Antivir

Antivir Description


ScreenshotAntivir (not to be confused with Avira-brand products that share its name) is a fake anti-virus scanner from the same family as GreenAV, Total Security, Earth Antivirus, Eco Antivirus, E-Set Antivirus 2011 and Cyber Protection Center. Although Antivir will create a multitude of taskbar notifications and other pop-up-based alerts, the threat detection features that are advertised in these pop-ups are fraudulent, and Antivir is unable to detect or delete viruses. Since rogue anti-malware programs from Antivir’s family have been known to attack security and anti-virus programs, SpywareRemove.com malware researchers recommend that you consider any possibility of infection by Antivir as a high-level threat to your computer’s security. If you’ve purchased Antivir before realizing its true nature, it’s recommend that you take action to protect your credit card from other fraudulent transactions that may be attempted in the future.

Don’t Fall for Antivir’s Brand-Name Disguise


Antivir may use the name of a line of popular anti-virus products, but, unlike real AV applications, Antivir doesn’t have any of the security features that Antivir advertises. Rogue AV programs that piggyback off of the Avira brand have been known since at least 2010, and Antivir (along with its offshoot, Antivir 2010) is still being distributed as of 2012. Contact with Antivir may be precipitated by fake online scanners, Zlob Trojans that disguise themselves as updates for media players or drive-by-downloads from associated websites. Antivir’s primary symptom is the usage of a range of inaccurate warning messages that are used to make it appear as though multiple types of PC threats are assaulting your computer. Samples of some of Antivir’s alerts include the following:

Warning! Active Virus Detected!
Threat Detected: Backdoor.Poison.BQA
Infected file: [Random program file]
Action taken: Application Blocked
Description: This backdoor arrives as attachment to email messages spammed by another malware or malicious user. This is a backdoor component of the Darkmoon RAT (Remote Administration Tool), via this backdoor hackers attempt to control your PC.


Warning! Identity theft attempt detected!
Attacker IP: [Random IP address]
Attack Target: Microsoft Corp.
DOWNLOAD NOW

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Keys
Description: Remote host tries to get access to your personal information.


Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.


Warning!
Virtumonde is an adware program that tends to monitor your Internet browsing habits and may display targeted advertisements onto your computer screen. Virtumonde may also create a malicious DLL file in order to log your keystrokes and send the recorded information to a third party website. Virtumonde is an unwanted application and recommended to be removed.


Antivirus software alert
Infiltration alert
Your computer is being attacked by an Internet virus. It could be password-stealing attack, a Trojan-dropper or similar.


Warning! New virus detected!
Threat Detected: Keylogger.iSnake.Pro
Infected File: C:\WINDOWS\system32\asr_ldm.exe


Since these errors are only useful to Antivir’s criminal maintainers by allowing them to hawk their non-functional AV program in a semi-convincing manner, you should ignore all of Antivir’s fraudulent virus detection pop-ups and avoid following their recommendations. Other problems with your PC are likely to be derived from Antivir itself or a related form of malicious software (such a Trojan or rootkit that installed Antivir in the first place).

Taking Antivir Down a Peg Before It Does the Same to Your Real Anti-virus Software


Besides creating fake alerts as part of its scam to make you buy it, Antivir may also attempt to overwrite the .exe files of your real security programs. PC threats from Antivir’s family (identified as Win32/FakeXPA) have been known to attack Avast, AVG, Kaspersky, McAfee and Norton brands of anti-malware software. If any of your programs have succumbed to this attack, the actual program files have been damaged, and SpywareRemove.com malware researchers recommend that you either reinstall the program or install another brand of anti-malware scanner that will not be targeted by Antivir. It should be noted that this attack can only affect files on hard drives with the NTFS format.

Despite these attacks, Antivir can be removed by suitable anti-malware applications, and SpywareRemove.com malware experts discourage any other means of deleting Antivir – particularly Antivir’s included uninstall utility, which will avoid removing all components of Antivir. In most cases, if you’ve given your credit card information to Antivir’s company, you should consider canceling the card to avoid future fraudulent transactions, which are common with companies that propagate scamware like Antivir.

Aliases


Packed.Win32.Krap.as [Kaspersky]Suspicious file [Panda]Suspicious.Insight [Symantec]Trojan.Win32.Generic.pak!cobra [Sunbelt]



Antivir Automatic Detection Tool (Recommended)


Is your PC infected with Antivir? To safely & quickly detect Antivir we highly recommend you run the malware scanner listed below.




Technical Details

Visual & GUI Characteristics

ScreenshotScreenshotScreenshotScreenshot

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 Antivir.exe 50
    2 %ProgramFiles%\AV\antivir.exe 159
    3 %ProgramFiles%\AntivirAV 103
    4 %UserProfile%\Start Menu\Programs\ANTIVIR Antivirus 106

Related Posts

Posted: November 30, 2009 | By
Share:
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 26

35 Comments

  • \\\\johnb says:

    Any new ideas on how to get rid of this rubbish .The people who produce or recommend should be SHOT at dawn,.Any help will be appreciated

  • caarudion prosine says:

    thank you very much

  • Kevin says:

    please keeping auto clean the Avira Antivir control center keep remove the vires clean off all times

  • DocW says:

    This thing wouldn’t let me close my account, either with the shutdown button or cntrl-alt-delete. Had to do a hard shutdown. Rebooted in SAFE MODE. Opened MSCONFIG, selective startup, startup & found it. a series of letters.exe in c:\users\(NAME)\appdata\local\temp. Unchecked the box & exited MSCOONFIG without restarting.. Deleted the file, then the folder & all superflous tmp files from around the time I caught this thing. Emptied the recycle bin and THEN rebooted. Seems to have worked. Just look for a wierd .EXE file that doesn’t belong.
    BTW I caught the thing on TORSKY.NET, a torrent site, when browsing. Didn’t even try to download anything. Not going there anymore.

  • Kevin says:

    It worked. Thank you very much. Thanks to the message from EDWIN Says:
    2011-02-18 11:02:14
    I HAD THE SAME PROBLEM….IF YOU HAE ANOTHER ACCOUNT TO LOG ON TO YOUR COMPUTER, LIKE “FAMILY” LOG OUT OF THE INFECTED ACCOUNT INTO ANOTHER ONE, SEARCH MSCONFIG FROM START MENU AND ENTER IT, HIT SELECTIVE START UP THEN HIT THE START UP TAB, LOOK FOR ANY STRANGE EXE. FILES….

    Also, note the path to the .exe file such as C:\users\….AppData\Local\Temp\vyyvv….
    After rebooting, Then use window explore browse to the .exe file such as orwoyvska.exe, then delete it.
    Remember to clean up Window Registry where it config the start of the orwoy.. file
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

  • EDWIN says:

    I HAD THE SAME PROBLEM….IF YOU HAE ANOTHER ACCOUNT TO LOG ON TO YOUR COMPUTER, LIKE “FAMILY” LOG OUT OF THE INFECTED ACCOUNT INTO ANOTHER ONE, SEARCH MSCONFIG FROM START MENU AND ENTER IT, HIT SELECTIVE START UP THEN HIT THE START UP TAB, LOOK FOR ANY STRANGE EXE. FILES OR PROGRAMS YOU DONT RECOGNIZE AND UNCHECK THEM, RESTART INTO THE ONCE INFECTED ACCOUNT, EVERYTHING SHOULD WORK NOW DO A COMPLETE VIRUS SCAN….ITS REALLY NOT DANGEROUS AS IT SEEMS, JUST AGGRAVATING BECAUSE IT COPIES ITS SELF TO ANY PROGRAM YOU TRY TO OPEN BUT IT IS A VIRUS…..ALSO WHEN YOU ARE IN START UP, WRITE DOWN THE PATH OF THE STRANGE EXE. FILE JUST INCASE IT DOES POP UP AND YOUR AV DOESNT FIND IT, YOU CAN DIRECT IT TO SCAN THAT FILE…HOPE THIS WORKS, IF ANYONE HAS ANY MORE SUGGESTIONS PLEASE NOTE THEM…THANKS

  • Fernando says:

    Many tks for your help

  • david says:

    i just scanned the whole computer with microsoft security esentialls, did a full scan and nothing came up….HELP

  • Wes says:

    I was trying to compare Avast with AVG when I heard of Antivir. The review I read said that Antivir is clearly better than the others.

    I looked further and found that some people think Antivir is malware which uses false scan results, fake security alerts and browser hijacking to scare you into thinking your PC is badly infected with all sorts of malware. You have to pay to fix them, only to find more during your next scan.

    Then I went to Wikipedia and read what Avira says about it. Avira says that in July 2010 “Antivir Solution Pro” was produced by AV Security Suite and has nothing to do with Avira. So its possible that Avira is in the clear. However, just to be safe, I’m going to avoid ANY Antivir.

  • tara warner says:

    plz plz plz HELP me just got a new wireless connect n this happened PLZ HELP ME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  • Maurice says:

    Hello,

    Is ANTIVIR antivirus the same thing as Avira Antivir? I ask because both have the same name “antivir”.

    Thanks for the reply.

  • Furo Iyenemi says:

    help remove virus on my computer

  • TLEE says:

    Let me be the first to leave a comment. I found the comments here to be very helpful. I had the exact issue mentioned here on this website. Thank you for helping me to fix it!!!

  • JazziePhazon says:

    Searched for ANTIVIR Antivirus and Antivir and got nothing. SpyHunter says I have threats though. HALP!

  • becky says:

    it seems to have updated itself since this was posted i got infected with it and have been cut off from all programs that can stop the false antivirus processes i can’t even run paint let alone a system restore.
    searching the files has proved useless i have even tryed looking for hidden files and zipped files but that turned up nothing. going through my hard drive manualy hasn’t turned up anything either.
    besides a forcefull crash to cause data loss i’m not sure what to do.

    if you have any further advice i would verry much like to hear it

    -becky

  • Bill Ashley says:

    My computer is infected with Antivir. The directions you listed for its removal seem to be out of date, none of the directories or files you mention exist on the infected computer except for the Start directory, which has no malware listed in it. The windows task manager operation is blocked (as are all the rest of the programs). About the only thing I can do with my computer is to navigate through the directories. It would seem the Antivir has evolved into a stealthier format. Can your Spyware Removal program remove this new version of Antivir??

  • kate says:

    I performed the scan and I thought it worked great but the next day it returned. I would like to know if there is a website that it is attached to that is causing it to reinfect my machine. Will I have to debug my machine everyday? Is there another scan that I should do to make it more complete?

  • Joel Van Valin says:

    Using Windows XP version 5.1. I had to deal with the AntiVir malware today and got rid of it, but the manual solution you listed were not useful. The malware in my case was ahcpxoctssd.exe and located in Local Settings\\\\Application Data\\\\bsnxsames. I suspect the malware changes its executable name often.

    Here is a better way to find it:
    Do a search in Windows for all files with \\\”.exe\\\” and a modify date that is on or after the date the pop-ups first started appearing. Look at the .exe files found and if one looks fishy, delete it. It may prevent you from deleting it because it is running … and it also blocks the Task Manager from loading. In that case, do a reboot, and very quickly (beore the process can start) open Task Manager. Delete the file in Explorer. If it can\\\’t be deleted because it is running, end the process in Task Manager and then removed it. Worked fine for me!

  • castleboomer says:

    Just Antivir on my daughter’s windows 7 computer. It appears to be a newer incarnation which doesn’t follow the above pattern to remove. antivir has been named to ryqukxqtssd.exe and is tucked into the users AppData\Local directory. On her system the directory was named lbqffbfqh which is most likely generated. The name appears to be auto generated as well. I was able to identify the exe by clicking on the notification area icons properties screen. This showed the relationship to Antivir and the ryqukxqtssd.exe file. Using a command window I was able to remove the exe. I then tried to find antivir in the registry but nothing then searched for ryqukxqtssd and found entries in five different places then deleted them.

    Castleboomer

  • jack says:

    i cant get this of my other computer also i keeps bringing up porno websites and viagra website

  • Dan says:

    I seem to have the Antivir virus but unlike your examples and solutions there is no file or folder actually called ‘Antivir’ on my computer. Not only that but the normal solution everyone suggests, downloading and installing anti malware software, doesn’t work since the virus won’t let me run any executables (even command line programs like regedit won’t run). Whenever I attempt to I get an error message saying the file is infected and nothing else happens.

    I did find a weird folder with an .exe file that was dated about the same time as the problems started. The folder is ‘asyoqklnd’ and the file is smxhmfmtssd.exe. I’m assuming those names are just randomly created when the virus infects the computer. When I try to delete them I get a message stating that I don’t have permission.

    Any suggestions?

  • Aberra says:

    my anti virus is fake

  • Aberra says:

    ANTVIRUS IS FAKE

  • nicolas simpson says:

    HELP ME REMOVE THIS PROGRAM FROM MY COMPUTER

  • kirti says:

    I WANT TO UNINSTALL ANTIVIR 2010

  • anna says:

    I hope it’s gone, thank you.

  • Antivir Hater says:

    I got antivir it was horrible!!!!! I removed it by:
    1. Go to Documents
    2. Press CONTROL F, that to do a search of course
    3. Search “exe”, that searches for all the executable files
    4. Manually looking for anything named Antivir
    5. I deleted that file, emptied out the recycling bin
    6. Reboot computer

  • juan perez says:

    THANK YOU FOR HELPING ME

  • gary says:

    Regarding Step 2; only one registry existed. Is it possible that the names have changed?

    Regarding Step 3; I could not unregister UpdateCheck.dll. I got the message “Access Denied”

    Regarding Step 5; I don’t understand this list.; i.e. there’s only one file called antivir.exe. And I did in fact delete it

  • Barbara Hogan says:

    P;ease remove this horrible thing off my computer

  • john says:

    my computer is infected with platinumantivir icant get any program to work not even task manager i cant get online

  • Ray says:

    Is this the same Antivir that is a recommended copyrighted download on cnet by Avira GmbH ? (Avira AntiVir Personal)

  • Sim 1 says:

    trying to help my friend remove antivir but i could not find this registry key: HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
    is it possible that they changed the name

  • karem says:

    HOPE THIS WORK TO ERASE THIS FREAKING SOFTWRE

  • Roxas (My False name for privacy) says:

    This Antivir is bothering me and will not leave my computer i grabbed it and dragged it into the recycling bin and deleted it. And its back and wont let me open things… Its interfering with the computer. Its causing me to take drastic measures of wanting to break the computer. It interupts my computer when im not even coneected. Its Annoying and i want the thing gone!!!
    Please help… i dont understand these steps!

Leave a Reply

What is 10 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)