Antivirus 360 is a rogue antivirus/antispyware program. The fake antivirus is fresh version of Antivirus 2009 . Antivirus 360 uses scare tactics (fake alerts and false positives) to trick users into buying the fake software. Antivirus 360 is distributed through the Vundo trojan. Once infected with Vundo trojan your computer will display large amount of pop-ups that tells you that your computer is infected and you should download and install Antivirus 360 in order to protect your computer.
During installation, Antivirus 360 configures itself to run automatically every time, when you start your PC. Once running, Antivirus 360 will scan your computer and list a large amount of infections, but some of these “infections” are actually legitimate Windows files:
C:\Windows\System32\explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\alg.exe
Antivirus 360 may drastically slow the performance of your computer.
Symptoms in a HijackThis Log.
O2 – BHO: (no name) – {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} – C:\Windows\System32\winconfig.dll
O4 – HKCU\..\Run: [12840894984709702141078366734454] C:\Program Files\A360\av360.exe
Use the following instructions to remove Antivirus 360 (Uninstall instructions).
1. Remove trojan Vundo.
Some variants of Antivirus 360 uses trojan Vundo to install itself.
- Download VundoFix and save the file to your desktop.
- Once it downloaded, double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it’s done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES.
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
2. Remove Antivirus 360 files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Files to delete:
%windir%\system32\winsystems.dll
%windir%\system32\winconfig.dllFolders to delete:
%ProgramFiles%\A360Then click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
3. Remove Antivirus 360 associated malware.
Using Malwarebytes Anti-Malware.
- Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
- Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Using SuperAntispyware.
- Download SUPERAntiSpyware.
- Close all programs and Windows on your computer.
- Double Click SUPERAntiSpyware.exe to install the application.This will start the installation of SUPERAntiSpyware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing click on the Finish button.
- You will see a message stating that you should update the program before performing a scan. Click Yes. As SUPERAntiSpyware will automatically update itself.
- You will see SUPERAntiSpyware setup wizard. Follow the prompts. To close the Wizard press Finish.
- Protect home page dialog will be open. Click on the Protect Home Page button.
- You will now be at the main program.
- Click Scan your computer. Click Next.
- The scan may take some time to finish,so please be patient. When the scan is complete, result of scanning will be open, click OK.
- Click Next to start removing the found threats.
- If you are asked to reboot the machine, choose Yes.
Antivirus 360 creates the following files and folders.
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk
%UserProfile%\Desktop\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360
%UserProfile%\Start Menu\Antivirus 360\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360\Help.lnk
%UserProfile%\Start Menu\Antivirus 360\Registration.lnk
c:\Program Files\A360
c:\Program Files\A360\av360.exe
If you need help with the instructions, then post your questions in our Spyware Removal forum.
Its strange, default language for MBAM is english, you can change it at first steps of installation procedure.
thanks alot for ur instruction for removing 360. i was so upset,, thanks alot, it really works
I have tried to follow your instructions to get this antivirus 360 nightmare to leave me alone, however everytime I visit a web page on my home computer it blocks me. I’ve tried Several failed attempts…what do I do to get this thing off my computer. It is blocking just about every site.
Jenni, boot your computer in the Safe mode. Manually remove these two files: c:\windows\system32\winsystems.dll, c:\windows\system32\winconfig.dll
Remove the folder: c:\Program files\A360
Reboot your computer in the Normal mode and run Malwarebytes Anti-malware, perform a scan.
i FREAKING LOVE YUU GUYS!
:]
Thank yu so much.
after removing the 360 stupid ting, my com still run slow as compared before. issit suppose to be liddat? pls help
Thank you so much for all your info. This A360 not only over-powered my desktop, but it stole $79,96 from my husband credit card. Thank to u & the bank security department, I could recover both.
pea, please follow these steps.
at the first step of installation procedure, it did ask me to choose the display language. But no matter i chose english or chinese, the language displayed is neither english nor chinese…:(
yuki, probably its problem with MBAM (you can ask about it at malwarebytes.org forum). Try to useSuper Antispyware.
in safe mode, I deleted 1 file and 1 folder (not all three mentioned)…I downloaded VundoFix and it scanned but found over 800 files…now it wants me to pay/register…does this sound right? How can I trust it? after this gets worked out is my next step to download Avenger?
Looks like you have downloaded a Vundofix tool from google ad link, its not free vundofix tool. Don`t pay any money.
Skip step 1, goto step 2 or step 3.
Patrik, really thank you very much! you’ve helped lots of people including me 🙂
Hi! there i don’t know but my pc got infected with kind of virus win32 kinda and other kind which infects my pc getting slow as well as frozen. I have aleast formated my hard disk say 60 or more times. it gives me some time relief and start as it was i am totally frustrated please help me 2 get this virus out of my computer. Thank u.
sunil, ask for help in our Spyware removal forum.
I recently installed an exe. file for a game i found on the internet.. i am living in china, and this game also included a very evil 360.exe
anyway.. i followed all the steps.. removed the trojans, virus’s then reboot… And i get a blue screen flash, and windows will not load…
only able to load in safe mode.
I then selected option, load previous working settings and windows loaded.. with 360 still installed..
HELP!!
i also have an external HD .. the games install file is there and i cannot delete as it sais the file is currently being used.
what to do?
Also.. i never installed any updates via the 360 as i knew it was dodgy..
i always click the X button in the right hand corner..
Also, i cannot even uninstall the 360.. as it sais file is in use. also its in chinese.. cannot understand.. hahah
Hii..
I accidentally downloaded 360 antivirus in my laptop.. I tried to remove dat frm my system bt cudnt plzzz plzzz help mee… Hv sum urgent work on my laptop bt bcz of dz virus i can’t able to do dat… Plzzz plzzz some one help me to get rid of dz virus..
thank u very much. i got this stupid virus after installing a suspicious looking key generator for a software. this worked for me-
1. while the windows was still running i downloaded and installed superantispyware free. also download ccleaner.
2. restarted computer in safe mode. in safe mode 360 wont initialize. so now you can delete the 360 folder in c:/program files.
3. now run scan with superantispyware. it will detect some of the files which are left. delete them. for cleaning registry entries scan with ccleaner. delete all entries. also scan whole computer with ccleaner. delete all the browser data, history, cookies with it.
4. l also searched the whole computer for any files with 360 in it. you will still find some files which were undetected by these softwares. it takes a lot of work to do that.
4. after all this restart your computer in normal mode. then run antivirus scan for any other leftover files.
5. i ran mozilla firefox and avast started giving alerts for spyware popup. i now have to deal with this wpad.browsersecurity spyware. aaargggh.
I still feel that computer take more time to boot. but atleast that stupid 360 virus is gone.