Remove Antivir, Antivir Removal Instruction
By Jason on November 27, 2009 | Rogue Antispyware, Antivir, Anti vir, Remove Antivir
Antivir is a malicious tool trying to present itself as a legitimate system security program. However, it seems that Antivir is not able to do its job very well. It tries to look like a part of the Windows security center, but its not very convincing. System scans and warning messages look very poor and are not likely to trick a lot of users.
However, Antivir is still an application that should be avoided as it is also a malware which might cause some security troubles. Antivir is distributed online at a number of websites that use trojans to download and install Antivir without the user's notice. As Antivir enters the system it tries to sell its “full” software. It may also hijack the web browser and stop actual security software from working. So the best thing to do is to remove Antivir if it appears on your computer.
New processes created
antivir.exe Learn how to remove malicious processesNew Antivir registry entries created
HKEY_CURRENT_USER\Software\EVAACDHKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinNT-EVI 25.11.2009" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Start Menu\AVc:\Documents and Settings\All Users\Start Menu\AV\Antivir.lnk
c:\Documents and Settings\All Users\Start Menu\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
c:\Program Files\AV
c:\Program Files\AV\antivir.exe
c:\Program Files\Common Files\Uninstall
c:\Program Files\Common Files\Uninstall\AV
c:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
c:\WINDOWS\system32\UpdateCheck.dll Learn how to unregister malicious DLL files
Symptoms in a Hijackthis log
O2 - BHO: &UpdateCheck.dll - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\WINDOWS\system32\UpdateCheck.dllO4 - HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe
How to remove Antivir
To remove Antivir manually you must block rogue Antivir related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Antivir files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.
Scan your computer
More Rogue Antispyware news
Delete Windows Safety Maintenance fraud
Windows Safety Maintenance is a rogue anti-spyware program which spreads via trojan. Once the trojan is released Windows Safety Maintenance stars fake scans and shows fraudulent results. It puts many efforts in trying to trick user into believing their PC is infected. Read more.- System Protection Tools removal guide
- Windows Multi Control System uninstall guide
- How to remove Antispyware Pro 2012 fraud?
- Windows Advanced Security Center removal steps
- Windows Private Shield removal steps
- How to remove Windows Pro Safety fraud?
- Windows Pro Safety Release removal guide
- Delete Windows Safeguard Upgrade malware
- Windows Secure Surfer uninstall steps
- Windows Be-on-Guard Edition uninstall steps
