Antivirus Soft

Antivirus Soft Description

Antivirus Soft is a rogue security application from the same family as Antivirus Live, which typically enters user's systems with the help of Trojans. On execution Antivirus Soft will display fake scan reports, pop-ups and security alerts in an attempt to convince a user that his/her PC is infected. The user will also be informed that the only solution is to purchase the "full version" of Antivirus Soft. Antivirus Soft is not a legitimate security application and users should never waste their money on this useless application.

The family of Antivirus Soft, the FakeSpyPro family, has various members that include Spyware Protect 2009, Antivirus System Pro, Security Central, Antivirus Suite, AntiSpyware Soft, Antivir Solution Pro, Security Suite, Malware Destructor 2011, Antivirus Action, Antivirus Scan, PC Security 2011, Antivirus .NET, AntiVira Av, AntiMalware GO, Antivirus Monitor, Antivirus Monitor, Antivirii 2011.

Aliases: Mal/FakeAV-DS [Sophos], Artemis!7B97251D240B [McAfee-GW-Edition], Gen.Variant [Ikarus], Gen:Variant.Tdss.17 [BitDefender], Gen.Variant!IK [a-squared], FraudTool.Win32.AVSoft (v) [Sunbelt], Heur:Trojan/FakeAV, MULDROP.Trojan [DrWeb], Troj/FakeAV-AYX [Sophos], Trojan.Win32.FraudPack.anzq [Kaspersky], Cryptic.Z [AVG], TROJ_FAKEAV.EAO [TrendMicro], Trojan/FraudPack.anem, Trojan.DL.Win32.Undef.rtd and Trojan.FraudPack.anem [McAfee-GW-Edition].

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Antivirus Soft infects a computer.

Antivirus Soft Video

File System Details

Antivirus Soft creates the following file(s):
# File Name Size MD5 Detection Count
1 %LOCALAPPDATA%\pdaxpq\cvxbsysguard.exe 252,672 752752577e37bbe0ef084239c421a7eb 78
2 cahbsftav.exe 279,296 36845769a683b35463f04f2fd6f0adc1 0
3 ksrjsftav.exe 279,296 ff02e4fcfe7308cbcc18879bf69cdd3c 0
4 mitbsftav.exe 279,296 4608b77197ec564c58b9b289196452aa 0
5 hwbcsftav.exe 279,296 f5b55e4991cd3903c60e9c6f9c032197 0
6 qhrgsftav.exe 278,784 16c68f0acc9a2b616510e3d0d9233edf 0
7 phicsftav.exe 258,304 225ce318b9d2d44df2733898188b14fe 0
8 kcxksftav.exe 258,304 445778edb9ed08b2b652d7bf7e082af7 0
9 ycxbsftav.exe 278,784 afd00da8a54fd5e2ab46a550d60dee21 0
10 ehqrsftav.exe 269,056 481fb1264737637ce6ccdfe44946bf49 0
11 eeissftav.exe 269,056 1f3c9ec2bae49a2186b4ca8e7eb28c33 0
12 enfwsftav.exe 258,304 f35a3da8911bb19abe59a001ffb72c89 0
13 tljwsftav.exe 278,784 a9bbd607ac2937c1fb9579fce4310e33 0
14 yymusftav.exe 279,296 dd4f505d73a3935c9d51bf0a0d9f20eb 0
15 yjhksftav.exe 279,296 1ddb1062dfc1c5e6bafd8fa6d2935da3 0
16 owawsftav.exe 269,056 f6d7296ad34a8d3f39be7d0f9a6ebe5c 0
17 hyxbsftav.exe 269,056 7400d6d489e23bf2a7c4e12e112b4b02 0
18 spsesftav.exe 269,056 0c92b8e085bb1a65c54f4a9aaea9d627 0
19 dcirsftav.exe 269,056 411949b7d6d1a86be730ff96cb636f26 0
20 lhbusftav.exe 269,056 09034ec28ebd8c4de09eb324621b2117 0
21 fnxbsftav.exe 318,208 64eb6d23136719a2347bc03ea834c19a 0
22 pbtmsftav.exe 269,568 7c47805c7ef01c6d5bd2ad52ed898567 0
23 igkesftav.exe 269,568 e86bea76fb0399609128e89498e55af7 0
24 pdrlsftav.exe 278,272 b0ea7817c0b689ff01a3cc0f3e29393a 0
25 cihqsftav.exe 269,568 6e93eacb2f4fc90ba8d2accab9059b75 0
26 yjiusftav.exe 269,568 1417f98ce016a6741fe3fd316ccd8549 0
27 txdgkogtssd.exe 339,200 b2876913008118bf3f2fb398998f0311 0
28 kcarspk.exe 328,792 7b97251d240be7196be6cecfc9aabcea 0
More files

More Details on Antivirus Soft

The following messages associated with Antivirus Soft were found:
Antivirus Software Alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Threat: Win32/Nuqel.E

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

38 Comments

  • bayview:

    my virus file was cigmsftav.exe. I had to restart and get task manager going before it started up. Once taskmanager was running, I was able to delete that file and stop the popups. I still have to edit the registry (little unsure of that one)

  • Veeppilo:

    Antivirus Soft took out my computer even when I had Norton Antivirus installed.

    Norton no help at all and wanted $160 to eliminate the Antivirus Soft.

    Long story short, I canceled my subscription to Norton and did a system restore on my computer (on the extreme side, I know). Good thing all my data was backed up. Not a trace of that pesky Antivirus Soft.

    Now I have to decide which non-Norton antivirus software to purchase.

  • Dean :

    I use sytem mechanic with antivirus and its been the best product that i have ever used but it didnt stop the antivirus soft. Kicker was I never clicked anything it just popped up on the screen while i was reading a web page. I never click buttons on these rogue antivirus scams i just turn off my computr and restart but that didnt work. So i looked up the antivirus soft virus on live search and found an article directing me to Enigma and I had to start my computer in safe mold with internet access to get to the site and download SpyHunter3. antivirus soft sucks and even though the problem is fixed on my computer it has been detected and moved 3 times since i got spyhunter so that just goes to show how many other people are getting hit with this bug!

  • steve falzon:

    Hi, just removing this for a friend, pretty nasty. Another reg key that may have been modified is
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “yes″

    it will have been changed to

    “CheckExeSignatures” = “no″

    Not sure if the malware does this but it has been changed on the system I'm fixing.

  • Valerie:

    Can someone please tell me how to get rid of this Antivirus soft. I can't get ro anything executable including my registry keys or task manager

  • John Hall:

    Like Veeppilo above, I too have Norton Antivirus installed and fully up to date but somehow the virus got through, either from my on line bank web site (unlikely) or my web mail browser which I use occassionally. Once infected, and in between all the annoying pop ups, I ran a full system scan using Norton and nothing was found - the PC was reported as clean!! The only way I could resolve the problem was to reboot the PC from a recovery disk and run a full system restore from my latest backup. All running ok now.

  • K Davis:

    Thanks for the tips. I just used all of this information to fix my girlfriend's PC. Deleted all of the questionable registry files listed and things are running fine now.

  • Jerry:

    I have windows vista and was logged on as admin when got infected with this soft virus. doesn't let me do anything as admin but i can logon as guest or other user name with no problem. can it still infect these other users? not very good with computers so would prefer something i just click to fix the problem. please help

  • Travis:

    Avast didn't pick it up either and for a second there i actually thought that it was avast telling me this. thank goodness i found out how to close it or else i wouldn't be able to even find the fix for the damn thing.

  • Dixie:

    Too late for me...I paid 70 bucks to BUY antivirus soft...after a gazillion popups, I could NOT access the internet, except for the site to buy this. Do I have any recourse?? Can I recoup the money? Man I am ticked

  • Mel:

    I got it from the icanhascheeze site. Probably a banner :/

  • Charlie :

    Add hnppsftav.exe to the list of culprits.

  • Denise:

    I blew the $49.99 to get it to even let me get to my files, it totally locked up the computer, once I blew the bucks I was able to remove it.

  • SysAdmin:

    Wonderfully helpful post!
    Machine had Eset Nod32 2.7 antivirus, and did not prevent this infection.
    It blocked taskmanger, file deletion (rundll32), regedit, and even safe mode!
    After a reboot I got to regedit before it started, and removed the entries listed above.
    Many Thanks!

  • Liem:

    I had Avast Free Edition and it didn't detect anything until it was too late. Same situation with SpyBot Search & Destroy, all too late. After about 10 minutes of repeatedly opening the task manager, I was able to end the program before it shut down my manager. Weird thing is, I just turned on my computer and it was there... Also, I just experienced a BSOD when I was installing SpyHunter... could be a conflict with SpyBot but who knows.

  • Anonymous:

    I was infected when I was reading an article on Encyclopedia Dramatica. I know I didn't click on any suspicious links or ads. Norton, Spybot Search & Destroy, and Malwarebytes didn't help. My only option was to try manually delete everything. Antivirus Soft doesn't run anymore, but Internet Explorer did open on its own and open a pornography page. I'd like to think I'm in the clear because no further websites have opened in the last 45 minutes, but I remain skeptical.

    Does anybody know anything about the people behind this rogue program?

  • Sean:

    Wow. this has been a fun time. Thanks for posting all this very useful info

  • Ikhide:

    GREAT POST!!! Saved my LIFE!!!

  • John:

    Like Denise when I was infected by Antivirus Soft. I spent $49.95 to purchase the removal software. Everything looked above board and it unlocked my machine. It was not long afterwards that I discovered that I had been taken for a sucker.

  • John:

    I can relate to all of you that have gotten this bug. It's the third time that I've got one of these bogus antivirus programs. I just got this one last night while surfing MSNBC's website. I couldn't believe it! Someone please post something about how these things are able to get around running legit antivirus programs and my firewall and if there's anything you can do to prevent them? In the past I've manually deleted the registry files that were the cause. This time I rebooted the computer in safe mode (tapping the F8 key while it's booting up) and did a system restore to yesterday. It worked! Can't they "follow the money" and track down those responsible?

  • Suzanne:

    I, too, spent $70 to purchase "Virus Soft" since it was the only option to getting signed onto my computer and didn't realize the scam until my computer finally crashed with a blue screen message that the windows/system32/config/system file is missing or corrupt. Now, I'm afraid they have my credit card #, too.

  • Name:

    who created this? How do we find these a**holes?

  • John Bernabeo:

    Vipe ver 3.1.2848 from Sunbelt software did not pick this up. Had to get a malware program to remove it.

  • Al:

    I just recently removed AntiVirus Soft myself. It is nasty. I had NORTON 360 installed and it DID NOT protect me from that malware. I had to download a bunch of antimalware, antispyware programs to try and get rid of it, but even those programs wouldn't do the trick. I had to do a system restore in order to get rid of that virus. My computer is working normally now. As fast as it used to be. Please be careful.

  • Peter:

    The "antivirus soft" slipped past my subscribed edition of Avast while I was surfing the net. I rebooted my machine in safe mode, and ran Spybot Search and Destroy. Then I chose a Restore Point from last week and rebooted. Actually, I think doing just the restore point in safe mode would have done the trick.

  • dave:

    System restore has not completely solved my problem. The pop up now is "it has recovered from a serious problem and do i want to send an error report". Of course sending does no good and the pop up persists. I am running Malwarebytes now and then I will try to run several others. Wish me luck.

  • Fred A:

    I am VERY curious why none of the popular antivirus programs (like Norton or ESET) have failed to update their signature files to block the entry of rogueware like this "Antivirus Soft," "Security Alert 2010," or any of the other similar malware threats. There have to be SOME files like trojans or worms that can be detected and filtered out. And the "real-time" malware protection from LavaSoft's Ad-Aware is like a comatose watchdog; totally ineffective.

  • antivirus soft is a scam:

    so, how do we get rid of it if the computer is locked? i can not access the net, i can not scan with other antiviruses. the only option i have is to purchase this scam.

    thank you for any help provided.

  • Mike:

    If you are having trouble getting on the internet to download a new AV because of this program use firefox. If you have firefox already installed on your computer it will allow you access the internet the fake AV doesnt block it. I ended up removing it randomly I got to say it was a real bitch I havnt downloaded anything or been on any suspicous websites as much as I hate it i got to admit its really advanced. That being said I want AV securities like Norton to get off their asses and fix this.

  • baseball2748:

    Hi everyone,

    The past few days have been particularly frustrating because this antivirus soft malware has forced me to spend more time removing this malware than doing my work.

    I cannot run any anti-spyware spoftware, since the malware automatically closes it.
    I cannot run windows task manager, since the malware automatically closes it.
    I cannot run windows restore, since the malware automatically closes it.

    Now, I ask you all to assist me in removing this malware once and for all.

    Please help.

    🙂

  • Zexx_Xion:

    I managed to get this virus from via facebook, of all places.
    It killed AVG and didn't allow me to add any new anti virus software.
    I threw my computer back 2 weeks using system restore, and now have added Microsoft Essentials and Avast in hopes for a stronger security wall, but still 1 out of 5 I'd give this virus a good 4.5, its a rather tricky one to deal with.

    To quickly explain, this virus will lock up most anti virus programs and is only detected when the anti-virus programs are subject to attack.
    It also closes most Admin Management Programs.

  • Frustrated:

    I somehow got this on my home PC yesterday. I am one of those very careful individuals who doesn't d/l anything I don't feel confident about. The day this avsoft appeared all I had done was surf some motorcycle and car forums. From what I've read here this can be transmitted via site banners.

    I managed to get rid of this headache with a trusted anti spyware program I've used for a long time. However, now my IE will not connect to the Internet. I also have Firefox, which will not connect either. I can still d/l email, so I know my connection is good. I will tackle this problem later today when I get home.

    What a royal pain. Although I have Avast! AV running it somehow got past that and my Windows XP firewall. I cannot believe that these criminals can't be traced via the money trail they're leaving and be prosecuted, thrown in jail and hung. I'll be glad to put the noose around their necks.

  • Rick:

    As for those asking about the charges. I bought the software too. I called my Credit Card company a couple of days later and they are going to stop the payment. I worry about the ID theft issues too. Any one out there have any information about that?

    Is there a site to get more information on these types of Hoaxes?

  • Rick:

    Also, is there a way to find out what day and how this virus got into my PC?

  • Justin:

    I just got this pos virus the other day. It was pissing me off until i noticed that it takes a while to start up after you start your computer. All you have to do is quickly go to run and type msconfig right as your computer boots up. From there, disable the startup program associated with the antivirus soft thing. For me, it was a bunch of random letters, so look for something like that. That will stop it from booting with your computer, problem solved. To make sure it will never start up again, go back to msconfig, find the startup program for it, find the file directory of the .exe file, go to the file, and delete it. Simple fix.

  • Justin:

    Also, to fix the IE problem after you fix the virus, all you have to do is restore IE default settings. Just go to your control pannel, then internet options. Find the reset button, under the advanced tab, and reset it. It will get rid of your addons and homepage and such, but it makes IE work again.

  • Martian:

    Why can't the law enforcement people find and jail these people? The credit cards are going to a bank somewhere obviously.

  • britt:

    you know what, i thought about it and i dont know if it could be done... but i think that somebody should create a fake visa or master card number and like make it a hack to mess up this persons computer or they should use that card number to track the person. but i think that its more than one person.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.