• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Rogue Anti Spyware › Tutorials - HowTo › How to remove Antivir 2010 (Uninstall instructions)

How to remove Antivir 2010 (Uninstall instructions)

Myantispyware team January 29, 2010     31 Comments    

Antivir 2010 is a rogue antispyware program from the same family of rogues as Antivir and Alpha Antivirus. It is usually distributed through the use of trojans that come from fake antispyware online scanners. When the trojan is started, it will download and install Antivir 2010 onto your computer.

During installation, Antivir 2010 will be configured to run automatically every time when Windows starts. Once running, the rogue will imitate a system scan and report legitimate Windows files and not existing files as infections that will not be fixed unless you first purchase it. Of course, this is a scam, because Antivir 2010 is unable to detect or remove any infections. Important to know, all of these infections are fake, so you can safely ignore the false scan results.

What is more, Antivir 2010 may block the ability to run some programs as an attempt to scare you into thinking that your computer in danger. The following warning will be shown when you try to run the Notepad:

Antivir Resident Shield: Virus Detected
Warning! Active virus detected
Infected file: C:\Windows\System32\notepad.exe

While Antivir 2010 is running, it will flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. Some of the alerts:

Trojan:W32/Inject Activity Detected
Trojan:W32/Inject is a large family of malware that secretly
makes changes to the Windows Registry. Variants in the
family make also makes changes to other running processes.

Attention! Threats found!
Attention! 27 threats found!

Last but not least, the same trojan that installs Antivir 2010, will also install a malicious add-on to Internet Explorer. The addon will hijack Internet Explorer so that it will randomly show a warning page with the “Warning! Visiting this site may harm your computer!” header.

However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of Antivir 2010. You should ignore all of them! If you find that your system is infected with this malware, then most importantly, do not purchase it. Use the removal guide below to remove Antivir 2010 from your computer for free.

More screen shoots of Antivir 2010



Symptoms in a HijackThis Log

O2 – BHO: &UpdateCheck.dll – {D34D56E9-B37B-4C37-A854-1AC144592D5C} – C:\WINDOWS\system32\UpdateCheck.dll
O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

Use the following instructions to remove Antivir 2010 (Uninstall instructions)

Step 1. Disable malicious add-on.

Run Internet Explorer. Click Tools -> Manage Add-ons. You will see window similar to the one below.


Manage Add-ons

Select UpdateCheck.dll addon. Click disable, click OK and click OK to close Manage Add-ons window. Close Internet Explorer and run it once again.

Step 2. Remove Antivir 2010.

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivir 2010 infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.


Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start Antivir 2010 removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Antivir 2010 creates the following files and folders

C:\Program Files\Common Files\Uninstall\AV
C:\WINDOWS\system32\UpdateCheck.dll
C:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
C:\Documents and Settings\Administrator\Desktop\Antivir.lnk
C:\Program Files\AV\antivir.exe
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

Antivir 2010 creates the following registry keys and values

HKEY_CLASSES_ROOT\CLSID\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
HKEY_CURRENT_USER\SOFTWARE\XML
HKEY_CURRENT_USER\Environment\evapp
HKEY_CURRENT_USER\Environment\evuninst
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av

Rogue Anti Spyware Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

31 Comments

  1. Patrik
    ― August 14, 2010 - 10:12 am  Reply

    Katlyn, you tried to boot your PC in Safe mode with networking and repeat the steps above ?

« Previous 1 2

Leave a Reply Cancel reply




New Guides

Windows Defender Firewall Error 80070422 Scam
Windows Defender Firewall Error 80070422 POP-UP SCAM (Virus removal guide)
My KeyPro browser extension
How to uninstall My KeyPro from Chrome, Firefox, IE, Edge
News-vexeca.cc scam
News-vexeca.cc Virus Removal Guide
fake Google Translate extension
Fake “Google Translate” extension (Virus removal guide)
Ksehinkitw.hair scam
Ksehinkitw.hair Virus Removal Guide

Follow Us

Search

Useful Guides

remove android virus
How to remove virus from Android phone
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
adwcleaner
AdwCleaner – Review, How to use, Comments
How to reset Google Chrome settings to default

Recent Posts

How to remove Vista Antispyware 2010, Vista Antivirus 2010, Vista Guardian, Vista Internet Security
How to remove PcSecureNet (Uninstall instructions)
How to remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010
How to remove Live Enterprise Suite (Uninstall instructions)
How to remove PcsSecure (Removal instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.