Antivir 2010 is a rogue antispyware program from the same family of rogues as Antivir and Alpha Antivirus. It is usually distributed through the use of trojans that come from fake antispyware online scanners. When the trojan is started, it will download and install Antivir 2010 onto your computer.
During installation, Antivir 2010 will be configured to run automatically every time when Windows starts. Once running, the rogue will imitate a system scan and report legitimate Windows files and not existing files as infections that will not be fixed unless you first purchase it. Of course, this is a scam, because Antivir 2010 is unable to detect or remove any infections. Important to know, all of these infections are fake, so you can safely ignore the false scan results.
What is more, Antivir 2010 may block the ability to run some programs as an attempt to scare you into thinking that your computer in danger. The following warning will be shown when you try to run the Notepad:
Antivir Resident Shield: Virus Detected
Warning! Active virus detected
Infected file: C:\Windows\System32\notepad.exe
While Antivir 2010 is running, it will flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. Some of the alerts:
Trojan:W32/Inject Activity Detected
Trojan:W32/Inject is a large family of malware that secretly
makes changes to the Windows Registry. Variants in the
family make also makes changes to other running processes.
Attention! Threats found!
Attention! 27 threats found!
Last but not least, the same trojan that installs Antivir 2010, will also install a malicious add-on to Internet Explorer. The addon will hijack Internet Explorer so that it will randomly show a warning page with the “Warning! Visiting this site may harm your computer!” header.
However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of Antivir 2010. You should ignore all of them! If you find that your system is infected with this malware, then most importantly, do not purchase it. Use the removal guide below to remove Antivir 2010 from your computer for free.
More screen shoots of Antivir 2010
Symptoms in a HijackThis Log
O2 – BHO: &UpdateCheck.dll – {D34D56E9-B37B-4C37-A854-1AC144592D5C} – C:\WINDOWS\system32\UpdateCheck.dll
O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe
Use the following instructions to remove Antivir 2010 (Uninstall instructions)
Step 1. Disable malicious add-on.
Run Internet Explorer. Click Tools -> Manage Add-ons. You will see window similar to the one below.
Manage Add-ons
Select UpdateCheck.dll addon. Click disable, click OK and click OK to close Manage Add-ons window. Close Internet Explorer and run it once again.
Step 2. Remove Antivir 2010.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivir 2010 infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antivir 2010 removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Antivir 2010 creates the following files and folders
C:\Program Files\Common Files\Uninstall\AV
C:\WINDOWS\system32\UpdateCheck.dll
C:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
C:\Documents and Settings\Administrator\Desktop\Antivir.lnk
C:\Program Files\AV\antivir.exe
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Antivir 2010 creates the following registry keys and values
HKEY_CLASSES_ROOT\CLSID\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d34d56e9-b37b-4c37-a854-1ac144592d5c}
HKEY_CURRENT_USER\SOFTWARE\XML
HKEY_CURRENT_USER\Environment\evapp
HKEY_CURRENT_USER\Environment\evuninst
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av
Katlyn, you tried to boot your PC in Safe mode with networking and repeat the steps above ?