Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove Antivir (Uninstall instructions)

Antivir_scan_completeAntivir is is not a legitimate security application. The program is a rogue antispyware program that spreads mostly with the help of fake online malware scanners. It will report that your computer is infected and you must install Antivir to clean your PC. That online scanner is scam and could not possibly detect malware, trojans and viruses on your computer.

When Antivir is downloaded and installed, it will be configured to run each time when you login to Windows. Once started, it will start a scan of your computer and list a lot of infections to scare you into thinking that your computer is infected. All of these infections are fake and cannot harm your computer. The rogue uses the false scan results as method to trick you into purchase so-called “full” version of the software.

Antivir blocks the ability to run some programs. The following warning will be shown when you try to run the Notepad:

Antivir Resident Shield: Virus Detected
Warning! Active virus detected

While Antivir is running your computer will display nag screens, warnings and fake security alerts from your Windows taskbar. It will state that trojan activity detected or identity theft attempt detected. Some of the alerts:

Internet Shield: Identity theft attampt detected
Warning! Identity theft attempt detected

Trojan:W32/Inject Activity Detected
Trojan:W32/Inject is a large family of malware that secretly
makes changes to the Windows Registry. Variants in the
family make also makes changes to other running processes.

Adobe Acrobat and Adobe Flash Errors Found
A vulnerability in Adobe Acrobat, Adobe Reader, and
Adobe Flash can result in remote code execution or virus
downloading.

What is more, the program will hijack Internet Explorer and randomly shows a “Warning! Visiting this site may harm your computer!” warning page.

However, all of these warnings are fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them! If you find that your system is infected with this malware, then most importantly, do not purchase it. Use the removal guide below to remove Antivir from your computer for free.

More screen shoots of Antivir

Symptoms in a HijackThis Log

O2 – BHO: &UpdateCheck.dll – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\UpdateCheck.dll
O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

Use the following instructions to remove Antivir (Uninstall instructions)

1. Remove core components of Antivir

Download Avenger from here and unzip to your desktop.

Run Avenger, copy, then paste the following text in Input script Box:

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Folders to delete:
%ProgramFiles%\AV


Files to delete:
%WinDir%\system32\UpdateCheck.dll

You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked “First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?”. Click Yes.

Your PC will now be rebooted.

2. Remove Antivir associated malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivir infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Antivir_remover
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start Antivir removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Antivir creates the following files and folders

C:\Program Files\AV
C:\Program Files\Common Files\Uninstall
C:\Program Files\Common Files\Uninstall\AV
C:\Documents and Settings\All Users\Start Menu\AV
C:\Documents and Settings\All Users\Start Menu\AV\Antivir.lnk
C:\Documents and Settings\All Users\Start Menu\AV\Uninstall.lnk
C:\Program Files\AV\antivir.exe
C:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
C:\WINDOWS\system32\UpdateCheck.dll

Antivir creates the following registry keys and values

HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV”

November 27, 2009 on 8:17 am | In Rogue Anti Spyware, Tutorials - HowTo | 48 Comments |


48 Comments »

RSS feed for comments on this post.

  1. Thank you so much for this infomation!! Finally I got this crap of my computer! It drove me nuts trying to uninstall it.

    Comment by Cecilia — November 28, 2009 #

  2. Cecilia , how did you unstall it, it drives my crazy too

    Comment by Marcellus — November 30, 2009 #

  3. Marcellus, if instruction above does not help you, then ask for help in our Spyware removal forum.

    Comment by Patrik — November 30, 2009 #

  4. Thank you so much for the help. Kids downloaded a game and got this crap on my computer. This process worked perfectly. Norton didn’t even catch it with a deep scan. I’ll be purchasing this.

    Comment by george — December 2, 2009 #

  5. God bless u i was so worried that this crap would destroy my computer. Thank you so very very much!

    Comment by Cherie — December 2, 2009 #

  6. Thank you; it worked like a charm and did not take long at all.

    Comment by Jeannie — December 3, 2009 #

  7. hello there i just wanted to say that i tried soooo hard to delete antivir from my pc i went through the way it says on top of this page but i cant delete it i would like to know why please because antivir is now officially the most annoying…. thank you.
    please help!

    Comment by sonia — December 3, 2009 #

  8. sonia, if the instruction above does not help you, then ask for help in our Spyware removal forum.

    Comment by Patrik — December 4, 2009 #

  9. It worked thanks Patrik

    Comment by Marcellus — December 5, 2009 #

  10. this antivir pop ups kept driving crazy i spend two day doing some research on how to remove this crap finally i came across with this post. unsure if i should follow this instruction i went ahead and tried it.. correct me if I’m wrong but it seem to me by noticing this post that this is like a new virus that just came up?..thank you so much for your help.

    Comment by Jay M. — December 5, 2009 #

  11. Jay, what is a new virus ? Both apps that i suggest to use are legitimate security tools.

    Comment by Patrik — December 5, 2009 #

  12. Thank you so much, I had that piece of shit Antivir on my laptop and it was so annoying…This antimalware removed it for FREE! Seriously, thank you!

    Comment by Cameron — December 7, 2009 #

  13. Why is it this AntiVir is able to get passed ENOD, Norton and most importantly, Windows Security? What the hell is going on with that? I was able to uninstall it. I am sure Windows is aware this bunch of thieves are using a symbol that is identical to their Security icon in the upper left hand corner. Microsoft needs to get on the ball and prepare a security update against this type of stuff.

    Comment by Sherry — December 7, 2009 #

  14. Wonderful, took no time at all, cleaned up computer for mom and sister. Thank you!

    Comment by Matt — December 8, 2009 #

  15. Nasty bit of Malware this ‘antivi’. One of my employees has it, I’ve tried everything BUT malwarebytes at this point including the manual fix. Unfortunately, some of the program files for it are

    Comment by Matt J — December 11, 2009 #

  16. Thanx…It is Very much helpful….

    Comment by Surajit — December 12, 2009 #

  17. Looks Like AVG And The Threat Windows Look Like Microsoft Security Essentials!

    Comment by Bailey — December 14, 2009 #

  18. The antivir will not let me get on-line. How can I download avenger to my desktop so I can uninstall?

    Comment by Robert Strobel — December 14, 2009 #

  19. Robert, try download Avenger in the Safe mode with networking. Also you can download it to another computer, then move Avenger to infected PC using CD disk or flash drive.

    Comment by Patrik — December 15, 2009 #

  20. OMG tnk u so much..it was giving me a headache… Tnx alot!!!

    Comment by Suda — December 30, 2009 #

  21. I am so happy I got rid of this nasty antivir. Thank you so much. You are of great help since it is also very easy and straight forward.

    Comment by Gian Oneto — January 2, 2010 #

  22. it work thhanks

    Comment by grax — January 14, 2010 #

  23. I know I am only reiterating what most of the other users have said, but these instructions worked perfectly! I am amazed. Holy $#!+

    Comment by Sean — January 16, 2010 #

  24. I have personal security on my laptop..
    is this the same as the thing on here..
    like happening.
    cause i want to get rid of it :|

    Comment by jame — January 30, 2010 #

  25. Jame, try the steps.

    Comment by Patrik — January 31, 2010 #

  26. You dont have to go into safemode to remove this…. You can open Windows Updates and browse to it from there, this AV doesnt block the Update Explorer window.

    Comment by Arrick Moore — February 10, 2010 #

  27. To clariify my last post, you can get to the avenger site by opening up the Windows Update window, then browse from it to the site in question to download the removal tools.

    Comment by Arrick Moore — February 10, 2010 #

  28. I downloaded the MalwareBytes Anti-malware and whenever I try to open it it says: Run time error ’0′. What does that mean?

    Comment by Adam — February 13, 2010 #

  29. Adam, click Start, Run, type cmd and press Enter.
    Command console opens.
    Type
    regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
    Press Enter.
    Type
    regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
    Press Enter.
    Type
    regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
    Press Enter.
    Try run Malwarebytes once again.
    Note: Malwarebytes should be installed into C:\Program Files\Malwarebytes’ Anti-Malware

    Comment by Patrik — February 14, 2010 #

  30. I followed the steps and copied the script into avenger. I rebooted my PC and the script failed. I believe it stated that the folders didn’t exist.

    Comment by Cathy — February 14, 2010 #

  31. Cathy, ask for help in our Spyware removal forum.

    Comment by Patrik — February 15, 2010 #

  32. Finally managed to get rid of Antivir thanks to the info on this site. Many thanks indeed! :D

    Comment by Sarah — February 15, 2010 #

  33. This program, “MalwareBytes,” worked to remove the “Security Antivirus” malware from my XP computer. Thank you! Jonathan Prather 2/16/2010

    Comment by Jonathan — February 16, 2010 #

  34. I have this on my daughters laptop, it appears it has stopped me connecting from the internet. Is there a way to get rid of this virus without connecting to the internet? Please help its driving me crazy!!!!!!!!!!!

    Comment by emma — February 17, 2010 #

  35. Emma, download all suggested applications to another PC, then move them to the infected computer using a flash or cd disk.

    Comment by Patrik — February 17, 2010 #

  36. Brilliant!!! Thank you thank you thank you

    Comment by Sean — February 18, 2010 #

  37. This program, “MalwareBytes,” worked to remove the “Security Antivirus” malware from my XP computer. Thank you!

    Comment by chandan — February 20, 2010 #

  38. my son downloaded this to his laptop, now the problem is, even in safemode, I can’t get it removed :( please help …

    Comment by kate — February 27, 2010 #

  39. kate, if the steps above does not help you, then ask for help in our Spyware removal forum.

    Comment by Patrik — February 28, 2010 #

  40. Thanks, this seemed to work well. I used the list of files and just deleted them from a live Linux distro. Seemed to do the job.

    Comment by Takk — February 28, 2010 #

  41. Brilliant instructions! Easy to follow, links to the software required and screenshots so you know that what you see is correct.
    Certainly did the trick for me and excluding the download time probably only took 20 minutes to complete. NICE ONE!

    Comment by AlyM — March 2, 2010 #

  42. It worked! The instructions were very easy to follow and I am so thankful! Thank you so much!

    Comment by Nichole — March 3, 2010 #

  43. Thanks for your help. The AntVir was awful and was unable to delete the program without your help

    Comment by Greg Bohrer — March 6, 2010 #

  44. Excellent! I wasted 2 hours and 30bucks on XoftSpySE before finding this solution. Worked great. Keep the kids on supervised sites!

    Comment by Jim — March 9, 2010 #

  45. it did not work?? the anvir code will not allow advenger to run it says teh file is infected and prevents me from carrying out th einstructions above?/ can you help

    Comment by jhro — July 4, 2010 #

  46. jhro, this is false alert. Avenger is legitimate small malware removal tool.

    Comment by Patrik — July 4, 2010 #

  47. jhro is right. It doesn’t just tell you not to open it, it won’t let you open it! How do i fix this please?!

    Comment by RJ — July 15, 2010 #

  48. RJ, please begin a new topic in our Spyware removal forum. I will help you.

    Comment by Patrik — July 16, 2010 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.