Antivir (not to be confused with Avira-brand products that share its name) is a fake anti-virus scanner from the same family as GreenAV, Total Security, Earth Antivirus, Eco Antivirus, E-Set Antivirus 2011 and Cyber Protection Center. Although Antivir will create a multitude of taskbar notifications and other pop-up-based alerts, the threat detection features that are advertised in these pop-ups are fraudulent, and Antivir is unable to detect or delete viruses. Since rogue anti-malware programs from Antivir’s family have been known to attack security and anti-virus programs, SpywareRemove.com malware researchers recommend that you consider any possibility of infection by Antivir as a high-level threat to your computer’s security. If you’ve purchased Antivir before realizing its true nature, it’s recommend that you take action to protect your credit card from other fraudulent transactions that may be attempted in the future.
Don’t Fall for Antivir’s Brand-Name Disguise
Antivir may use the name of a line of popular anti-virus products, but, unlike real AV applications, Antivir doesn’t have any of the security features that Antivir advertises. Rogue AV programs that piggyback off of the Avira brand have been known since at least 2010, and Antivir (along with its offshoot, Antivir 2010) is still being distributed as of 2012. Contact with Antivir may be precipitated by fake online scanners, Zlob Trojans that disguise themselves as updates for media players or drive-by-downloads from associated websites. Antivir’s primary symptom is the usage of a range of inaccurate warning messages that are used to make it appear as though multiple types of PC threats are assaulting your computer. Samples of some of Antivir’s alerts include the following:
Warning! Active Virus Detected!
Threat Detected: Backdoor.Poison.BQA
Infected file: [Random program file]
Action taken: Application Blocked
Description: This backdoor arrives as attachment to email messages spammed by another malware or malicious user. This is a backdoor component of the Darkmoon RAT (Remote Administration Tool), via this backdoor hackers attempt to control your PC.
Warning! Identity theft attempt detected!
Attacker IP: [Random IP address]
Attack Target: Microsoft Corp.
Description: Remote host tries to get access to your personal information.
Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.
Virtumonde is an adware program that tends to monitor your Internet browsing habits and may display targeted advertisements onto your computer screen. Virtumonde may also create a malicious DLL file in order to log your keystrokes and send the recorded information to a third party website. Virtumonde is an unwanted application and recommended to be removed.
Antivirus software alert
Your computer is being attacked by an Internet virus. It could be password-stealing attack, a Trojan-dropper or similar.
Warning! New virus detected!
Threat Detected: Keylogger.iSnake.Pro
Infected File: C:\WINDOWS\system32\asr_ldm.exe
Since these errors are only useful to Antivir’s criminal maintainers by allowing them to hawk their non-functional AV program in a semi-convincing manner, you should ignore all of Antivir’s fraudulent virus detection pop-ups and avoid following their recommendations. Other problems with your PC are likely to be derived from Antivir itself or a related form of malicious software (such a Trojan or rootkit that installed Antivir in the first place).
Taking Antivir Down a Peg Before It Does the Same to Your Real Anti-virus Software
Besides creating fake alerts as part of its scam to make you buy it, Antivir may also attempt to overwrite the .exe files of your real security programs. PC threats from Antivir’s family (identified as Win32/FakeXPA) have been known to attack Avast, AVG, Kaspersky, McAfee and Norton brands of anti-malware software. If any of your programs have succumbed to this attack, the actual program files have been damaged, and SpywareRemove.com malware researchers recommend that you either reinstall the program or install another brand of anti-malware scanner that will not be targeted by Antivir. It should be noted that this attack can only affect files on hard drives with the NTFS format.
Despite these attacks, Antivir can be removed by suitable anti-malware applications, and SpywareRemove.com malware experts discourage any other means of deleting Antivir – particularly Antivir’s included uninstall utility, which will avoid removing all components of Antivir. In most cases, if you’ve given your credit card information to Antivir’s company, you should consider canceling the card to avoid future fraudulent transactions, which are common with companies that propagate scamware like Antivir.
Packed.Win32.Krap.as [Kaspersky]Suspicious file [Panda]Suspicious.Insight [Symantec]Trojan.Win32.Generic.pak!cobra [Sunbelt]
Antivir Automatic Detection Tool (Recommended)
Is your PC infected with Antivir? To safely & quickly detect Antivir we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Antivir What happens if Antivir does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 Antivir.exe 50 2 %ProgramFiles%\AV\antivir.exe 159 3 %ProgramFiles%\AntivirAV 103 4 %UserProfile%\Start Menu\Programs\ANTIVIR Antivirus 106
- 'Download Google Chrome' Search Results May Lead to Malware
- ‘You Are Invited To Our Wedding’ Spam Campaign Unleashes Trojan.Win32.Kuluoz Malware
- Aggressive Botnet Spreads Via Facebook Chat, Skype and other Popular IM Services
- Android Smart Phones Become Brunt of ‘Work at Home Virus’ (Loozon/FinFisher Trojan) Attack
- AntiVirGear Removal Instructions
Posted: November 30, 2009 | By SpywareRemove
Rate this article: