Tuesday, August 3, 2010

How to remove Antivirus (AnVi) malware (Uninstall Instructions)

Don't Copy From This Blog...

Protected by Copyscape Plagiarism Detection
Here's another rogue program with an original name: Antivirus. Actually, it's from the same family as Protection Center, Data Protection and Digital Protection scareware. The rogue program is installed through the use of Trojan Horses and other malware that come from shady or infected websites or through software vulnerabilities. You can use Secunia Online Software Inspector to make sure that your PC has a minimum security baseline against known patched vulnerabilities. Once installed, Antivirus will state that your computer has been infected with Trojans, adware, spyware, worms, tracking cookies and other malicious software. Then it will prompt you to pay for a full version of the program to remove the infections. Don't buy it! Instead, please follow the removal instructions below to remove Antivirus from your computer for free either manually or with legitimate anti-malware software.



Antivirus (AnVi) video (thanks to rogueamp):


While Antivirus is running it will attempt to uninstall your anti-virus or anti-spyware program from the system. It will also block all the other legitimate anti-malware programs and security websites. The rogue program does this in order to protect itself from being removed. What is more, Antivirus (AnVi) may come bundled with TDSS rootkit which usually redirects Google searc results to entirely unrelated websites. Most of the time, those website promote rogue products or provide false information, spam and etc. And of course, you wouldn't imagine a rogue anti-spyware program without a bunch of fake security warnings a pop-ups claiming that your computer is seriously infected or under attack from a remote computer. The text of some fake security alerts are:

"Warning! Virus threat detected!
Virus activity detected!
Net-Worm.Win32 has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat."





It goes without saying that should uninstall Antivirus from your computer as soon as possible. If you have already purchased it then you should contact your credit card company immediately and dispute the charges. Then please follow free Antivirus removal instructions below. If you have a redirect virus alongside this rogue program, please use free TDSSKiller utility from Kaspersky lab. Also, your comments are more than welcome. Good luck and be safe!


Antivirus removal instructions (in Safe Mode with Networking, Method 1):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download SUPERAntispyware, MalwareBytes Anti-malwareSpybot - Search & Destroy or Spyware Doctor and run a full system scan. NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning. Then reboot your computer in "Normal Mode" and run  a system scan again. That's it!
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Antivirus removal instructions: (Method 2)

1. Download TDSSKiller.exe from Kaspersky website.
2. Execute the file TDSSKiller.exe (NOTE: you may have to rename TDSSKiller.exe to explorer.com yourself or download already renamed explorer.com file in order to run it)
3. Follow the prompts and wait for the scan and disinfection process to be over.
More detailed TDSSKiller tutorial: http://support.kaspersky.com/viruses/solutions?qid=208280684
4. Download one of the following anti-malware software and run a full system scan:
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Antivirus associated files and registry values:

Files:
  • C:\Program Files\AnVi\about.ico
  • C:\Program Files\AnVi\activate.ico
  • C:\Program Files\AnVi\avt.db
  • C:\Program Files\AnVi\avt.exe
  • C:\Program Files\AnVi\avtext.dll
  • C:\Program Files\AnVi\avthook.dll
  • C:\Program Files\AnVi\buy.ico
  • C:\Program Files\AnVi\help.ico
  • C:\Program Files\AnVi\scan.ico
  • C:\Program Files\AnVi\settings.ico
  • C:\Program Files\AnVi\splash.mp3
  • C:\Program Files\AnVi\Uninstall.exe
  • C:\Program Files\AnVi\update.ico
  • C:\Program Files\AnVi\virus.mp3
Registry:
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
Please share this information with other people:

0 comments:

Post a Comment

 
//PART 2