Home Malware Programs Rogue Anti-Spyware Programs Antivirus .NET

Antivirus .NET

Posted: January 25, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 820
First Seen: January 27, 2011
OS(es) Affected: Windows

ScreenshotAntivirus .NET is the next thieving assistant criminals have recruited to steal the livelihoods of careless computer owners. Antivirus .NET is a rogue scanner that imitates friendly functions to get you to lower your guard. Once trust is established, Antivirus .NET will then deliver false statements about system damage so that you'll throw your money away buying its supposedly more potent full version. Antivirus .NET's messages are deceitful in nature; its very presence is a threat to your computer. Don't hesitate to uninstall it and any accompanying malware.

Antivirus .NET may also go by the slight variation name of Antivirus.NET, but those looking with a broader eye will spot strong similarities to other preexisting rogue scanners. In functionality and its preferred methods for shaking down the computer user, Antivirus .NET is all but identical to slightly older rogue programs such as AV Security Suite, System Tool 2011, Antivirus Scan, Antivirus Action, and Security Shield 2010. Only the appearance is significantly altered, to cause innocent computer users to think it's a completely unrelated piece of software! A generalized understanding of the warning signs will let you dodge not just Antivirus .NET infections but many similar rogue infections as well.

The Problems Antivirus .NET Causes

Antivirus .NET will usually enter into the system at first through a stealthy Trojan infection, as is typical for rogue anti-virus programs. Alternately, it may also be embedded in malicious ads online, which can install the rogue anti-virus program after a simple click. Once this 'trial' version is installed and running, Antivirus .NET will engage in a number of actions that are both unprofessional and will directly threaten the safety of your computer. Other problems Antivirus .NET creates on the PC:

  • Antivirus .NET will disable the proper running of many different programs, including such harmless ones as Notepad. This may include actual anti-malware software that you need to maintain system security. If you notice your older security software not working, suspicion should be immediately cast on any new, lesser-known security programs you might have installed.
  • Fake warnings will appear in your web browser that redirects you towards dangerous websites. These warnings imitate official Internet Explorer warnings for unsafe websites, and so one should remain alert to avoid mistaking the fakes for the real thing.
  • Many different general system infection warnings will occur even if the only infection on your computer is Antivirus .NET itself! This is done strictly to create a state of terror in the user, as well as a dependency on Antivirus .NET's supposed functions. Such warnings won't correspond to the results given by legitimate anti-malware scanning software.
  • Antivirus .NET will prompt for and initiate fake scans that in actuality do nothing for your computer, presenting a mere appearance of security. The only purpose these scans have is to nudge you into buying the full version of Antivirus .NET.
  • Antivirus .NET may also cripple your Internet connection to prevent you from gaining easy access to tools that could remove it.

Other vulnerabilities and problems may also manifest with prolonged exposure to the rogue anti-virus application or related infections.

Antivirus .NET Solution

To delete Antivirus .NET, you may need to enact a multi-pronged solution. Closing down unnecessary processes via Task Manager, running legitimate scans from up to date software in Safe Mode, and downloading removal tools designed to handle this form of rogue program will usually remove the infection. If done promptly, you can expect little damage to result to your system, but the longer you wait, the greater the likelihood of a serious compromise of your machine's integrity.


Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%PROGRAMFILES%\Antivirus .NET Full\netcureav.exe File name: netcureav.exe
Size: 1.26 MB (1261568 bytes)
MD5: e0a25cad24103ec4df84dd167b55b83a
Detection count: 525
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Antivirus .NET Full
Group: Malware file
Last Updated: October 17, 2011
%TEMP%\nkovqwsdt\ekopjkvyhsn.exe File name: ekopjkvyhsn.exe
Size: 242.68 KB (242688 bytes)
MD5: 7a9ef75292c4f9bee53cdc71c753b25d
Detection count: 262
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\nkovqwsdt
Group: Malware file
Last Updated: January 27, 2011
%TEMP%\pwpirjlvc\wqwswjksjmo.exe File name: wqwswjksjmo.exe
Size: 322.56 KB (322560 bytes)
MD5: 11ea2649665cc1a35c96358b69c88bc9
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\pwpirjlvc
Group: Malware file
Last Updated: January 27, 2011
%TEMP%\yaqsxmlvb\syshmaxaffm.exe File name: syshmaxaffm.exe
Size: 263.68 KB (263680 bytes)
MD5: 2db0c58426a3a3c5bb47f282a9bfd214
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\yaqsxmlvb
Group: Malware file
Last Updated: January 27, 2011
%TEMP%\olgagjjiu\hpftkposjmo.exe File name: hpftkposjmo.exe
Size: 337.4 KB (337408 bytes)
MD5: 8b792bc6886e2671b1ecd8f61ab5c790
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\olgagjjiu
Group: Malware file
Last Updated: January 27, 2011

Related Posts


  • dave yeager says:

    Thanks for the tip. This is alot more than McAfee provided me after this beast hit 2 of my machines while they were running their products. Needless to say I'm shopping for a different anti-virus/spam package today!

  • Nigel says:

    Thanks for your advice but antivirus.net are a few more steps ahead. My daughter's laptop became infected tonight. The only page that can be browsed using internet explorer is one promoting their product. Task manager, google crome, registry editor, system restore etc cannot be opened. That is anything that could remove this invader.
    She did have AVG anti-virus software, the free version, but this made no difference. The laptop has Windows 7 for the operating system.
    The address of this so-called antivirus .net company is given as Great Marlborough Str. 74, London SE1 2TU. Obviously not true, especially when the address isn't in the correct British format. Who are these people? Is it possible to trace the scum?

    I will not of course buy their product. Even if it was good would you trust such people with your credit card details?

  • Frustrated says:

    Great! am I the first one.
    I got this yesterday ie. JAN 25 2011

    Must this be done only manually if I don\'t want to purchase SPYHUNTER?

    I do not know how to find the option RUN on start in windows 7.

    Anyone know how?

  • trent says:

    i need help badly. i'm using my wife's computer right now and mine is completely useless. it won't even let me play minesweeper without one of there bogus warnings. they have gotten around these directions on how to get rid of them. do you have anything newer. i can't afford to take my computer in.please help me.

  • dodgecummins89 says:

    Ok well I have this malware on my laptop and everytime I pull my task manager and the command prompt it shuts them down barely before they open fully. Is there any other way around this?? Please help!!!

  • Dave Baron says:


  • Gary says:

    I am wanting to remove AntiVirus.net on my desktop computer. It will not let me get on the internet at all. Help please.

  • Pascal says:

    Hi everyone, I'm afraid what I'm going to say won't help most of you but still it might give you a path if your in the same case as me. Until 5 minutes ago I had the same problem, this annoying Antivirus.NET intruded my computer - even it is if apparently not that much dangerous (as long as we don't pay for their fake program...). I also could not open the internet or any other program. And now I removed it. At first, having already "Spyware Terminator" and "Malwarebyte's anti-malware" installed on my computer I tried and tried to open them to scan my hard-drive but it was unsuccessfull. Afterwards I finally - and this is stupid not to have tried it before - tried to open my antivirus (avast) and...it opened! I thought that for sure if my 2 anti-malware could not open, avast would not open but actually it did. Then simply I scanned my computer and removed 2 infected files located in the Temporary Files. I shut down and then opened my computer and it was cleared!

    So if you have avast, try to open and update it (if not automatic) and run a scan, it might help you! And if you don't have avast, try to install it by any other way (go to another virus-free computer and try to put avast on a USB or CD and install it on your infected computer.

    Hope it helped some of you...

  • ghostrider01 says:

    Dave Baron,

    You may not be able to load our software or access the internet and other tools because they are disabled due to the parasite infection. You may try the following in attempt to restore the ability to install security tools:

    1. Switching to another web browser.
    2. Check for hosts file hijacking.
    3. Disable DNS caching.

    Alternatively, you can view our section that explains how malware blocks installation of anti-spyware software or blocks access to the web here: http://www.spywareremove.com/security/malware-blocks-spyhunter-or-access-to-web/

  • tbird says:

    i cannot get to task manager either. they have a way to block it frrom even loading. this came to my computer last night, january 29...

    what should we do? yikes. hate this

  • Tow-Ming says:

    THis antivirus .net got into my system and I could not able to go to the net to do any work. I am really piss with this company practise. I lost alot of time to do fruitful work because of this sucker. I need to figure out how to remove him from my window 7

  • fabicoortega says:

    I need holp for my computer

  • jjsumer95@rocketmail.com says:

    This is cool. Worked well for me. Thank you so much

  • Alex says:

    Okay, this program has me locked out of my task manager and my command menu. Any other ideas on how to get rid of it?

  • sosad says:

    I have the same problem - the only thing that opens on my computer is antivirus.net. And I can not open the task manager. I was able to open my antivirus software - titanium but it did not detect the virus. I call the support number for titanium and was informed this was a new virus and it would not detect it. I was told to re-install everything on my computer or take to a professional. I bought my laptop at best buy and everything was already installed and I did not recieve a back-up. So guess what - have to pay crazy amount to have fixed. Pascal- thanks for the advice but my antivirus software did not detect this. Glad it worked for you and maybe some other people can try the same thing.

  • hoozierzune says:

    I got whacked by this thing today and manually removed it when I could not do anything else. My windows explorer still worked. I looked for all application programs (*.exe) modified in the past 24 hours. I also right-clicked on the antivirus.net program on the task bar. Both gave me the name of the program (in my case jmvrlbysjmo.exe). it was located in my Users\***\AppData\Local\Temp\nfdhtavnq folder. I hard-exited the computer (held the off button down) and restarted in Safe Windows Prompt mode. At the windows prompt (the old dos prompt), I removed directory. Syntax = rmdir c:\Users\\AppData\Local\Temp\nfdhtavnq. If it won't remove directory, use delete file first. Syntax = del c:\Users\\AppData\Local\Temp\nfdhtavnq\jmvrlbysjmo.exe.

    Had Sophos Anitvirus up to date and it didn't catch it. Am on Windows 7.

    Good luck

  • LittleHelper says:

    If none of the suggestions work try working in safe mode, you can disable the program from starting up and find the sourcefile by clicking "veiw source" in the screen where you choose startup programs, that worked for me. You still have bits of it left scattered around but then you can run your antivirus programs and such

  • Another victim says:


    You may not find it under Antivirus.Net in the registry. Mine was under the name "jxedbthe" and also as "jxedbthe.exe" instead od "affm.exe" in task manager. So it may be under different random names for each case.

    Watch it.

  • Crazy says:

    I restarted my computer and as soon as I possibly could I started opening my task manager and it opened. Once it was opened i looked for one of the newest created *.exe files and stopped it. And that gave me the path it was at and I found it under users/...../appdatat/local/Temp/oddlidtt and I tried to delete the file it said I did not have permission. I had permission once i stopped the process on the task manager. Good luck, this one is a bugger for a non computer guy.

  • kerri says:

    My brother was hit hard by this crap! I'm tring to do this in a blizzard and ten miles away. Ihope we can fix it.

  • WK says:

    The executable name is random, it changes for each install.

    The only "good" thing about this malware is it doesn't survive another user logging in. Make sure you have an admin-level user that you can log in as, and you'll be able to remove the executable from the appdata\temp folder. Then you can login as yourself to clean up the registry.

  • Annie says:

    Thank you Pascal, your comment helped me get rid of this stupid virus!

  • nowsohappy says:

    Thank you to everyone who left comments last night (Jan31)! I posted comments last night under "sosad." After work today, I looked back at this website to see if there were anymore postings - and they helped. I started my son's laptop in safe mode and tried a couple of different things from there. I was able to choose an option that restored my computer to Jan29. I think I was in the control panel when I did this. Maybe someone more knowledgeable than I will explain how to do that.

  • MsLynn says:

    This sorry good for nothing virus infected my desktop and it will not let me get to anything whatsoever in the computer what do I do now PLEASE HELP THIS IS SCARY!!!

  • Ransom says:

    For anyone still having issues. un plug ur computer, re plug, turn on. Start windows normally as soon as u get to ur normal screen MASH ctrl alt delete until the options pop up. U can open task manager up. Antiviru.net will still pop up but it can't do shit if task manager is already open >:). Select procceses tab. Kill whatever is using the most cpu. Like hoozie said, mine also was named something similar. I closed it and the antivirus is gone. Doing a full scan at the moment. Sorry for bad typing I'm doing this on my phone ^____^ happy cleaning!

  • alex says:

    i got hit with this thing tonight, i was able to get rid of it by using a combination of what hoozierzune posted and what i did when i had a previous spyware infection

    so after reading that hoozierzune found this in the documents and setting\user\local settings\temp directory, i looked in the same place and sure enough found an unfamiliar folder titled "adjeugbef" i opened it, and there was a similarly suspicious .exe file "ekrqvvsjmo.exe"

    i rebooted windows in safe mode with networking and manually removed the suspicious folder. i then ran msconfig [windows key -> run -> msconfig] and saw that this file and directory were selected to start on start up. so i unchecked that box.

    so far my computer is working fine, running on windows xp

  • Me says:

    Got hit by this yesterday. Found it stopped me from opening the task manager. I found a way around it though. Its a bit slow to load when the computer first starts up so I rebooted and hit crtl+alt+del as soon as the desktop started to show. I then looked at the list of current running programs for something with my user name but a strange title, in my case it was a seeming random set of letters. I killed that process and was able to run Malwarebytes' after doing so. After updating the software, it found the infections and removed them. Rebooted when prompted and it was clear. I have not seen it pop up again yet. You can probably run any updated antivirus software once you kill the process that locks you out of the system.

    Avira AntiVir did find some of the malware but did not find the root problems so it just kept coming back. I'm sure they will get an update out as soon as they can though.

  • Rockin Rod says:

    Hey Everyone Good news I figured it out!!! Manually turn off your computer and start it up in SAFE MODE!!! once yo do that, go to your SYSTEM RESTORE on the start menu under search type in restore, it should pop up and the restore your computer back to when your computer was working fine.. it worked for me!!! this one was scary... hope it helps.

  • seanio says:

    TEMPORARY FIX: Reboot your PC, as its loading up hit Ctrl+Alt+Delete to bring up Task Manager as soon as possible (before Antivirus.net blocks it). Go to the Processes tab and click \'End Process\' on the Antivirus executable (.exe) file that is running, for me this was \'hdwsitesjmo.exe\'. That gets rid Antivirus.net until the next time you start up your PC, when you can just repeat these steps. Works for me!

  • Warren Goldberg says:

    I got the virus last night. The creator covered a lot of bases but not all of them. I was initially blocked in efforts to access web pages, clear cache, clear java cache and initiate system restore. I was able to access system restore and selected a 1/29 restore date, but had to act quickly before the virus software loaded and stopped me. So basically shut down your computer witth the off button, and open and initiate system restore as quickly as you can. GLTA. I hope the perpetrator is caught soon.

  • Kilo says:

    Thanks Me! Seems to be working for me...

  • John says:

    This randomly appeared on my computer today, and immediately started flashing its fake virus messages. I wasn't able to access the Internet in any way, and in the process of searching for the files that it installed, my computer got the infamous 'blue-screen' error. If you can't tell already, I am a computer novice. Anyways, my computer then shut down, and when I attempted to start it again in safe mode, it only loaded a few files, then stopped and shut off... No clue what's going on here, could anybody offer any insight? Thanks in advance.

  • George says:

    Can someone input a solution that a computer illiterate person can do?

  • Jonathan says:

    If you restart your pc hit F8 until you get to the screen where you can get to" safe mode with networking". Once you're in safe mode open IE and go to Tools, Internet Options, Connections, Lan Settings, Uncheck "Use a proxy server for your LAN" under the Proxy server tab. You will then be able to hit the net and get Malware Bytes or some other form of Malware product. Good thing I have more than one laptop. This really sucked before I decided to look up on how to rid myself of these douche bags hijack attempt.

  • happy now says:

    thanks to the person called me i fixed my computer the same way i unpluged it then pluged it back up when the desktop started to show i held alt+ crtl+del until everything came up. then it was gone

  • James says:

    Does anyone know how to track this F*cker's location via the url on his website? if so, please make his/her address public. i'm a semi-pro photographer and in a legal battle right now and lost all my photos and work due to this a-hole. perhaps if a group of us got to gether and smashed up his/her computer set up less of these viruses would happen. the way i see it, you destroy my computer, we destroy yours. I don't care if it's legal or not, what is he/she going to say to a judge? "they destroyed my computer setup because i was ruining their computers with a virus and fraud scam, compensate me"?

  • IT Support says:

    Hope this helps a few. Reboot - just shut off the power if it declines - then use F8 key to select SAFE MODE WITH COMMAND PROMPT.
    Log on to the profile previously in use.
    CD "Local settings" - a hidden folder but it will then display full folder path..
    RD Temp/S to delete the folder Temp where the offending software lives.
    Reboot your Windows.
    no sign of virus but IE is still set to use the scammers local PROXY settings.
    Select the Connections tab in IE Tools Internet options.
    Delete all references to proxy and then set up the connection again.
    AVG let this get through but is normally an effective AV.

  • Jeremy says:

    Never been to this sight before, but thanks to you all. I got it fixed solely because of the information here. My up-to-date, main stream name brand virus protection never found it even when I logged in as a different user and ran a complete scan. If it helps anyone else, here\\\'s my experience and ultimately easy fix

    It\\\'s a nasty little bugger that won\\\'t let you open anything, tells you everything you try to open in infected, and asks if you want to run a virus scan. A small icon named \\\"Anitvirus.net\\\" shows up in the quick launch section. Of course \\\"Antivirus.net\\\" is not anything I\\\'ve ever purchased or downloaded. I got rid of it this way:
    1. Reboot and log in.
    2. As soon as the desktop pops up quickly press Ctrl-Alt-Delete
    3.Then, open your windows explorer and find the AppData file for your username. Mine was under c:\\\\Documents and Setttings\\\\[my user name]\\\\AppData. Note, on my computer \\\"AppData\\\" was a hidden file, so I had to show hidden files first.
    4. Look in the AppData file and sort it by date. The most recent file is likely your culprit and will have a name that just looks like random letters. Mine was \\\"igzpgd32.dat.\\\"
    5. Delete that file and send it to the recycle bin. It doesn\\\'t work from there.
    6. Reboot and your problems should be solved, but don\\\'t stop there.
    7. Run a search for all files with the first 4 or 5 characters of that name. If you forgot what it was, you can look in the recycle bin. To make sure your search was successful, it should AT LEAST find the one in the recycle bin.
    8. I\\\'d check the date on any files that pop up. If one is older, it might be a necessary file and I\\\'d be careful. But, if they\\\'re all dated the same, delete them all.
    THEN, run your own antivirus software to do any additional clean up.

    Good luck and thanks to all again.

  • Ann says:

    I have all of the problems that were discussed. I tried Malwarebytes under safe mode, webroot, and I still have no luck. Now my laptop turns on and all I see is a black screen and my mouse pointer. Does anyone have any advice?

  • KElvin says:

    Well have to say - like to find out this site is real

  • Me2 says:

    My system was infected on 2-2-11. Here are the details on where the virus was stored on my machine:

    fihuslrsjmo.exe 332 KB
    C:\Documents and Settings\user\Local Settings\Temp\qwosgifso\fihuslrsjmo.exe

    I did a Find in the Windows Registry for 'Antivirus', and among the many results was:

    fihuslrsjmo C:\DOCUME~1\user\LOCALS~1\Temp\qwosgifso\fihuslrsjmo.exe

    If you are using Firefox, you can manually disable the virus' proxy server by clicking:

    Tools -> Options -> Advanced -> Network -> Settings -> No Proxy

    Hope this helps.

  • Donna says:

    This hit my computer last night and after repeated attempts to us McAfee and another program I have on my computer, it would not get rid of it. I tried going in through Firefox and Firefox would only work offline. So I believe this thing is evolving. I will be taking this home to see if any of this works.

  • Brunoblake says:

    hey all - this thing just infected my laptop. Followed suggestions and just pounded Alt-Ctrl-Del at startup, managed to kill the processes. After that went through the registry process and msedit to kill the startup directions. Worked like a charm. Scary virus though, didn't get picked up by my anti-virus AT ALL.

  • Walter says:

    Here's what I did to rid myself of this nasty bugger:
    1. Restart the computer
    2. AS SOON as you see your desktop appear hit ctrl-alt-del to bring up the task manager
    3. Shut down any processes that appear to have random letters as their name (eventually you will hit the antivirus.net one... you will know when the pop-ups stop)
    4. Do a system restore to at least 24 ago (i.e. it is the afternoon of Feb 4th, I chose the restore point created 8 am on Feb 3rd)
    5. Allow the system restore to do its thing
    6. When the computer restarts, run whatever anti-virus software you have (I have Webroot Spysweeper) and it will clean up the virus.

    Hope that helps.

  • Bob Schalor says:

    Got hit too...I read all posts and took some from each...here goes...Rebooted..hit F8 to safe mode with comand prompt. Once in start--programs--accessories--system tools--system restore...pick the date that preceeds the antivirus.net ..restore, it will automatic close and reboot...say a Prayer..and presto...hope your good to go...ciao

    thx rocking rod for the help...

  • eric says:


    Worked for me also, my attacker also also ended with /sjmo.exe/ . with random letters preceeding. repeat ctl+alt+delete while windows is firing back up. click on task manager then take your time and find the file and select it. Once the file is found (probably ending in jmo.exe) click on and highlight, click /end process/ this cleared my computer so i could get on the web and download malwarebytes.

    TEMPORARY FIX: Reboot your PC, as its loading up hit Ctrl+Alt+Delete to bring up Task Manager as soon as possible (before Antivirus.net blocks it). Go to the Processes tab and click \'End Process\' on the Antivirus executable (.exe) file that is running, for me this was \'hdwsitesjmo.exe\'. That gets rid Antivirus.net until the next time you start up your PC, when you can just repeat these steps. Works for me!

  • bazooka says:

    Got infected today.

    1. Went into Users\***\AppData\Local\Temp\
    2.looked into folders created with todays timestamp
    3. usually the folder name would be weird (yuiapeiu etc)
    4.note down the folder name
    5.restart your computer in safe mode (press f8 while it is booting)
    6.delete the folder that you copied in the step 4.
    7.restart your computer. Presto! sucker is gone!!
    8.it might also change your browser proxy settings. change it back to original setting (not to use proxy in my case)

    Hope this helps.

  • LA says:

    Thank´s Jonathan. 🙂 It´s working!!!!!!!

  • Daniel says:

    Okay, here's the easy way to find out exactly where the file is located on your computer. This is for all of you who had this virus shut down everything you seem to need to remove it like mine did. The AntiVirus.Net "interface" that pops up (looks like the picture in the first paragraph at the top of this page) has a link in the bottom right corner (DONT CLICK IT) that says Support Center or something like that. RIGHT-click on it and select properties and it will show you the destination that it takes you to if you were to left click it. Go to my computer and work your way to the file it says it's in (mine was my name\AppData\local\Temp\nwtdsuxwc\ffopliusjmo.exe) Don't try to right click and delete, that wont work. Just highlight it and press the delete key on your keyboard. If that still doesn't do it, cut and paste the file somewhere else and try again. I followed the instructions above from there. (There wont be any process running for it since it doesn't know where it's at.)

  • hoofbeats says:

    This program invaded my ssystem this morning and not until I was able to access this site via another computer was I able to find a way to get rid of it (I restored my system by starting in the "safe" mode, get to restore and I backdated the system two days prior to today. That was an hour ago and so far, so good.

    I had the same symptoms as everyone else, captive to Antivirus.net but nothing else for internet service, other internal programs would not stay open longer than a split second.....a real bastard to control. Good Luck everyone!

  • Dana says:

    This virust is horrible -- I have spent precious weekend hours trying to heal my computer. I am in the process of doing a system restore and hope that I can get my computer back to normal. Beware also of "Adobe Update" , as it a trojan virus is masquerading as an Adobe update.

  • Karen says:

    Thank you Jeremy and IT Support.

    Followed Jeremy's directions .. we had a different random file name .. We stopped the process thru task manager by hitting ctrl-alt-delete when we restarted the computer, found a weird random exe under processes, we selected it and stopped process, then did a search for that file and deleted the file and it's folder .. restarted computer .. it was gone. Tried to open Internet Explorer, but it denied connection .. simply went into Tools, Internet Options, Connections and reset LAN options from proxy to auto detect .. Viola' !!! Restarted Internet Explorer and we are good to go !!!!

    Username: Jeremy Date Posted: 2011-02-03 17:13:38
    Username: IT Support Date Posted: 2011-02-03 05:48:53

  • Oakenraptor says:

    Ran windows in safe mode with networking and used my norton 360 to scan and it found and removed this annoying program!!!!!

  • Larry says:

    This worked for me.
    Restart your computer and hit control,alt, delete immediatlly. The task manager will pop up because the antivirus didn't load yet. Go to the processes tab and look for an .exe file that doesn't make any sense, mine was a bunch of letters. As soon as you end the process it will disappear from the task bar. If you stopped the wrong one restart your computer and keep trying until you find the right one. Then go to programs,accessorries,system tools, and system restore. Restore your computer to an earlier date and it will go away. Run a sryware or mallware program to make sure it is gone.

  • Louise says:

    I think i managed to delete the infected file through using task manager to locate it as this was the only way I could find it (no results when earching for it and not on programmes list!) however, now my laptop will not turn on. it sounds like it's starting up and I'm seeing the intro screen but then it just goes black and none of the lights are on. could this be a related problem or something completely different...any suggestions?

  • VG says:

    This virus disables internet access and wont let any .exe files to be executed on the computer including the task manager. But this virus is fairly easy to get rid of, unlike other variants. Follow these steps exactly and you can remove the virus without a trace.

    1. Reboot the machine,

    2. When the window starts, the virus kicks in. But if u act real quickly, you have a small window of opportunity to run any EXE file ( including the task manager).

    3. When window starts, keep on hitting CTRL-ALT-DEL till task manager starts. Look for a process under the process tab with a long name with random characters. It shud be easy to spot.

    4. End the process

    5. Start Internet explorer

    and uncheck the box "use a proxy server for your lan"

    7. Goto www,superantispyware.com and download the portable scanner. This is probably the best solution around. Save it on the desktop.

    8. Start the portable scanner and update it first.

    9. If you dont have internet connection, dont worry just download the portable scanner onto USB drive using another machine, copy it onto theinfected machine machine and run it. This it self if updated frequently so dont worry if you cannot update it. It should still be able to catch Antivirus. NET culprit.

    10. Run a full scan and I mean it. Even if it takes few hours, let it perform a complete scan. It will get rid of all the traces.

    11. Reboot the machine to complete the removal process.

    Presto, your problems are solved.

    Hope this helps. If you have any other questions post them here. I will check the space again.

  • Mark says:

    Evening everyone. My desktop got hit with this thing while my son was on it. At first I thought he accidently downloaded something but using my laptop I saw this post. I restared the system and went to the system recovery as soon as I was able. I run Windows Vista on the dest top and hit F11 when I could. Everything seems fine now. Just be sure to run an update on your Anti Virus program and scan for any remaining bits of the Antivirus.net program. I would really love to get this hacker in my grip. give me five minutes with him and a ballpin hammer and I guarentee they will NEVER type another virus program again.

  • kerry says:

    I had the same thing happen to me tonight. Nothing would open and everytime i opened internet explorer a message came up that brought me right to the website for the antivirus. Thsi happened on my admin log on so i went onto my guest and did the system restore from there. I picked a date a few days ago and them waited for it to restore. After i went onto the admin log on and ran my antivirus and it is doing it as we speak. Hope this helps! I was so scared before!

  • SC says:

    This hit me today SuperBowl sunday. Thanks A hole!!! Thank fully i was able to read the posting and get some ideas. The restart and startup Task Manager worked for me. The file I end process was pftqoopsjmo.exe. Now i was able to get onto Norton DIY site and downloaded their program for free. The program was able to detect it and deleted it. So far it seems to be fine. I might do a system restore later.I hope this helps. Good luck.

  • Hiyo says:

    My pc got infected and I thought I fixed it.... But now it\'s not starting up.......
    It just shows a blank screen and it won\'t even let me in to the safe mode
    I feel totally desperate and I seriously need help on this

  • Erica says:

    I got hit with this thing too the other day. What I have tried so far is running a registry cleaner first, but that wouldn't even open. Then I tried to open Malwarebytes, but that would not open either. My next step was to log-off my computer under my name and log-in under a different user. I was then able to do a full system scan with Malwarebytes, but after 2 1/2 hrs of it scanning and four problems found, I clicked on "Remove Infected" button and the damn thing stopped responding!!! I then restarted my computer and logged in as another user again and was shocked to find that Antivirus.Net was now running under that user name! So logging in as another user may not work for everyone. I will be going home tonight with the information from this website and hopefully have some success.

  • Tom says:

    Followed the instructions as mentioned while in safe mode, worked like a charm. I should note that the user in this case did not install the actual program yet. Yay for common sense 🙂

  • RJ says:

    Was able to get rid of this virus on my computer this afternoon. It was my desktop that got infected, so I used my laptop to access this site, and the information on how to remove this nasty virus.


    After many failed attempts of just about everything, I restarted my computer and hit CTRL ALT DLT at the very sight of the home screen. Doing this allows you to open Task Manager before the virus gets to it. If you scan the list, many of them are random letters, but the virus should stand out because it is a bit longer than the rest. Mine looked similar to this jx9akjsn08al.exe - definitely something that looks out of place. I was able to end the process, and immediately I knew it was correct because the pop ups stopped - allowing me to access other things.

    Once the popups stop, I used system restore to restore my computer to its state of 24 hours ago. After the restore, my computer was restarted automatically and everything appears to be normal. RELIEF!

    Hope that helps all those in panic!


  • aj says:

    i have a temporary fix if u want to download an anti-virus shut off your computer and turn it back on. on the black setup screen chose safe mode with networking you can then surf the web without your computer being affected by antivirus.net

  • Golfboy says:

    Ok i tried powering up and alt, control delete for task manager right away and stopped the long extension which stoped the pop ups. Then did the changed the LAN settings an unchecked proxy settings. Ran Malwarebytes with updates. Also downloaded Superantispyware found over 534 issues and deleted them. Also did system restore as well and seems to running ok for now. Fingers crossed. 🙂

  • NRL says:

    Ok, so I got this virus yesterday and luckily avast! managed to find and get rid of it but now for some reason I can't access the Internet at all. My computer says it's connected but when I try to open the browser it says cannot connect and when I check for solutions it says the website does not have permission to access my computer through the World Wide Web. Please Help!

  • Vfrankz says:

    Nam: After you create new account, you should do 2 things: First one is to scan with couple anti-malware tools ALL your PC, the second is consider upgrading your antivirus to internet security version. You either miss trojan downloader or get reinfected.

  • Gary says:

    There are many different ways to deelte a Trojan. Depending on what type it is. But I urge doing it manually as most free virus removal programs really have a Trojan attached the the file downloaded So, the simplest and most stupidest Trojan can really be removed by: Locating the file path for which this Trojan is situated. Copy the file path into a separate window. Delete the infected file.That's it If this didn't work then email me at: I can give you more information on how to manually remove it, but you need to have the most updated virus definitions. In view of the fact that you have AVG and it doesn't place forward this, I'll see if I can help you around this.

  • Marcelo says:

    I have had this anti spy wear on my computer for over a week. Please avoid this pogrram. It has given me a headache and I am glad that there is something out there to combat it.