Antivir Solution Pro is a new fake security tool from the same family of rogue antispyware programs as AV Antivirus Suite, AV Security Suite, Antispyware Soft, Antivirus Suite, etc. Like other rogues, the program is promoted and distributed with the help of trojans. When the trojan is activated, it will install this malware onto your computer and configure it to run automatically when Windows starts.
Once Antivir Solution Pro started, the rogue will perform a system scan and “detect” a lot of infected files, trojans, worms, and so on, that will not be fixed unless you first purchase the full version of the program. Of course this is not necessary. The scan results, as well as the “system scan”, is nothing but a scam. In reality Antivir Solution Pro cannot detect and remove any infections, as well as not be able to protect you from possible infections in the future. Thus, you can safely ignore all that the rogue antispyware will show you.
While Antivir Solution Pro is running, it will block the ability to run any programs as a method to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run a program:
Application cannot be executed. The file {program} is infected.
Do you want to activate your antivirus software now.
What is more, this malicious program will display a wide variety of alerts, reminders, security messages from Windows task bar that stats:
Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an
internet virus. It could be a password-stealing
attack, a trojan-dropper or similar.
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Windows Security alert
Application cannot be executed. The file {filename} is
infected.
Do you want to activate your antvirus software now?
In addition to the above-described, Antivir Solution Pro will hijack your Internet Browser by configuring it to use a malicious proxy server so, it will randomly show a warning page that stats “Internet Explorer Warning – visiting this web site may harm your computer!”. Do not trust the warnings, like false scan results, the malicious program uses them to scare you into thinking that your computer is infected with viruses and malware.
As you can see Antivir Solution Pro is a fraudulent program that you should to try to remove immediately after the discovery on the your computer. Do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove Antivir Solution Pro and any associated malware from your computer for free.
More screen shoots of Antivir Solution Pro
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Removal instructions for Antivir Solution Pro
Step 1.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;
When you finished, you will see a screen similar below:
Internet Explorer – Proxy settings
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 2.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe. Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog. If you still can not download the program, the repeat first step above.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Place a checkmark against each of lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
Once finished you will see a screen similar to the one below.
HijackThis
Note: list of infected items may be different. Template of the malicious entry:
Variant 1: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}.exe;
Variant 2: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}tssd.exe
Look for examples above. If you unsure, check them in Google.
Please be very careful, do NOT check any other boxes!. Once you have selected all entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.
Step 3.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antivir Solution Pro. MalwareBytes Anti-malware will now remove all of associated files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivir Solution Pro creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
Antivir Solution Pro creates the following registry keys and values
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable=”1″
I just got this today. thanks for the quick fix
it didn’t worked i did everythign as said except for the \
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
i didn’t had the last 2 boxes.. so ok i did that! and installed malware protection but when i tried to open it it said that it’s infected… any other way PLEASE HELP ME my email vkmicro AT yahoodotcom
I have not tried this yet, but I cannot run any .exe files. Will this process work for that?
Cant run Malwarebytes it says it is infected and just keeps going back to Antivir Solution Pro even though I followed all the instructions and renamed it
Many thanks, this fix worked perfectly.
micro, these lines above are an example. List of infected items may be different. Template of the malicious entry:
Variant 1: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}.exe;
Variant 2: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}tssd.exe
Look for examples above. If you unsure, check them in Google.
If you need a help,.please open a new topic in our Spyware removal forum.
Tim, try the steps above.
Lee, you have completed the step 2 ?
Thanks a lot, it worked perfectly !
Stupid fucking virus is blocking hijackme. Its opening porn. and im going to kill the mother fuckers who made the virus.
Cam, you have renamed HijackThis to iexplore before running ?
Thanks for the help; it worked perfectly. Still wondering where I got it from !
Hi thanks for all this it helped… one thing though what do i now do with malware bytes ? just keep it ?
Worked! Thanks, everyone!
THANK YOU SO GODDAMN MUCH! You didn’t tell me to buy anything, just told me how to fix it, then recommended that I buy some piece of software (which I might, and I never pay for software).
Patrik, you are the man
joe, of course you can keep Malwarebytes. It`s good and free malware remover.
Hi all, i runned all the steps mentioned and for a few moment the problem was gone. But when i tried to install a new antivirus system (NOD32 v4) the spyware came back? Do you have any suggestions? Thanks in advance!
There is a runDLL message that keeps coming up after I used the HijackThis, before I did the Malware scan. is that because I deleted something I wasn’t supposed to when i was using the HijackThis? Or is that normal procedure?
Virus is blocking HijackThis… and i have renamed the file.
Anyone has a suggestion ?
Hope this works, currently running scan – probably take anoher 30 mins. It is indicating infected objects but then so did Windows Defender but that didn’t work….watch this space!!!
Bas, probably your PC infected with a trojan that reinstall this malware. Start a new topic in our Spyware removal forum. I will help you.
Rachel,
Yes, it`s possible. Begin a new topic in our Spyware removal forum. I will help you.
polyp, check twice what name you used. It should be “iexplore.exe” w/o quotes.
Works perfectly. You guys know your stuff. Thanks
I did the steps again, and now all the problems are gone. Anyway thanks for the help!!
thanks for this it all worked, remember to take your time and follow instructions carefully, i have kaspersky and it didnt protect me against this. i had to download hijack tool on another machine and then transfer it to mine, as every thing was blocked on my machine.
I removed the spyware but my proxy is still messed up. I try to connect to the internet and it won’t let me (no fake messages, but actual firefox message saying proxy is not returning connection). I tried changing to auto proxy detection, no proxy and use system proxy. None work. Wireless network is working fine for other devices.
This worked a treat. Thank you very much for taking the time to put these instructions up!
Thanks for this. Works perfectly. It is good that there are people like you around.
Thank you very much for this insightful uninstall information.