Home Malware Programs Rogue Anti-Spyware Programs Antivirii 2011

Antivirii 2011

Posted: December 11, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 44
First Seen: December 12, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

Antivirii 2011 Screenshot 1Antivirii 2011 is a fake anti-virus product that's built to display inaccurate warnings and scanner results. These fraudulent features allow Antivirii 2011 to imitate the appearance of a real AV program, including making periodic requests that you spend money on its 'full' version, without providing any form of actual anti-virus protection. Because Antivirii 2011 is a relatively simplistic form of scamware that can be noticed due to the questionable believability of its scanner results, you shouldn't have any problems identifying Antivirii 2011 as a rogue anti-virus application instead of a real one. However, SpywareRemove.com malware researchers recommend that you remove Antivirii 2011 as soon as possible, since Antivirii 2011 and related types of PC threats may also create additional security risks, such as redirecting your web browser or blocking security-related software.

Antivirii 2011 – a Last Huzzah for Amateur Scamware in 2011

Antivirii 2011 was first identified as a PC threat from the FakeSpyPro family in early December of 2011 – which is no surprise, since the kit that was used to develop Antivirii 2011 was itself released only the month before that. As one of potentially many products designed by Napalm Rogue Builder, Antivirii 2011 may have the appearance of an anti-virus program, but its features are totally-fraudulent and should be disregarded as misleading and potentially dangerous for your PC. As a fairly-simple type of rogue AV program, Antivirii 2011 can be identified by its usage of a generic shield icon with a checkered blue-and-yellow pattern, as well as by a small magenta pixel-based blemish on its upper-left corner.

However, as is true of other types of rogue anti-virus applications, SpywareRemove.com malware analysts note that Antivirii 2011's primary trait is its ability to pretend to scan your PC and return results that lack any basis in reality. Antivirii 2011 may tell you that Antivirii 2011 is scanning your PC or even that it's found backdoor Trojans, worms or adware, but Antivirii 2011 is incapable of detecting or deleting real PC threats of any kind. These fake AV simulations have no point beyond being an excuse for Antivirii 2011 to request your credit card information in a purchase form, which is, obviously, not a safe course of action for your computer.

Starting Off the New Year without Antivirii 2011's Fake AV Services

Although Antivirii 2011 and other types of NRB scamware haven't been noted to have any other capabilities, PC threats (such as Trojan droppers) that are commonly-installed alongside Antivirii 2011 and other types of rogue anti-virus programs may engage in other attacks. Some issues that you may struggle with prior to removing Antivirii 2011 can include:

  • Browser redirects to malicious sites (particularly sites that are associated with Antivirii 2011 or other forms of scamware).
  • Unrelated programs that crash for no obvious reason. SpywareRemove.com malware researchers note that this can, in most cases, be remedied by running the appropriate program from Safe Mode.
  • The appearance of desktop images that display warning messages about illegal files or high-level PC threats on your computer.

Other family members of Antivirii 2011 include Spyware Protect 2009, Antivirus System Pro, Security Central, Antivirus Soft, Antivirus Suite, AntiSpyware Soft, Antivir Solution Pro, Security Suite, Malware Destructor 2011, Antivirus Scan, Antivirus Action, PC Security 2011, Antivirus .NET, AntiVira Av, AntiMalware GO, Antivirus Monitor and AnVir Security Suite.

Antivirii 2011 Screenshot 2Antivirii 2011 Screenshot 3Antivirii 2011 Screenshot 4Antivirii 2011 Screenshot 5Antivirii 2011 Screenshot 6Antivirii 2011 Screenshot 7Antivirii 2011 Screenshot 8Antivirii 2011 Screenshot 9

Aliases

Suspicious file [Panda]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%WINDIR%\czwcldnm.exe File name: czwcldnm.exe
Size: 1.03 MB (1034752 bytes)
MD5: 7a536041421c2054abeab3047643238c
Detection count: 58
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: December 12, 2011
C:\Documents and Settings\<username>\Documenti\Download\***s Rogue Pack\***'s Rogue Pack\AntiVirii2011.exe File name: AntiVirii2011.exe
Size: 1.03 MB (1038056 bytes)
MD5: 97b7917e777dc99357751f3449b4e451
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: C:\Documents and Settings\<username>\Documenti\Download\***s Rogue Pack\***'s Rogue Pack\AntiVirii2011.exe
Group: Malware file
Last Updated: August 17, 2022
%WinDir%\antivirii\exe File name: %WinDir%\antivirii\exe
Group: Malware file
C:\WINDOWS\system32\antivirii.exe File name: C:\WINDOWS\system32\antivirii.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\system32\[RANDOM CHARACTERS].exe File name: C:\WINDOWS\system32\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Windows%\antivirii.exe File name: %Windows%\antivirii.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Security"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger"
Loading...