Multi-Device Licenses (Volume Discounts)

Change Region

English Español Português
Threat Database Rogue Anti-Spyware Program Antivir
7 Comments

Antivir

By SpideyMan in Rogue Anti-Spyware Program
Translate To:
English

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: December 11, 2009
Last Seen: January 10, 2019
OS(es) Affected: Windows

Antivir Image

Antivir is a fake anti-virus application that is part of a widespread online scam. Although Antivir is disguised as an anti-virus program, Antivir is itself actually part of a Trojan infection. These kinds of Trojans install fake security programs like Antivir to attempt to steal their victims' money. ESG security researchers strongly advise against purchasing Antivir or any anti-virus application that entered your computer system without your authorization and presents characteristics of rogue security programs. Antivir itself should be removed with a legitimate anti-virus application.

Although Antivir has components that disable Task Manager and many legitimate security programs, Antivir's self-defense mechanisms can usually be bypassed by starting up Windows in Safe Mode before attempting to remove this dangerous fake anti-virus application. ESG security researchers advise to ignore all notifications, security alert pop-ups and error messages in the event of an Antivir infection. These are usually caused by Antivir itself in order to convince you to purchase this fake security application. If you have already paid for a useless Antivir registration code, you may be able to contact your credit card company in order to reverse the charges and mark them as fraudulent. Steps should also be taken to protect your credit card information, so a third party does not make any charges to it.

An Antivir Infection is Often Contracted from Fake Video Codecs

The most usual source of infection with the Trojan that installs Antivir is through a user download. Because of this, ESG security analysts strongly advise being extremely careful with what you download onto your computer system. It is important not to believe everything you read online, since many software downloads are not what they appear. Antivir may be installed by the Zlob Trojan and by Fake Microsoft Security Essentials Alert Trojan. These Trojans are often found as fake video codecs online, especially in websites containing pornographic videos or pirated movies. When attempting to play one of these videos, the victim receives a pop-up window claiming that a particular codec is needed in order to view that video, and then providing a link where that codec can be downloaded. However, this supposed 'codec' will actually install Antivir as well as various other malware threats onto the victim's computer system.

Antivir family, the FakeXPA family, has also been known to have other members, all of them rogue anti-virus applications and clones of Antivir. These clones include ScreenshotScreenshotScreenshot

Aliases

4 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Symantec Suspicious.Insight
Sunbelt Trojan.Win32.Generic.pak!cobra
Panda Suspicious file
Kaspersky Packed.Win32.Krap.as

SpyHunter Detects & Remove Antivir

Antivir Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Antivir may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. Antivir.exe e2540660f0185ebf19157ff69d7f2363 0
2. Antivir.exe 18089a8610cb68ff49f7a3802d0c2d16 0
3. Antivir.exe f907f81dd1190d5252f866954181f311 0
4. Antivir.exe 9f0d9297c7b2c7c49c35ca7d8e9073cb 0
5. Antivir.exe f09e0686478e2e7477901c67f40c79ca 0
6. Antivir.exe 4970c8387f8ff7a56a89e7fa9a45359d 0
7. Antivir.exe 556acb1dae1c04d4b70015163b758bf8 0
8. Antivir.exe 6586b6c473de76dd52b9c154960d5e71 0
9. Antivir.exe acedb2419f3c796d84ae582b262f6a6e 0
10. Antivir.exe 05838ec8da13bb58071c1ba23d5ddd63 0
11. Antivir.exe 8eaa4bf87aa56649b20da03e5feda871 0
12. Antivir.exe c0a19df83e0b2d09bdb65f1813a66a6a 0
13. Antivir.exe 8eefda86a953bdbe9be6245a8a5bdceb 0
14. Antivir.exe f5ad3fa51ec6bf1255f86f1628835e2d 0
15. Antivir.exe 28819b2c14b1ce4400700466eaf658ac 0
16. Antivir.exe 940b50c1556ee76f2b56d9361207d444 0
17. Antivir.exe f8091df4c0d35b7b64daab0d811f0595 0
18. Antivir.exe 9f736485dd8528c08aaf0da484a3f884 0
19. Antivir.exe e330568b7294a30173b31925ccc371a6 0
20. Antivir.exe 04dfdcf553d22099fbdc0369f42b7845 0
21. Antivir.exe b6097634b8e83c0859e3a6cb8e77e2be 0
22. Antivir.exe cb308ff82fd7b8e383709a0d9cc73b32 0
23. Antivir.exe 022a2a77688752b572ddbafc95c3c8d1 0
24. Antivir.exe ffd538a4ffd1ebb58399268953400d84 0
25. Antivir.exe ae4042fb71d8411d6ceef0cadf49f2d9 0
More files

Directories

Antivir may create the following directory or directories:

%ProgramFiles%\AntivirAV

7 Comments

Lykasz Reply

I just got this sh** in my computer,but how can I remove it?HELP!

MARIA Reply

ME APARESE ESO AMI PERO DE AHI ME APARESE UA COSA QUE DISE NAVIGATION CANCELD Y YA DISE QUE ES MI RESPONSABILIDAD QUE ESTA EN RIESGO MI EQUIPO Y DE AH ME APARESE LA OPCION DE COMPRA QUE HAGO PORFAVOR AYUDENME NO ME DEJA EN PAZ ESE ANUNCIO.AYUDAAAA.

denny Reply

Someone worked on my station at work!-windows/system32.They left the outgoing-
incoming antivitus off! It is "Entrust ITM.
The "antivir" come through aftyer I got on my work station. The discovered
the "anti-virus" program was turned off! Can you help me?

chrissy flores Reply

this just came on my screen i can't get it off it's not in add or remove or start its just below n ear the time can't get it out please please help help me asap it keeps popping up and interrupping the internet and blocking site please help me please help me

rachelle Reply

same as u, I can not do nothing!, it is NOT in Control Panel under Profgrames, [I have Add remove, cant find it, when I did I delete it, it keeps coming back.....help me please!!!![@@@ mm

Kolme Reply

Hey there guys. I just had this sucker sneak into my computer a few days ago. I am very careful about sites I visit, and normally do not use any viral protection. BUT, this antivir snuck in somewhere. It took total control of my computer and anything, even CNTRL ALT DELETE was overided by the virus. Not a single program worked as it was considered "infected". However, I got this sucker out the old fashioned way, manually.

####NOTE#### This is intended as a SUGGESTION. I Do Not Take Responsibility For ANY Problems This May Cause. This method worked for me, and therefore I will share it. Please, use this guide at your OWN DISCRETION. If you experience problems, PLEASE REPLY TO THIS THREAD, and I will try to help. Goodluck!

Here is how I did it:

1. Manually turn off your computer, whether that be the battery, plug, or holding down the power button.

2. Power up your computer and press F8 while it starts. This will allow you to commence operation in SAFE MODE. This mode will not activate the antivir program on start up, and therefore will let you operate on your computer.

3. When your comptuer has started in SAFE MODE, make your way to your temporary internet files. For me it was C:\Users\owner\AppData\Local. (it will probably be the same for you, but "owner" will most likely be replaced with the name you see at windows log in.) If you are unsure as to where it is, I reccomend using the search function using the keyword "Temp" and back up 1 folder.

4. Once you have located this folder, you will see alot of folders etc, including "Temp". Here you will have to discern between the good, and the bad. I would first reccomend deleting EVERYTHING in your Temp file. (This may mess up your internet explorer/mozilla later but we'll get to that.)

5. Look for strange folders that are named in Giberish, like khfslnahlfjsfskld. These folders are almost always a viral folder, and are reccomended to be deleted, so do this now.

6. Also, outside of the of the folders you will see some more files. Some of these are also odly named, and will be executable, DELETE these as they are components of the anti-vir virus. Although it isnt reccomended, you can most likely delete all folderless files and be ok, BUT it is always better to delete only what you dont need, and delete more later if need be. (Some DLL files are essential so BE CAREFUL.)

7. At this point, the virus should be totally cleared from your files. Go to the recycle bin and empty it now to ensure the viruses removal. Now simply restart your computer normally.

8. Here is when you find out if you were successful. (The virus can be deleted but if the core components remain, it can re-install). Try to use CNTRL ALT DELETE, and other programs for a good 5 minutes or so. If nothing happens, it is a good possibility that you have erected the antivir software. #### If it does reappear, simply redo the previous steps and this time be more generous with the "DEL" key, I was able to delete everything and still have my computer run 100% fine. Also, try searching in safemode for antivir, or any aliases it has.)

9. IF your mozilla/internet no longer works (your other programs should be able to connect to the internet still) then follow these steps.

FOR INTERNET EXPLORER.
A. Open your Internet Explorer and go to 'Tools' and then to 'Internet Options'.

B. Make your way to the 'Advanced' tab and then Click 'Reset' and except all of the parameters.

C. Restart Internet Explorer and it should be good to use!

FOR MOZILLA (The re-install method)
A. Follow all the same steps as above for internet explorer.

B. Go to your control panel and then to 'uninstall program'. Uninstall Mozilla Firefox.
C. Using Internet Explorer, reinstall Mozilla. (There may be a better way to get mozilla to work, but I am not as familiar with Mozilla, and therefore offer no better solutions.)

I hope this helps someone out there. If you have questions, once again please respond to this thread.

---Kolme

Kolme Reply

ALSO. After more research I found the specific files to be deleted.

Processes

%Program Files%\AV\antivir.exe
DLLs

%WINDOWS%\system32\UpdateCheck.dll

Other Files

%Program Files%\Common Files\Uninstall\AV
%Program Files%\Common Files\Uninstall\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
%Documents and Settings%\All Users\Start Menu\AV
%Documents and Settings%\All Users\Start Menu\AV\Antivir.lnk
%Documents and Settings%\All Users\Start Menu\AV\Uninstall.lnk
%Program Files%\AV
%Program Files%\Common Files\Uninstall
%UserProfile%\Start Menu\Programs\ANTIVIR Antivirus
%ProgramFiles%\AntivirAV

Registry Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV"
HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Related Posts

Trending

Most Viewed

Loading...