AntiVira Av is a fake security program that blocks Windows legitimate applications, hijacks Internet Explorer, displays false information that your computer is infected with viruses, trojans and malware.The software pretends to be a legitimate antivirus but, in reality, it is a totally scam. AntiVira Av is a malicious program from the same family of malware as Antivirus .NET, Antivirus Scan and Antivirus Action. It is unable to detect and remove any infections! The program “detects” numerous false infections in order to trick you into purchasing so-called full version of the software. Thus, do not pay for AntiVira Av, simply ignore all that the bogus software will display you.
Like other fake security software, the authors of AntiVira Av use various misleading methods to distribute their bogus software, e.g. trojans, various misleading programs, social networks (Twitter, Facebook, etc) and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your computer. Remember that the rogue is a highly dangerous application and you need remove AntiVira Av as soon as possible!
During installation, the rogue will be configured to start automatically when Windows loads. Once AntiVira Av is started, it will simulate a system scan and state that your computer is infected with a lot of viruses. The rogue will prompt you to purchase a full version of the program to fix supposedly found infections. Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that AntiVira Av gives you.
While AntiVira Av is running, it will flood your computer with warnings and fake security alerts. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
INFILTRATION ALERT
Your computer is being attacked by a Internet
Virus. It could be a password stealing attack, a
trojan – dropper or similar.
Moreover, AntiVira Av will hijack Internet Explorer so that it will randomly show a warning page which states:
Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer
Of course, like false scan results above, all of these alerts are just a fake. All of them are created in order to convince you that you must purchase the full version of AntiVira Av and, thus, fix the entire system. So, you can safely ignore the fake warnings and alerts.
As you can see, all AntiVira Av does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove AntiVira Av and any associated malware from your computer for free.
Automatic removal instructions for AntiVira Av
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Reset Internet Explorer Proxy options
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 3. Stop AntiVira Av from running
Download HijackThis from here. Run it and click Scan button. Look for lines that looks like:
O4 – HKCU\..\Run: [{RANDOM}] {PATH}\Temp\{RANDOM}.exe
Example:
O4 – HKLM\..\Run: [cudpdogk] c:\docume~1\user\locals~1\temp\akotrowvc\bcgcihiagnz.exe
O4 – HKCU\..\Run: [cudpdogk] C:\Users\User\AppData\Local\akotrowvc\bcgcihiagnz.exe
Note: list of infected items may be different. If you unsure, then check it in Google. Skip this step, if you does not find any malicious lines.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 4. Remove AntiVira Av associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove AntiVira Av. MalwareBytes Anti-malware will now remove all of associated AntiVira Av files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
AntiVira Av removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
AntiVira Av creates the following files and folders
%Temp%\{RANDOM}\
%Temp%\{RANDOM}\{RANDOM}.exe
AntiVira Av creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter | “Enabled” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyServer” = “http=127.0.0.1:18215”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “ProxyEnable” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
Warrick and Nikki, try the following in Normal mode:
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe
Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog.
Run HijackThis. Click Scan button. Select entries that looks like:
Example:
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Reboot your computer.
Go to step 4 above.
Andrew, ask for help in our Spyware removal forum.
wow! you guys are awesome! the steps worked and I couldn’t be more appreciative! i can’t wait to tell everyone about your website!
Thank you so much. It worked perfectly.
Jonathan
WOW!!!! Appreciate the step by step instructions to remove this POS virus. Thanks a ton.
So in the hijackthis program, is it only the HKCU and HKLM entries that should be deleted? What about HKUS?
Thanks!
Wow! I searched on the internet for 2 hours when my laptop got infected with the antivira-av virus. Found you guys and followed instructions and wow, nasty virus all gone! Thank you so so much! I will purchase the anti malware you suggested. My only question is if I need to go back into IE to lan settings and make any changes.
Thanks again!
I tried the malware fix above, but upon reboot, the virus alert keeps coming up again..!! Aaarrggghhh!! Plus it will not allow me to re-launch the malware fix program..
How else can I resolve this nightmare?
Thanks so much
well this will be the second time this site has saved my computer
Becky, if you have found some HKUS malicious entries, then fix them too. If you unsure, then ask for help in our Spyware removal forum.
Donna Gallegos, NO. You can use your current settings.
Chris, probably your computer is infected with a trojan that reinstalls the rogue. Open a new topic in our Spyware removal forum. I will help you to remove the rogue.
Im really confused with Step 3. The examples you mentioned dont make any sense to me, so I dont know what to remove at all. Could someone please explain this a bit more 🙂
My PC running Windows XP (with all updates) has this problem on one (non-administrator) account. I know where the malicious .exe file is located. I tried the process set out above, but Windows won’t boot in Safe Networked mode. While all the safe options are discplayed, when a safe mode is selected the machine runs for afew seconds then a message appears saying that it cannot run in Safe Mode possibly due to a recent hardware or softrware change. Anyone have a solution to this?
My computer didn’t come up with any of those register keys or values. 🙁 so now what?
Thanks a million. It took me hours to took this infection out and could not do it. It took me a few minutes from your instruction. Without you, I really don’t know what to do. Thank you very much.
AntiVira AV got into my PC when I tried to update definitions from AdAware!
The only way to stop it recurring was to uninstall AdAware.
Ironic that a trusted malware detector should carry this problem.
i can not change the name from you hijackthis.exe to iexplore.exe in the save box, what do I do?
?4u please. Accessing this info from my laptop.I had to download info ( HiJackThis)to my home infected PC thru a memory stick Everytime I click on anything another alert pops up .Any further advice Thanks
I can’t get rid of this stupid AntiVira… I can’t launch explorer or any other program so I am at a loss for a way to get rid of this!!
Thank you so much for this!! this is awesome. should i keep the malwarebytes and the hijackthis programs on my computer tho??
thank you so much!!!! i couldn’t do anything on my computer!!!
This site helped so much!! I was able to get my computer working back to normal within half an hour. The only thing I did differently is I downloaded the programs before restarting and entering safe mode.
nice
PLEASSEEE. I cannot put my computer in Safe Mode. I have Windows XP. I have this crap in my computer (Antivira av). I tried the F8 key and it takes me to the Windows Advanced Options Menu. I chose the Safe Mode with Networking, also the Safe Mode and after scanning, it goes back to the option Start Windows Normally. I CANNOT GET INTO THE SAFE MODE. I have tried many times. Please, I need to start my computer in Safe Mode. If you can help me i will thank you forever because my dad is going to kill me!!!!
HOW TO START SAFE MODE IN WINDOWS XP TO REMOVE ANTIVIRA AV????
PLEASSEEE. I cannot put my computer in Safe Mode. I have Windows XP. I have this crap in my computer (Antivira av). I tried the F8 key and it takes me to the Windows Advanced Options Menu. I chose the Safe Mode with Networking, also the Safe Mode and after scanning, it goes back to the option Start Windows Normally. I CANNOT GET INTO THE SAFE MODE. I have tried many times. Please, I need to start my computer in Safe Mode. If you can help me i will thank you forever because my dad is going to kill me!!!!
kafa, ask for help in our Spyware removal forum.
Thanks for the fix – I was at my wit’s end! Thank you thank you thank you!! It works people – follow the directions exactly as they are listed!!
Great fix guys. Worked like a charm. Cannot thank you enough!
Thanks, this seemed to work… got really worried when I was having problems deleting the virus AppData/Local/[random]/[random].exe and it was blocking my task manager from running. whew… luckily i found this post.