Antivirus Soft

Antivirus Soft Description

Type: Rogue Anti-Virus Program

Antivirus Soft is a rogue security application from the same family as Antivirus Live, which typically enters user's systems with the help of Trojans. On execution Antivirus Soft will display fake scan reports, pop-ups and security alerts in an attempt to convince a user that his/her PC is infected. The user will also be informed that the only solution is to purchase the "full version" of Antivirus Soft. Antivirus Soft is not a legitimate security application and users should never waste their money on this useless application.

The family of Antivirus Soft, the FakeSpyPro family, has various members that include AntiSpyware Soft, Antivirus System Pro, Spyware Protect 2009, Security Central, Antivirus Suite, Antivir Solution Pro, Security Suite, Malware Destructor 2011, Antivirus Action, Antivirus Scan, PC Security 2011, Antivirus .NET, AntiVira Av, AntiMalware GO, Antivirii 2011, Antivirus Monitor, Antivirus Live.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Sophos Mal/FakeAV-DS
McAfee-GW-Edition Artemis!7B97251D240B
Ikarus Gen.Variant
BitDefender Gen:Variant.Tdss.17
a-squared Gen.Variant!IK
Sunbelt FraudTool.Win32.AVSoft (v)
DrWeb MULDROP.Trojan
Sophos Troj/FakeAV-AYX
Kaspersky Trojan.Win32.FraudPack.anzq
AVG Cryptic.Z
TrendMicro TROJ_FAKEAV.EAO
McAfee-GW-Edition Trojan.FraudPack.anem
McAfee+Artemis Artemis!1DDB1062DFC1
Kaspersky Trojan.Win32.FraudPack.anem
eTrust-Vet Win32/AntivirusSoft.M

Technical Information

Screenshots & Other Imagery

Antivirus Soft Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Antivirus Soft creates the following file(s):
# File Name MD5 Detection Count
1 cahbsftav.exe 36845769a683b35463f04f2fd6f0adc1 0
2 ksrjsftav.exe ff02e4fcfe7308cbcc18879bf69cdd3c 0
3 mitbsftav.exe 4608b77197ec564c58b9b289196452aa 0
4 nakusftav.exe 9d078d5201ce35220ba58c34fc96907f 0
5 hwbcsftav.exe f5b55e4991cd3903c60e9c6f9c032197 0
6 qhrgsftav.exe 16c68f0acc9a2b616510e3d0d9233edf 0
7 phicsftav.exe 225ce318b9d2d44df2733898188b14fe 0
8 kcxksftav.exe 445778edb9ed08b2b652d7bf7e082af7 0
9 ycxbsftav.exe afd00da8a54fd5e2ab46a550d60dee21 0
10 ehqrsftav.exe 481fb1264737637ce6ccdfe44946bf49 0
11 eeissftav.exe 1f3c9ec2bae49a2186b4ca8e7eb28c33 0
12 enfwsftav.exe f35a3da8911bb19abe59a001ffb72c89 0
13 tljwsftav.exe a9bbd607ac2937c1fb9579fce4310e33 0
14 yymusftav.exe dd4f505d73a3935c9d51bf0a0d9f20eb 0
15 yjhksftav.exe 1ddb1062dfc1c5e6bafd8fa6d2935da3 0
16 owawsftav.exe f6d7296ad34a8d3f39be7d0f9a6ebe5c 0
17 hyxbsftav.exe 7400d6d489e23bf2a7c4e12e112b4b02 0
18 spsesftav.exe 0c92b8e085bb1a65c54f4a9aaea9d627 0
19 dcirsftav.exe 411949b7d6d1a86be730ff96cb636f26 0
20 lhbusftav.exe 09034ec28ebd8c4de09eb324621b2117 0
21 fnxbsftav.exe 64eb6d23136719a2347bc03ea834c19a 0
22 pbtmsftav.exe 7c47805c7ef01c6d5bd2ad52ed898567 0
23 igkesftav.exe e86bea76fb0399609128e89498e55af7 0
24 pdrlsftav.exe b0ea7817c0b689ff01a3cc0f3e29393a 0
25 cihqsftav.exe 6e93eacb2f4fc90ba8d2accab9059b75 0
26 yjiusftav.exe 1417f98ce016a6741fe3fd316ccd8549 0
27 txdgkogtssd.exe b2876913008118bf3f2fb398998f0311 0
28 kcarspk.exe 7b97251d240be7196be6cecfc9aabcea 0
More files

More Details on Antivirus Soft

The following messages associated with Antivirus Soft were found:
Antivirus Software Alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Threat: Win32/Nuqel.E

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

38 Comments

  • bayview:

    my virus file was cigmsftav.exe. I had to restart and get task manager going before it started up. Once taskmanager was running, I was able to delete that file and stop the popups. I still have to edit the registry (little unsure of that one)

  • Veeppilo:

    Antivirus Soft took out my computer even when I had Norton Antivirus installed.

    Norton no help at all and wanted $160 to eliminate the Antivirus Soft.

    Long story short, I canceled my subscription to Norton and did a system restore on my computer (on the extreme side, I know). Good thing all my data was backed up. Not a trace of that pesky Antivirus Soft.

    Now I have to decide which non-Norton antivirus software to purchase.

  • Dean :

    I use sytem mechanic with antivirus and its been the best product that i have ever used but it didnt stop the antivirus soft. Kicker was I never clicked anything it just popped up on the screen while i was reading a web page. I never click buttons on these rogue antivirus scams i just turn off my computr and restart but that didnt work. So i looked up the antivirus soft virus on live search and found an article directing me to Enigma and I had to start my computer in safe mold with internet access to get to the site and download SpyHunter3. antivirus soft sucks and even though the problem is fixed on my computer it has been detected and moved 3 times since i got spyhunter so that just goes to show how many other people are getting hit with this bug!

  • steve falzon:

    Hi, just removing this for a friend, pretty nasty. Another reg key that may have been modified is
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “yes″

    it will have been changed to

    “CheckExeSignatures” = “no″

    Not sure if the malware does this but it has been changed on the system I'm fixing.

  • Valerie:

    Can someone please tell me how to get rid of this Antivirus soft. I can't get ro anything executable including my registry keys or task manager

  • John Hall:

    Like Veeppilo above, I too have Norton Antivirus installed and fully up to date but somehow the virus got through, either from my on line bank web site (unlikely) or my web mail browser which I use occassionally. Once infected, and in between all the annoying pop ups, I ran a full system scan using Norton and nothing was found - the PC was reported as clean!! The only way I could resolve the problem was to reboot the PC from a recovery disk and run a full system restore from my latest backup. All running ok now.

  • K Davis:

    Thanks for the tips. I just used all of this information to fix my girlfriend's PC. Deleted all of the questionable registry files listed and things are running fine now.

  • Jerry:

    I have windows vista and was logged on as admin when got infected with this soft virus. doesn't let me do anything as admin but i can logon as guest or other user name with no problem. can it still infect these other users? not very good with computers so would prefer something i just click to fix the problem. please help

  • Travis:

    Avast didn't pick it up either and for a second there i actually thought that it was avast telling me this. thank goodness i found out how to close it or else i wouldn't be able to even find the fix for the damn thing.

  • Dixie:

    Too late for me...I paid 70 bucks to BUY antivirus soft...after a gazillion popups, I could NOT access the internet, except for the site to buy this. Do I have any recourse?? Can I recoup the money? Man I am ticked

  • Mel:

    I got it from the icanhascheeze site. Probably a banner :/

  • Charlie :

    Add hnppsftav.exe to the list of culprits.

  • Denise:

    I blew the $49.99 to get it to even let me get to my files, it totally locked up the computer, once I blew the bucks I was able to remove it.

  • SysAdmin:

    Wonderfully helpful post!
    Machine had Eset Nod32 2.7 antivirus, and did not prevent this infection.
    It blocked taskmanger, file deletion (rundll32), regedit, and even safe mode!
    After a reboot I got to regedit before it started, and removed the entries listed above.
    Many Thanks!

  • Liem:

    I had Avast Free Edition and it didn't detect anything until it was too late. Same situation with SpyBot Search & Destroy, all too late. After about 10 minutes of repeatedly opening the task manager, I was able to end the program before it shut down my manager. Weird thing is, I just turned on my computer and it was there... Also, I just experienced a BSOD when I was installing SpyHunter... could be a conflict with SpyBot but who knows.

  • Anonymous:

    I was infected when I was reading an article on Encyclopedia Dramatica. I know I didn't click on any suspicious links or ads. Norton, Spybot Search & Destroy, and Malwarebytes didn't help. My only option was to try manually delete everything. Antivirus Soft doesn't run anymore, but Internet Explorer did open on its own and open a pornography page. I'd like to think I'm in the clear because no further websites have opened in the last 45 minutes, but I remain skeptical.

    Does anybody know anything about the people behind this rogue program?

  • Sean:

    Wow. this has been a fun time. Thanks for posting all this very useful info

  • Ikhide:

    GREAT POST!!! Saved my LIFE!!!

  • John:

    Like Denise when I was infected by Antivirus Soft. I spent $49.95 to purchase the removal software. Everything looked above board and it unlocked my machine. It was not long afterwards that I discovered that I had been taken for a sucker.

  • John:

    I can relate to all of you that have gotten this bug. It's the third time that I've got one of these bogus antivirus programs. I just got this one last night while surfing MSNBC's website. I couldn't believe it! Someone please post something about how these things are able to get around running legit antivirus programs and my firewall and if there's anything you can do to prevent them? In the past I've manually deleted the registry files that were the cause. This time I rebooted the computer in safe mode (tapping the F8 key while it's booting up) and did a system restore to yesterday. It worked! Can't they "follow the money" and track down those responsible?

  • Suzanne:

    I, too, spent $70 to purchase "Virus Soft" since it was the only option to getting signed onto my computer and didn't realize the scam until my computer finally crashed with a blue screen message that the windows/system32/config/system file is missing or corrupt. Now, I'm afraid they have my credit card #, too.

  • Name:

    who created this? How do we find these a**holes?

  • John Bernabeo:

    Vipe ver 3.1.2848 from Sunbelt software did not pick this up. Had to get a malware program to remove it.

  • Al:

    I just recently removed AntiVirus Soft myself. It is nasty. I had NORTON 360 installed and it DID NOT protect me from that malware. I had to download a bunch of antimalware, antispyware programs to try and get rid of it, but even those programs wouldn't do the trick. I had to do a system restore in order to get rid of that virus. My computer is working normally now. As fast as it used to be. Please be careful.

  • Peter:

    The "antivirus soft" slipped past my subscribed edition of Avast while I was surfing the net. I rebooted my machine in safe mode, and ran Spybot Search and Destroy. Then I chose a Restore Point from last week and rebooted. Actually, I think doing just the restore point in safe mode would have done the trick.

  • dave:

    System restore has not completely solved my problem. The pop up now is "it has recovered from a serious problem and do i want to send an error report". Of course sending does no good and the pop up persists. I am running Malwarebytes now and then I will try to run several others. Wish me luck.

  • Fred A:

    I am VERY curious why none of the popular antivirus programs (like Norton or ESET) have failed to update their signature files to block the entry of rogueware like this "Antivirus Soft," "Security Alert 2010," or any of the other similar malware threats. There have to be SOME files like trojans or worms that can be detected and filtered out. And the "real-time" malware protection from LavaSoft's Ad-Aware is like a comatose watchdog; totally ineffective.

  • antivirus soft is a scam:

    so, how do we get rid of it if the computer is locked? i can not access the net, i can not scan with other antiviruses. the only option i have is to purchase this scam.

    thank you for any help provided.

  • Mike:

    If you are having trouble getting on the internet to download a new AV because of this program use firefox. If you have firefox already installed on your computer it will allow you access the internet the fake AV doesnt block it. I ended up removing it randomly I got to say it was a real bitch I havnt downloaded anything or been on any suspicous websites as much as I hate it i got to admit its really advanced. That being said I want AV securities like Norton to get off their asses and fix this.

  • baseball2748:

    Hi everyone,

    The past few days have been particularly frustrating because this antivirus soft malware has forced me to spend more time removing this malware than doing my work.

    I cannot run any anti-spyware spoftware, since the malware automatically closes it.
    I cannot run windows task manager, since the malware automatically closes it.
    I cannot run windows restore, since the malware automatically closes it.

    Now, I ask you all to assist me in removing this malware once and for all.

    Please help.

    🙂

  • Zexx_Xion:

    I managed to get this virus from via facebook, of all places.
    It killed AVG and didn't allow me to add any new anti virus software.
    I threw my computer back 2 weeks using system restore, and now have added Microsoft Essentials and Avast in hopes for a stronger security wall, but still 1 out of 5 I'd give this virus a good 4.5, its a rather tricky one to deal with.

    To quickly explain, this virus will lock up most anti virus programs and is only detected when the anti-virus programs are subject to attack.
    It also closes most Admin Management Programs.

  • Frustrated:

    I somehow got this on my home PC yesterday. I am one of those very careful individuals who doesn't d/l anything I don't feel confident about. The day this avsoft appeared all I had done was surf some motorcycle and car forums. From what I've read here this can be transmitted via site banners.

    I managed to get rid of this headache with a trusted anti spyware program I've used for a long time. However, now my IE will not connect to the Internet. I also have Firefox, which will not connect either. I can still d/l email, so I know my connection is good. I will tackle this problem later today when I get home.

    What a royal pain. Although I have Avast! AV running it somehow got past that and my Windows XP firewall. I cannot believe that these criminals can't be traced via the money trail they're leaving and be prosecuted, thrown in jail and hung. I'll be glad to put the noose around their necks.

  • Rick:

    As for those asking about the charges. I bought the software too. I called my Credit Card company a couple of days later and they are going to stop the payment. I worry about the ID theft issues too. Any one out there have any information about that?

    Is there a site to get more information on these types of Hoaxes?

  • Rick:

    Also, is there a way to find out what day and how this virus got into my PC?

  • Justin:

    I just got this pos virus the other day. It was pissing me off until i noticed that it takes a while to start up after you start your computer. All you have to do is quickly go to run and type msconfig right as your computer boots up. From there, disable the startup program associated with the antivirus soft thing. For me, it was a bunch of random letters, so look for something like that. That will stop it from booting with your computer, problem solved. To make sure it will never start up again, go back to msconfig, find the startup program for it, find the file directory of the .exe file, go to the file, and delete it. Simple fix.

  • Justin:

    Also, to fix the IE problem after you fix the virus, all you have to do is restore IE default settings. Just go to your control pannel, then internet options. Find the reset button, under the advanced tab, and reset it. It will get rid of your addons and homepage and such, but it makes IE work again.

  • Martian:

    Why can't the law enforcement people find and jail these people? The credit cards are going to a bank somewhere obviously.

  • britt:

    you know what, i thought about it and i dont know if it could be done... but i think that somebody should create a fake visa or master card number and like make it a hack to mess up this persons computer or they should use that card number to track the person. but i think that its more than one person.