during diagnostics test run by security expert produces evidence that this program has no capability to serve as computer protection software. Programmer of this rogue program takes advantage of computer user’s innocence to gain profit from this fraudulent online activities.
After all, AntiVira AV is a creation of author’s greedy purpose. Once AntiVira AV has entered the computer, it will immediately modify registry and serve itself when Windows is loaded. By executing a local virus scan without user’s intervention, it can easily convince users to purchase the program by displaying alarming results. Additionally, AntiVira AV will issue fake alert messages that will scare computer users on possible infection. It advises to remove them with the paid version of this rogue program. The real solution to this problem is only to remove AntiVira AV itself. It was the one causing all of computer’s irregularities. Use a legitimate and trusted anti-malware product to get rid of this AntiVira AV virus.
AntiVira Av Screen Shot:
Alias: AntiVira Antivirus
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
AntiVira AV Removal Procedures
Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “AntiVira AV”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to AntiVira AV Virus.
4. Registry entries created by AntiVira AV must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of AntiVira AV start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
AntiVira AV Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.
Technical Details and Additional Information:
If AntiVira AV is installed, it will begin to display fake alerts as an scare tactics to mislead its victims:
Windows security alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
- The website contains exploits that can launch a malicious code on your computer
- Suspicious network activity detected
- There might be an active spyware running on your computer
Malicious Files Added by AntiVira AV:
%TEMP%\[random]\[random]sika.exe
%AppData%\[random]\[random]affm.exe
%AppData%\[random]\[random]sika.exe
%AppData%\[random]\[random]sjmo.exe
File Location for Windows Versions:
- %AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
- %Temp% refers to C:\Windows\Temp\.
AntiVira AV Registry Entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVira Av
HKLM\Software\Microsoft\Windows\CurrentVersion\Run “AntiVira Av”
HKCU\Software\Antivirus .NET
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = “1?
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:33921?
HKCU\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0?
Lori Hanken
Feb 24, 2011 @ 22:49:33
I have this on my computer, I cannot get to CMD line I cannot get to task manager it will not let me open anything.
JoetheJoe
Feb 25, 2011 @ 03:28:42
I’m a little hesitant to download a tool containing the name of the malicious software in it’s name. I’ll have to consider this and look furthere into it.
Howie
Feb 25, 2011 @ 19:02:08
Lori and Joe,
In order to remove the AntiVira AV malware you have to stop the process first. If you can’t open Task Manager then you will need to use a tool that will stop the process. I use RKill.com, or RKill.exe, or iExplore.exe. You can find any of these by through google. For this malware I would recommend iExplore.exe. Once the process is stopped then you can run your Anti-Malware program to clean it out.
This is a painful malware program and it might do some collateral damage to your system that you won’t know about untill it is cleaned out. For example, it rmoved all my saved restore points so I can’t even do a System Restore.
Howie
Feb 25, 2011 @ 19:09:19
I must add that in order to get the RKill programs you have to download them. The only way to do that is in the Safe Mode Networking. Shut your machine down, restart and just keep hitting the f8 button until the screen appears that allows you to enter Safe Mode. From there you will have to go to Internet Options then the Connections tab. Select LAN settings and uncheck the Proxy Server box. Now you will be able to get to the internet in the Safe Mode.
Chris
Mar 02, 2011 @ 01:05:41
Hello,
I killed the processes and removed the relevant registry entries. Antivira AV no longer loads upon startup. However, my computer is still ridiculously slow, and I can only access google and bing (no other websites), nor can I update malware removal software. When I attempt to ping websites from a command line, it tells me that the RCP server isn’t working.
Did I screw up something in my registry, or is Antivira AV still on my computer? Kind of at a loss, since I don’t have internet access and can’t update any utility on my infected computer to make sure…