Thursday, August 26, 2010

How to remove AVDefender 2011 (Uninstall Instructions)

AVDefender 2011 is a fake anti-virus program that masquerades as a legitimate security product. It pretends to scan your computer and then claim to find infected files. The rogue program attempts to convince you that your computer is infected with all sorts of malicious software. Then it prompts to pay for a full version of the program to remove the infections and make the security warnings disappear. AVDefender 2011 2.1 is a scam. Don't pay for it. If you have already purchased this fake program then you should contact your credit card company as soon as possible and dispute the charges. And, of course, you should remove AVDefender 2011 from your computer because it gives a false sense of security. Thankfully, this malware can be removed for free using legitimate anti-malware programs. Please follow AVDefender 2011 removal instructions below.




(Thanks to rogueamp for making this video)

As a typical rogue anti-virus program, AV Defender 2011 is promoted through the use of fake online scanners and Trojans. Some people say that this rogue program came up like from nowhere and that they didn't ask for it to be installed. In such case, it could be that your computer was already infected with a Trojan virus and you obviously didn't know that. Trojan virus then downloaded the rogue program onto your computer without your knowledge or permission. Malware authors also use various misleading social engineering tactics in order to distribute their fake security products. AVDefender 2011 doesn't have uninstall options and it blocks other legitimate programs on your computer. It disables Task Manager and other system utilities. Furthermore, it displays fake security alerts claiming that harmful and risky programs were detected on your computer.
Windows Security Alert
Application NOTEPAD.EXE has crashed because of Conficker.Worm.Virus

AVDefender 2011
Harmful and risky software is detected!
Strongly recommended to register AVDefender 2011 to remove these threats immediately.
Google Security Warning!
Warning
We have discovered a vulnerability related to Microsoft software that could allow a virus or other malicious program to harm your system or personal files or to steal personal information stored on your computer.


It hijacks Internet Explorer and redirects users to fake pay pages, for example av-downloadcenter.com.



If you find that your computer is infected with AV Defender 2011 please uninstall it upon detection. You can remove AVDefender2011 files manually. But most of the time, rogue programs come bundled with other malware, Trojans and rootkits, so it would be a lot better if you ran a quick system scan with update anti-malware software. Please follow AVDefender 2011 removal instructions below. Finally, if you have any questions or useful tips that could help other users to remove this virus, please don't hesitate and leave a comment. Good luck and be safe online!


AVDefender 2011 removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


AVDefender 2011 removal instructions using HijackThis (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entry(ies) in the scan results:
F2 - REG:system.ini: Shell=C:\Documents and Settings\UserName\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

3. Download at least one anti-malware program from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


AVDefender 2011 associated files and registry values:

Files:

For Windows XP users:
  • C:\Documents and Settings\UserName\Application Data\AVDefender2011\
  • C:\Documents and Settings\UserName\Application Data\AVDefender2011\AVDefender2011.ini
  • C:\Documents and Settings\UserName\Application Data\AVDefender2011\history.dat
  • C:\Documents and Settings\UserName\Application Data\AVDefender2011\result.dat
  • C:\Documents and Settings\UserName\Application Data\AVDefender2011\vlc.dat
  • C:\Documents and Settings\UserName\Application Data\[RANDOM CHARACTERS]\
  • C:\Documents and Settings\UserName\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
  • C:\Documents and Settings\UserName\Application Data\[RANDOM CHARACTERS]\sk.lst
  • C:\Documents and Settings\UserName\Start Menu\AVDefender2011\
  • C:\Documents and Settings\UserName\Start Menu\AVDefender2011\AVDefender2011.lnk
For Windows Vista and Windows 7 users:
  • C:\Users\UserName\AppData\Roaming\AVDefender2011\
  • C:\Users\UserName\AppData\Roaming\AVDefender2011\AVDefender2011.ini
  • C:\Users\UserName\AppData\Roaming\AVDefender2011\history.dat
  • C:\Users\UserName\AppData\Roaming\AVDefender2011\result.dat
  • C:\Users\UserName\AppData\Roaming\AVDefender2011\vlc.dat
  • C:\Users\UserName\AppData\Roaming\[RANDOM CHARACTERS]\
  • C:\Users\UserName\AppData\Roaming\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
  • C:\Users\UserName\AppData\Roaming\[RANDOM CHARACTERS]\sk.lst
  • C:\Users\UserName\Start Menu\AVDefender2011\
  • C:\Users\UserName\Start Menu\AVDefender2011\AVDefender2011.lnk
Registry values:
  • HKEY_CURRENT_USER\Software\AVDefender 2011
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe"
Share this information with other people:

No comments:

Post a Comment