Antivirus Soft
Antivirus Soft is one of the very hazardous rogue security applications that also serve as ransom-ware. Under deceptive pretences, Antivirus Soft is sometimes installed on computer with users consent. Users may perceive the program as authentic security application due to its attractive graphical user interface. Unknown to many, Antivirus Soft is destructive as its older version called Antivirus Live. The former have infected millions of computers globally while latest variant is expected to be much aggressive.
It was observed that unwanted application suddenly appears on the system as Trojan infection. It used to redirect Internet browser to fake online virus scanner web page which usually dropped the malware when visitors interact with all the prompts and buttons of scan results. Also, infection turns up to be cause by outdated Adobe Acrobat Reader vulnerabilities abuses by malware to gain access on target computer.
When inside the computer, Antivirus Soft virus employs aggressive methods to draw users into having the registered version of the software. It consumes unnecessary pop-up warning and alert messages emerging from any part of the screen. Separately, Antivirus Soft virus scan is exhibited from time to time exhibiting fake detection of security risks misleading computer users to visit payment website and finally recommend to purchase the licensed version.
Any web sites, pop-up and prompts promoting Antivirus Soft must be totally ignored to prevent this unwanted program. If infection occurs, resort to an effective anti-malware solution as described on this page.
Update: October 29, 2010
New variant of this rogue program was released in the name of Antivirus Suite 2010. Method of propagation remains the same; it can either be via fake online virus scanner, a Trojan or fake multimedia web sites.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Antivirus Soft Removal Procedures
Antivirus Soft REMOVAL TOOL:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.
MANUAL REMOVAL PROCEDURE:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Antivirus Soft”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the system and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Antivirus Soft Virus.
4. Registry entries created by Antivirus Soft must also be remove from the Windows system. Please refer below for entries associated to the rogue program.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.
5. Exit registry editor.
6. Get rid of Antivirus Soft start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
Technical Details and Additional Information:
Malicious Files Added by Antivirus Soft:
Windows XP:
%UserProfile%\Local Settings\Application Data\[random]\
%UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
%UserProfile%\Local Settings\Application Data\[random]\[random]gtvat.exe
Windows Vista and Windows 7:
%UserProfile%\AppData\Local\[random]\
%UserProfile%\AppData\Local\[random]\[random]sysguard.exe
%UserProfile%\AppData\Local\[random]\[random]gtvat.exe
File Location for Windows Versions:
- %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
Antivirus Soft Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
mark p
Feb 10, 2010 @ 20:10:09
every thing you said in the post was corect. it kept poping up like it was the only thing that would get the viru off the computer. i piaid $50 for it and i would like to know how i can get my money back or better yet how can i report this company. i cant even get on there site!!! yes very pissed
Neil
Feb 15, 2010 @ 06:41:15
Mark P
Initiate a complaint through your credit card issuer immediately. You were successfully duped by a scam, and they should have means to stop the payment, thus reducing the profits of crime, as well as reimburse you your $50.
tom
Feb 15, 2010 @ 13:14:41
If you paid for it you should call your credit card company and stop your card immediately. You have unfortunately just handed your credit card details to a scam company.
Jason
Feb 26, 2010 @ 04:12:51
hi thanks for the information
however, i am facing the same problem now
i have downlaod the MBAM but i cant open it it always says its infected !!
please teach me how to turn on the MBAM
thanks
Beverly
Feb 27, 2010 @ 12:56:48
I am just looking for the Antivirus soft basic adress and a phone #.Does anyone have it. thanks
Lou
Feb 27, 2010 @ 18:04:05
I am having the same issue. In regards to downloading Malwarebytes’ AntiMalware and not being able to open the application, run your computer in Safe-Mode with Networking. As we speak, I am running the malware removal tool on my computer.
Brandib
Mar 01, 2010 @ 05:21:04
just run Windows in safe mode and then run system restore, and restore your computer to a save date from a week ago. No need to download any other programs. Just need to outsmart the stupid antivirus program.
Kim
Mar 02, 2010 @ 15:04:09
Reboot in Safe mode (press f8 during start up) then run Malwarebytes’ Antimalware … this worked for me
Charles
Mar 02, 2010 @ 15:05:33
One of the issues that were not mentioned for removal is the programs ‘control’ of your computer. To by-pass this control, restart your computer and IMMEDIATELY access the ‘Task Manager’ (Ctrl+Alt+Delete -> ‘Task Manager’). Once the Task Manager is loaded, keep it loaded until you see a program called “DoScan.exe” under ‘processes’. Close it. There will be two other .exe programs you will be forced to ‘End Task’ on before the program is temporarily shut down. Then you can install/run your regular malware removal tools. But not until.
liz
Mar 03, 2010 @ 12:46:11
I was able to remove this by restarting and immediately opening the taskmanager, as suggested above. My question is about Adobe Acrobat’s vulnerability, because as far as I can tell, that’s how I got the stupid virus in the first place (Acrobat was the only thing running at the time).
Any idea what I need to do to make sure this doesn’t happen again, aside from never using Acrobat again?
Joe
Mar 03, 2010 @ 20:45:38
Hello:
I have been trying to get rid of this all day. The (horrible) company contact information (per Beverly’s question above) is:
Antivirus Soft, Inc.
Great Marlborough Str. 74
London
SE12TU
GB
1(800)220.72.09
I still have not yet been able to get rid of the virus, it has my computer taken as hostage.
In addition to the information posted above, I found it helpful to use the “rkill” application to terminate the malware’s processes before I could even attempt to get into the MBAM program installation and scan. Unfortunately, after a three-hour scan of my computer, MBAM did not find the Antivirus Soft, Inc. virus. I am currently looking at alternatives to the process as noted above.
Joe
cljm
Mar 05, 2010 @ 17:33:10
Joe
I successfully removed it but it took a while. My first attempt using MBAM was unsuccessful. I tried again and updated the MBAM program. This time it was successful. You have to be quick. As the previous people reported, go into safe mode with networking. You’ll have a few seconds to update the MBAM, before the virus kicks in. You might have to go into your registry after and manually delete any weird looking entries. Make sure you know that they are not valid first.
BC
Mar 08, 2010 @ 03:03:01
You can just reboot in safe mode and restore your computer to an earlier date, it worked for me and was much easier than the others that were explained here.
Beverly
Mar 08, 2010 @ 11:06:42
Thanks Joe for the infor, and just to let everyone know I called Dell & after 3 hours my pc. is back to normal.only thing left is to get my$ back.
Cletus
Mar 13, 2010 @ 04:39:00
This also happened to me and I am currently disputing the charge through my bank. I also did a system restore after re-booting my PC in safe mode. I am so pissed. Norton Antivirus which I currently use couldn’t even remove it once the pop-up loaded.
Zeee
Mar 16, 2010 @ 00:38:49
This happend on my work computer. I was so pissed. I knew that system restore would fix it, but obviously i dont have the clearance to run it. The worse rrpart is i am likely going to get in trouble for this because it kept popping up pornographic websites, and such. Furtheremore i have already recevied a warning about using internet for personal matters and a look into my history will reveal to them that i have been using
If i ever find the person who created this software, well lets put it this way, he is going to get quite a beating.
By the way System administrator fixed it by running restore but now i am afraid that it may still be dormant on the system. Because we went back a couple of days, and who knows when this program came on board
Vampeezy
Mar 20, 2010 @ 08:34:19
Easiest way to remove this virus without fail or fear of it being dormant in the system is to delete the source/program. Here’s how to (on vista, not sure if its the same on xp, but still possible): Go into your appdata\local folder (for vista, its C:\Users\’yournamehere’\AppData\Local). You will see many folders and files, look for a random generated folder (example: C5a4eu) and open the folder, you will now see a random generated file name (example: ss4wU). RENAME BOTH FILES! rename it to anything, just dont keep it the same. Then reboot your computer. Go back into that same location and DELETE the file and the folder. The problem is gone. Just remember not to go back into that website/program gave you this headache. I forgot how i found the location of this program.
Steve
Mar 20, 2010 @ 17:53:52
Well it seems that we were zapped by a “new and improved” version of the Antivirus Soft scumbag infection. We could not run system restore even in safe mode or run taskmanager. We bit the bullett and got Iyogi and zapped it. It was not cheap but it also removed all the crap that Norton has been missing. Iyogi is also sending us a report for our credit card company to clear the charge. Iyogi said that 1 in 4 calls to them are about Antivirus soft.
paul alexander
Mar 21, 2010 @ 19:37:04
This software is ubelievably aggressive and only after trying variious things – could i find the answer in getting rid of it. It will stop you using any existing anti virus software to remove it and will also stop you using your web browser other than directing you to its own website.
The answer is to switch user (Start button and hit switch user). Even if you have never set up another user, it will let you go to this option where it will start up in a clean user environment. Download ths suggested software and then go through the instructions – including the scan.
By deleting the infected files, you can then restart your computer and if its still infected on the main user profile – go to your spare profile and save the anti virus file to a USB dongle and load it onto your main profile. Then go through the same instructions and all should be well.
all you then need to do is visit the registered office of Antiviirus Soft and burn the building to the ground!
annette pappas
Mar 28, 2010 @ 14:50:26
This THING appeared on one of my workstations and we do not save any documents on this computer so I thought that restoring it to an earlier date and that would fix the problem. I pressed F8 when windows was starting (did this several times) but somehow I did not see it boot into safe mode. I rebooted again and before everything loaded I was able to go and restore to an earlier date. It would not allow me to restore to a few days earlier or the beginning of the month so I went back to a few months ago and restored and all is good now.
bull moose
Apr 01, 2010 @ 14:22:55
i just got taken for 69.95.maybe i can get binladen to drop them a bomb, or maybe our gorvermint shoul do this.
gatorkc
Apr 02, 2010 @ 15:20:55
I just went through my files in the C drive and found a new file added last night. I deleted it and when I rebooted, i had access to my computer again. The only thing I had to do is contact ATT and reconfigure so I could go on line again. Thanks for the tips. This was a simple fix to what I thought was going to be a biggy. I think i will run the Malware just to be sure it is laying low someplace.
charlie
Apr 09, 2010 @ 07:29:28
How do I get my money back form these scumbags? somebody help me
Dave
Apr 13, 2010 @ 09:01:43
Apparently I am not the only one suckerd by these guys. From what I am reading no one knows how to get their money back eithere. We were all duped.
Champs
Apr 20, 2010 @ 14:42:19
Reboot -> Task Manager -> End Process (something random like ugatyaeyt.exe) -> Run -> Type MSCONFIG -> Startup TAB
Now look for something random like fygefayte.exe thats the location go to folder delete it and it is gone.
Renee
Apr 21, 2010 @ 14:16:34
I feel so foolish for allowing this SCAM/Rogue to happen to me. $50 isn’t a lot to some folks, but means the world to me. Feels like a hefty price for a simple mistake.
Chuck
May 20, 2010 @ 13:44:37
I have had troubles with Antivirus soft as well. Safe mode is important as well as what Charles said about task Manager. You can safely end almost all of the processes that are showing up under the current user name. Mban works most of the time. Superantispyware is another good one. I have also discovered a new one called combofix.
Check out this link and good luck.
hxxp://www.bleepingcomputer.com/combofix/how-to-use-combofix
Mel
May 26, 2010 @ 03:02:08
Well, I coped this virus yesterday. I use Avira on my PC and was wondering why it never picked it up. Apparently the default settings for Avira don’t have the box ticked for stopping Malicious Software. You need to go to Extras- Configurations, tick Expert Mode – General then you can tick the boxes on the right hand side ofr what you want protected. Make sure the Fradulent Software box is ticked.
To remove the virus, you have to go into Safe Mode, hit F8 unitl it comes up, then go into Safemode with networking. Before you load or run Malware Software. Go to internet, hit tools- Internet Options, then Connections – Then Lan Setting and untick the Proxy Server Box. Click ok on all windows. Then run Malware Software, you will have to download on another computer and place on a USB stick, rename the program (I called it Hello) then the infected PC will let it run and update. After you have scanned and removed all the malware found on your pc, you will need to reboot. Let the pc reboot as normal, not in safe mode. Then you need to download a program rkill.exe this will make sure all parts of the virus have been removed, and removed properly.
Two out of Three computers in my house where infected yesterday by this virus, and they are all looking fine and back to normal now. You don’t need to restore your PC to an earlier date and risk loosing programs or documents etc.
Follow instructions above.
Cheers,
Did it
May 28, 2010 @ 01:29:21
Champs! It worked thanks for the help!
Kalu
May 28, 2010 @ 04:52:42
Found this and Sean’s suggestion very helpful. Sharing it on Facebook
Maddy
May 31, 2010 @ 06:28:27
I cannot restart in safe mode or safe mode with networking, or any mode for that matter without getting a blue screen. I’ve tried everything. How exactly do you install a program if you can’t even get to the start screen? Help?
lisa
Jun 02, 2010 @ 06:18:33
I was unable to get in to anything on my computer due to this scam/fraud antivirus soft basic. I had to restore and re-boot the system. The number and address is no where to be found. The best thing to do is to contact your Bank and dispute it.
Romeo
Jun 03, 2010 @ 08:58:35
I feel like an idiot. It did the same thing to my computer, and I bought it and installed it to both computers in the house. My free Norton Internet security scan deleted it. I feel like such an idiot because I bought the $70 one. My parents are gonna kill me :(
Chuck
Jun 03, 2010 @ 19:27:04
For Maddy and anyone else who can’t even boot. This might help:
If you have your original Windows CD, there is a way of changing your “BOOT ORDER” to boot from the cd at startup and hopefully sometimes fix a nonboot disaster. For most computers, tapping Delete or on Dells, F2 will get you to that boot order screen. Make changes to Boot from the cd and when the choice comes up “R” for recovery, make that choice. Several screens later, you will get an opportunity in a black screen to run chkdsk /r in something that looks like an old DOS screen which might help you.
If you can get to another computer, you can print out directions in more detail then just brief version.
Sara
Jun 05, 2010 @ 02:21:40
OMG!! same happened to me…i bought the 54 dollar one…guys just call your credit card company and tell them to cancel!
Suz
Jun 10, 2010 @ 00:49:23
I got rid of this Last Week… I ran SPYBOT and it got rid of it.. It’s Back now! Even more aggressive. This is ridculous.
carissa
Jun 10, 2010 @ 03:57:34
did anyone get their money back?! i bought the 70 dollar one and it was on my moms debit card so now i am freaking out!!! has anyone experienced them taking more money out of the account than they should?! i hope this doesnt happen
Todd
Aug 19, 2010 @ 20:13:28
After two failed attempts with MBAM, I followed the directions in comment 17 above and it fixed the problem just fine.
dennis cheney
Nov 15, 2010 @ 16:12:30
if anyone is interested i had same problem. i contacted mcafee and they ran a scan a found 3 nasty trojans and i have reimage that scans my pc, it replaced or fixed 8 pages of deleted files & folder. contacted http://complaint.ic3.gov/update, they took my complaint and sent my a copy of the complaint, sad i had atm time to reorder
tom
Jan 01, 2011 @ 18:32:15
hey i had the same problem ,but i found out while i was installing it becasue it didn’t seem right to me and i “stopped scanning” and my pc is ok now. it sisnt seem ok at the first place because the font was strange