Antivir is is not a legitimate security application. The program is a rogue antispyware program that spreads mostly with the help of fake online malware scanners. It will report that your computer is infected and you must install Antivir to clean your PC. That online scanner is scam and could not possibly detect malware, trojans and viruses on your computer.
When Antivir is downloaded and installed, it will be configured to run each time when you login to Windows. Once started, it will start a scan of your computer and list a lot of infections to scare you into thinking that your computer is infected. All of these infections are fake and cannot harm your computer. The rogue uses the false scan results as method to trick you into purchase so-called “full” version of the software.
Antivir blocks the ability to run some programs. The following warning will be shown when you try to run the Notepad:
Antivir Resident Shield: Virus Detected
Warning! Active virus detected
While Antivir is running your computer will display nag screens, warnings and fake security alerts from your Windows taskbar. It will state that trojan activity detected or identity theft attempt detected. Some of the alerts:
Internet Shield: Identity theft attampt detected
Warning! Identity theft attempt detected
Trojan:W32/Inject Activity Detected
Trojan:W32/Inject is a large family of malware that secretly
makes changes to the Windows Registry. Variants in the
family make also makes changes to other running processes.
Adobe Acrobat and Adobe Flash Errors Found
A vulnerability in Adobe Acrobat, Adobe Reader, and
Adobe Flash can result in remote code execution or virus
downloading.
What is more, the program will hijack Internet Explorer and randomly shows a “Warning! Visiting this site may harm your computer!” warning page.
However, all of these warnings are fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them! If you find that your system is infected with this malware, then most importantly, do not purchase it. Use the removal guide below to remove Antivir from your computer for free.
More screen shoots of Antivir
Symptoms in a HijackThis Log
O2 – BHO: &UpdateCheck.dll – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\UpdateCheck.dll
O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe
Use the following instructions to remove Antivir (Uninstall instructions)
1. Remove core components of Antivir
Download Avenger from here and unzip to your desktop.
Run Avenger, copy, then paste the following text in Input script Box:
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Folders to delete:
%ProgramFiles%\AV
Files to delete:
%WinDir%\system32\UpdateCheck.dll
You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked “First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?”. Click Yes.
Your PC will now be rebooted.
2. Remove Antivir associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivir infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antivir removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Antivir creates the following files and folders
C:\Program Files\AV
C:\Program Files\Common Files\Uninstall
C:\Program Files\Common Files\Uninstall\AV
C:\Documents and Settings\All Users\Start Menu\AV
C:\Documents and Settings\All Users\Start Menu\AV\Antivir.lnk
C:\Documents and Settings\All Users\Start Menu\AV\Uninstall.lnk
C:\Program Files\AV\antivir.exe
C:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
C:\WINDOWS\system32\UpdateCheck.dll
Antivir creates the following registry keys and values
HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV”
Thank you so much for this infomation!! Finally I got this crap of my computer! It drove me nuts trying to uninstall it.
Cecilia , how did you unstall it, it drives my crazy too
Marcellus, if instruction above does not help you, then ask for help in our Spyware removal forum.
Thank you so much for the help. Kids downloaded a game and got this crap on my computer. This process worked perfectly. Norton didn’t even catch it with a deep scan. I’ll be purchasing this.
God bless u i was so worried that this crap would destroy my computer. Thank you so very very much!
Thank you; it worked like a charm and did not take long at all.
hello there i just wanted to say that i tried soooo hard to delete antivir from my pc i went through the way it says on top of this page but i cant delete it i would like to know why please because antivir is now officially the most annoying…. thank you.
please help!
sonia, if the instruction above does not help you, then ask for help in our Spyware removal forum.
It worked thanks Patrik
this antivir pop ups kept driving crazy i spend two day doing some research on how to remove this crap finally i came across with this post. unsure if i should follow this instruction i went ahead and tried it.. correct me if I’m wrong but it seem to me by noticing this post that this is like a new virus that just came up?..thank you so much for your help.
Jay, what is a new virus ? Both apps that i suggest to use are legitimate security tools.
Thank you so much, I had that piece of shit Antivir on my laptop and it was so annoying…This antimalware removed it for FREE! Seriously, thank you!
Why is it this AntiVir is able to get passed ENOD, Norton and most importantly, Windows Security? What the hell is going on with that? I was able to uninstall it. I am sure Windows is aware this bunch of thieves are using a symbol that is identical to their Security icon in the upper left hand corner. Microsoft needs to get on the ball and prepare a security update against this type of stuff.
Wonderful, took no time at all, cleaned up computer for mom and sister. Thank you!
Nasty bit of Malware this ‘antivi’. One of my employees has it, I’ve tried everything BUT malwarebytes at this point including the manual fix. Unfortunately, some of the program files for it are
Thanx…It is Very much helpful….
Looks Like AVG And The Threat Windows Look Like Microsoft Security Essentials!
The antivir will not let me get on-line. How can I download avenger to my desktop so I can uninstall?
Robert, try download Avenger in the Safe mode with networking. Also you can download it to another computer, then move Avenger to infected PC using CD disk or flash drive.
OMG tnk u so much..it was giving me a headache… Tnx alot!!!
I am so happy I got rid of this nasty antivir. Thank you so much. You are of great help since it is also very easy and straight forward.
it work thhanks
I know I am only reiterating what most of the other users have said, but these instructions worked perfectly! I am amazed. Holy $#!+
I have personal security on my laptop..
is this the same as the thing on here..
like happening.
cause i want to get rid of it 😐
Jame, try the steps.
You dont have to go into safemode to remove this…. You can open Windows Updates and browse to it from there, this AV doesnt block the Update Explorer window.
To clariify my last post, you can get to the avenger site by opening up the Windows Update window, then browse from it to the site in question to download the removal tools.
I downloaded the MalwareBytes Anti-malware and whenever I try to open it it says: Run time error ‘0’. What does that mean?
Adam, click Start, Run, type cmd and press Enter.
Command console opens.
Type
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"Press Enter.
Type
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"Press Enter.
Type
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"Press Enter.
Try run Malwarebytes once again.
Note: Malwarebytes should be installed into C:\Program Files\Malwarebytes’ Anti-Malware
I followed the steps and copied the script into avenger. I rebooted my PC and the script failed. I believe it stated that the folders didn’t exist.