Saturday 13 July 2013

Remove "Antivirus System" malware, removal instructions

In this article we’re going to take a look at a new rogue security program called "Antivirus System" and what effect it can have on your computer. If your computer is infected with this malware, please follow the removal instructions below.

Antivirus System is a form of malicious software and is a type of internet fraud that manipulates you into paying money to have your computer scanned for viruses which it will then claim to delete. The thing with this rogue security software is that not only is it not checking your computer for viruses or dangerous malware – it is actually installing them on your computer instead! There was a rogue antivirus program with the same name two years ago. It was called Antivirus System 2011 and it belonged to completely different malware family than then current one - Antivirus System 2013.


For the main part Antivirus System malware relies on social engineering and it will find its way on to your computer by finding a loop hole in your PC’s security system. One way of doing this is by telling you via a pop-up message that your computer has been infected with a virus, or is running extremely slowly and it will attempt to convince you to buy and install its ‘anti-virus software’ – which of course is fake. This is also known as scareware – a name which is pretty self-explanatory!

The majority of these scareware have a Trojan horse component. Other ways the Trojan horse may sneak its way onto your computer is via software that has been shared on a peer-to-peer file sharing website or through an online malicious software scanning service.

There are others rogue security software programs that are ‘drive-by downloads’ which means that they have installed themselves on your computer by way of a web browser, PDF viewer or through an email client. Again, the malware finds and exploits holes in their security.

The distributors of malicious software jumped on the SEO bandwagon by using illegitimate methods to ensure that their malicious links appear at the top of the page when someone searches for a certain topic. These URLs will be infected and the unlucky user who clicks on them will be directed to a website and then told that their computer is infected. It is then that the "Antivirus System" makers will push a trial of their product and try and get you to click on it and thus install their malware.

When you’ve installed the malware the ever-so-helpful rogue security software will normally then try and tempt you into purchasing the ‘full’ version of their program or other software that you ‘need’. They will usually do this by telling you your computer is seriously infected with malware (the irony!) or that you have illegal adult content stored on your PC. They might also show you an animated screen which simulates your system crashing. What is more, it will block pretty much everything on your computer, including web browsers and anti-malware software of course. It stays active in Safe Mode too.

Antivirus System Firewall Alert
chrome.exe is infected with Trojan-Clicker.JS.Agent.op


Another fake security alert claiming that your computer is infected with Trojan.JS.Fraud.ba.


Antivirus System purchase page. I have to admit that this time cyber crooks made a really good looking payment page. They even added CNET, AV-Test logos and mentioned that Softpedia, Chip.de and commentcamarche.net rated "Antivirus System" as a full 5-start "Excellent" software download.


So how can you prevent Antivirus System malware from infecting your computer and conning you out of your hard earned cash? Number one; install a reputable genuine anti-malware software program on your PC and ensure it runs regularly. This is the best defense you can have against all types of malware.

It is also wise to be as vigilant as possible when using your computer so familiarize yourself with your anti-virus software provider’s name, logo and the look of their pop-ups so that in the event you do get a pop up box you’ll know whether it’s from your genuine provider or from an imposter.

To remove Antivirus System from your computer, please follow the removal instructions below. After successful removal you will probably have to fix certain system files because this malware usually messes with Windows files pretty badly. But don't worry everything can be fix rather easily using the right tool. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Method 1: Antivirus System removal instructions in Safe Mode with Networking:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Then download recommended anti-malware software (direct download) and run a full system scan to remove the rogue program from your computer.


Method 2: Manual Antivirus System malware removal instructions:

Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
  • Hide extensions for know file types
  • Hide protected operating system files
Click OK to save the changes.


1. Right click on the "Antivirus System" icon, click Properties in the drop-down menu, then click the Shortcut tab.



In the Target box there is a path to the malicious file. You can simply click the Target button to open the target folder.



In my case the malicious file was located in: C:\Documents and Settings\All Users\Application Data\pavsdata folder.

2. The malicious file was called 21.4.exe, but I'm sure that the file name will be different in your case.



Rename 21.4.exe to virus.exe and click Yes to confirm file rename. Restart your computer!



3. After a restart, copy all the text in bold below and paste to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.

6. Open your web browser. Download FixExec utility an run it.

7. Download recommended anti-malware software (direct download) and run a full system scan to fully remove this malware from your computer.

No comments:

Post a Comment