How to remove AntiVirus System 2011 (Uninstall instructions)

AntiVirus System 2011 is a new rogue antivirus program from the same malware family as Security Inspector 2010, AntiVirus Studio 2010, Desktop Security 2010, etc. Like other similar programs, the rogue displays false information, detects fake infections in order to trick you into thinking your computer in danger. The fake antivirus will say that all you have to do in order to remove viruses, malware and trojans is purchase its full version. Important to note, the program is unable to detect and remove any malware and viruses, so do not pay for the bogus software! Simply ignore all that it will display you and remove AntiVirus System 2011 from your PC as quickly as possible!

AntiVirus System 2011 is usually installed onto a computer without permission and knowledge through the use of trojans. Once started,the rogue registers itself in the Windows system registry to run automatically every time, when PC starts. Immediately after launch, this malware will imitate a system scan and report a lot infections that can not be removed unless you pay for its paid version. Of course, all of these infections are a fake and do not actually exist on your computer. So, you can safety ignore the false scan results.

While AntiVirus System 2011 is running, you will be shown a lot of popups, nag screens and fake security alerts, that states that your computer is infected and offering to buy or activate the full version of the fake antivirus. Some of the alerts are:

System critical warning!
You have been infected by a proxy-relay trojan server

Warning! System Under Attack
Threat detected: Worm

Your computer might be at risk
Antivirus detects viruses, worms, and Trojan horses. They
can (and do) destroy data, format your hard disk or can
destroy the BIOS. By destroying the BIOS many times you
end up buying a new motherboard or if the bios chip is
removable then that chip would need replacing

Of course, like false scan results above, all of these alerts and warnings are just a fake. It is an attempt to make you think your computer is infected with all sorts of malicious software. Like false scan results you can safely ignore them.

As you can see, AntiVirus System 2011 is a scam. Most importantly, do not purchase it! Instead of doing so, follow the removal instructions below in order to remove AntiVirus System 2011 and any associated malware from your computer for free.

Symptoms in a HijackThis Log

O4 – HKCU\..\Run: [AntiVirus System 2011] “C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe” /STARTUP
O4 – HKCU\..\Run: [Security Manager] C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\securitymanager.exe
O4 – HKCU\..\Run: [{RANDOM}.exe] C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\securityhelper.exe

Automatic removal instructions for AntiVirus System 2011

1. Reboot your computer in Safe mode with networking

Restart your computer.

After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.

Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.

Windows Advanced Options menu

When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.

Step 2. Stop AntiVirus System 2011 from running

Download HijackThis from here and save it to your Desktop. If you cannot run HijackThis, then re-download it, but before saving HijackThis.exe in the Save dialog, rename it first to explorer.exe and click Save button to save it to desktop.

Run HijackThis. Click “Do a system scan only” button. Now select the following entries by placing a tick in the left hand check box, if present:

O4 – HKCU\..\Run: [AntiVirus System 2011] “C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe” /STARTUP
O4 – HKCU\..\Run: [Security Manager] C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\securitymanager.exe
O4 – HKCU\..\Run: [{RANDOM}.exe] C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\securityhelper.exe

Make sure your Internet Explorer and any other browsers and programs are closed, then click Fix Checked. Close HijackThis.

Step 3. Remove AntiVirus System 2011 associated malware

Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.

MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.

As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.

Malwarebytes Anti-Malware Window>

Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for AntiVirus System 2011 infection. This procedure can take some time, so please be patient.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove AntiVirus System 2011. MalwareBytes Anti-malware will now remove all of associated AntiVirus System 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

AntiVirus System 2011 removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

AntiVirus System 2011 creates the following files and folders

%AppData%\AntiVirus System 2011\AntiVirus_System_2011.exe
%AppData%\AntiVirus System 2011\securitymanager.exe
%AppData%\AntiVirus System 2011\securityhelper.exe
%Temp%\winlogoff.exe
%Temp%\wrfwe_di.exe
C:\Documents and Settings\Username\Start Menu\Programs\AntiVirus System 2011\Activate AntiVirus System 2011.lnk
C:\Documents and Settings\Username\Start Menu\Programs\AntiVirus System 2011\AntiVirus System 2011.lnk
C:\Documents and Settings\Username\Start Menu\Programs\AntiVirus System 2011\Help AntiVirus System 2011.lnk
C:\Documents and Settings\Username\Start Menu\Programs\AntiVirus System 2011\How to Activate AntiVirus System 2011.lnk
C:\Documents and Settings\Username\Start Menu\Programs\AntiVirus System 2011.lnk

AntiVirus System 2011 creates the following registry keys and values

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus System 2011
HKEY_CURRENT_USER\Software\AntiVirus System 2011
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | pbavwturwm4e = “%AppData%\AntiVirus System 2011\securityhelper.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus Studio 2010 = “”%AppData%\AntiVirus System 2011\AntiVirus_System_2011.exe” /STARTUP”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Manager = “%AppData%\AntiVirus System 2011\securitycenter.exe”