Antivirus .NET

Antivirus .NET or also known as Antivirus.Net virus is a bogus security application from the same group who developed Antivirus Scan. It has infected thousands of computers worldwide. To gain an automatic start when Windows runs, this malicious application will modify system settings and registry entries. Automatic virus scan executes immediately by Antivirus .NET once Windows loads. By providing falsified information on this scan result, authors can further deceive users. This detection was just a mere imagination of the rogue developer and does not really exist on the computer. A plain scare tactics commonly employed by fake AV applications to mislead computer users. 

A continuous pop-up alerts and warning stating several threats will be observe as long as this fake application is present on the computer. If you want to stop these annoyances from your PC, you must first remove Antivirus .NET. Because of Antivirus .NET’s capability to block execution of any applications on your computer, removing the malware is tricky. It even disables files that belong to legitimate anti-virus software. To help you get this malware out of the system, free tool and removal procedure can be located on this page. It can remove Antivirus .NET and other malicious files planted on the compromised system.

Screen Shot Image:

Image of Antivirus .NET

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Antivirus .NET Removal Procedures

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Antivirus .NET”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe

2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Antivirus .NET Virus.
4. Registry entries created by Antivirus .NET must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Antivirus .NET start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

7. Click Apply and restart Windows.

Antivirus .NET Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

If Antivirus .NET is installed, it will begin to display fake alerts as an scare tactics to mislead victims:

Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
- The website contains exploits that can launch a malicious code on your computer
- Suspicious network activity detected
- There might be an active spyware running on your computer

Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Malicious Files Added by Antivirus .NET:
%Temp%\(random).exe

File Location for Windows Versions:

  • %Temp% refers to C:\Windows\Temp\.

Antivirus .NET Registry Entries:
HKEY_CURRENT_USER\Software\<random>
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = ”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = ’127.0.0.1:8992′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ’1′

Alternative Removal Method for Antivirus .NET

Option 1 : Use Windows System Restore to return Windows to previous state

If Antivirus .NET enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Antivirus .NET infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.