Antivirus .NET

Antivirus .NET or also known as Antivirus.Net virus is a bogus security application from the same group who developed Antivirus Scan. It has infected thousands of computers worldwide. To gain an automatic start when Windows runs, this malicious application will modify system settings and registry entries. Automatic virus scan executes immediately by Antivirus .NET once Windows loads. By providing falsified information on this scan result, authors can further deceive users. This detection was just a mere imagination of the rogue developer and does not really exist on the computer. A plain scare tactics commonly employed by fake AV applications to mislead computer users. 

A continuous pop-up alerts and warning stating several threats will be observe as long as this fake application is present on the computer. If you want to stop these annoyances from your PC, you must first remove Antivirus .NET. Because of Antivirus .NET’s capability to block execution of any applications on your computer, removing the malware is tricky. It even disables files that belong to legitimate anti-virus software. To help you get this malware out of the system, free tool and removal procedure can be located on this page. It can remove Antivirus .NET and other malicious files planted on the compromised system.

Screen Shot Image:

Image of Antivirus .NET

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Antivirus .NET Removal Procedures

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Antivirus .NET”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe

2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Antivirus .NET Virus.
4. Registry entries created by Antivirus .NET must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Antivirus .NET start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

7. Click Apply and restart Windows.

Antivirus .NET Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

If Antivirus .NET is installed, it will begin to display fake alerts as an scare tactics to mislead victims:

Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
– The website contains exploits that can launch a malicious code on your computer
– Suspicious network activity detected
– There might be an active spyware running on your computer

Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Malicious Files Added by Antivirus .NET:

File Location for Windows Versions:

  • %Temp% refers to C:\Windows\Temp\.

Antivirus .NET Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = ”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = ‘’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ‘1’

4 Responses

  1. Gareth says:

    A lot of our customers are being infected with this, and whats worse is a lot of legitimate AV programs like Nortons will not pick up this fake AV. I usually just boot the computer into save mode and do a system restore to a date prior to the “date created” on the fake AV exe file. Then proceed to reset the MSIE back to factory defaults and flush the system restore and temp folders etc… The system restore will reverse the registry changes made by this fake AV. If system restore is for some reason disabled then I perform a manual removal in safe mode.

  2. Randy Rambo says:

    February 1, 2011

    I thought I got rid of this malware yesterday but it cropped up again today on my Vista box. I’ve got Free AVG (Antivirus) running on my system but it and other executables are disabled with this Antivirus dot NET menace. Shame on the author(s) who created it; what a waste of humanity and intelligence.


  3. John says:

    I found that this trojan changed the proxy settings on Explorer and Firefox; thus, I was not able to get to the web for updates for various antivirus applications. I also did not have a restore point that was of any value to me. Running a search of my computer for recent .exe files, I finally located in a recent file in the temp directory. For whatever reason, I was not able to simply delete the file. So, I renamed the file to a .txt application and renamed the directory. I then rebooted the machine. As the application now had a different name it could not load. I was then able to simply delete the file and the directory.

    I then had to check the proxy settings on my browsers as I was no longer able to use the Windows Live Mail Client. Even though I rarely use Internet Explorer, I found that its settings had changed. Once I reset, I then was able to use the Windows Live Mail Client.

    Note that I had tried using the CMD commands to delete files but never did get it to work. Once I changed the name of the file, I was able to use the MyComputer icon to find the file and directory for deletion. Yes, I am sure that the registry may still have some issues but this approach at least got my computer back. None of my antivirus software was of any use in this situation. I do believe that my approach is a little simpler than some others that I have seen on the web.

  4. Fix-Runll32-exe says:

    Thanks! with the help of your article i used to resume and systemize my knowledge at the field of PC maintenance.

Leave a Reply

Your email address will not be published. Required fields are marked *