Remove Antivir, Antivir Removal Instruction
By Jason on November 27, 2009 | Rogue Antispyware, Antivir, Anti vir, Remove Antivir
Antivir is a malicious tool trying to present itself as a legitimate system security program. However, it seems that Antivir is not able to do its job very well. It tries to look like a part of the Windows security center, but its not very convincing. System scans and warning messages look very poor and are not likely to trick a lot of users.
However, Antivir is still an application that should be avoided as it is also a malware which might cause some security troubles. Antivir is distributed online at a number of websites that use trojans to download and install Antivir without the user's notice. As Antivir enters the system it tries to sell its “full” software. It may also hijack the web browser and stop actual security software from working. So the best thing to do is to remove Antivir if it appears on your computer.
New processes created
antivir.exe Learn how to remove malicious processesNew Antivir registry entries created
HKEY_CURRENT_USER\Software\EVAACDHKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinNT-EVI 25.11.2009" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Start Menu\AVc:\Documents and Settings\All Users\Start Menu\AV\Antivir.lnk
c:\Documents and Settings\All Users\Start Menu\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
c:\Program Files\AV
c:\Program Files\AV\antivir.exe
c:\Program Files\Common Files\Uninstall
c:\Program Files\Common Files\Uninstall\AV
c:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
c:\WINDOWS\system32\UpdateCheck.dll Learn how to unregister malicious DLL files
Symptoms in a Hijackthis log
O2 - BHO: &UpdateCheck.dll - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\WINDOWS\system32\UpdateCheck.dllO4 - HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe
How to remove Antivir
To remove Antivir manually you must block rogue Antivir related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Antivir files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.
Scan your computer
More Rogue Antispyware news
Windows 7 Antispyware 2012 removal tutorial
Windows 7 Antispyware 2012 is a fake computer protection application which spreads via trojan horse and is a copy of Win 7 Antispyware 2012 scam as well. The parasite is distributed online and is usually difficult to avoid if one does not employ reputable security service. Once installed it will display false system security warnings and the will prompt you buy a "full" version of this program to remove threats that don't even exist. For example:Malware Intrusion! Read more.- Remove WinMaximizer fraud
- Slow-PCFighter uninstall guide
- How to remove AV Security Essentials malware?
- Remove Smart Anti-Malware Protection fraud
- Remove Malware Protection Center fraud
- Remove Antivirus Smart Protection scam
- Remove Internet Security 2012 fraud
- Remove Smart Internet Protection 2012 malware
- Smart Protection 2012 uninstall guide
- Internet Security Guard removal tutorial
