How to remove Antivir (Uninstall instructions)

Antivir is is not a legitimate security application. The program is a rogue antispyware program that spreads mostly with the help of fake online malware scanners. It will report that your computer is infected and you must install Antivir to clean your PC. That online scanner is scam and could not possibly detect malware, trojans and viruses on your computer.

When Antivir is downloaded and installed, it will be configured to run each time when you login to Windows. Once started, it will start a scan of your computer and list a lot of infections to scare you into thinking that your computer is infected. All of these infections are fake and cannot harm your computer. The rogue uses the false scan results as method to trick you into purchase so-called “full” version of the software.

Antivir blocks the ability to run some programs. The following warning will be shown when you try to run the Notepad:

Antivir Resident Shield: Virus Detected
Warning! Active virus detected

While Antivir is running your computer will display nag screens, warnings and fake security alerts from your Windows taskbar. It will state that trojan activity detected or identity theft attempt detected. Some of the alerts:

Internet Shield: Identity theft attampt detected
Warning! Identity theft attempt detected

Trojan:W32/Inject Activity Detected
Trojan:W32/Inject is a large family of malware that secretly
makes changes to the Windows Registry. Variants in the
family make also makes changes to other running processes.

Adobe Acrobat and Adobe Flash Errors Found
A vulnerability in Adobe Acrobat, Adobe Reader, and
Adobe Flash can result in remote code execution or virus
downloading.

What is more, the program will hijack Internet Explorer and randomly shows a “Warning! Visiting this site may harm your computer!” warning page.

However, all of these warnings are fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them! If you find that your system is infected with this malware, then most importantly, do not purchase it. Use the removal guide below to remove Antivir from your computer for free.

More screen shoots of Antivir

Symptoms in a HijackThis Log

O2 – BHO: &UpdateCheck.dll – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\UpdateCheck.dll
O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

Use the following instructions to remove Antivir (Uninstall instructions)

1. Remove core components of Antivir

Download Avenger from here and unzip to your desktop.

Run Avenger, copy, then paste the following text in Input script Box:

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Folders to delete:
%ProgramFiles%\AV

Files to delete:
%WinDir%\system32\UpdateCheck.dll

You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked “First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?”. Click Yes.

Your PC will now be rebooted.

2. Remove Antivir associated malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivir infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start Antivir removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Antivir creates the following files and folders

C:\Program Files\AV
C:\Program Files\Common Files\Uninstall
C:\Program Files\Common Files\Uninstall\AV
C:\Documents and Settings\All Users\Start Menu\AV
C:\Documents and Settings\All Users\Start Menu\AV\Antivir.lnk
C:\Documents and Settings\All Users\Start Menu\AV\Uninstall.lnk
C:\Program Files\AV\antivir.exe
C:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
C:\WINDOWS\system32\UpdateCheck.dll

Antivir creates the following registry keys and values

HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV”