AntiVirus System 2011 relies on social engineering in order to install itself onto victim's computer. It is mainly promoted via Trojans, fake online scanners and infected websites. The rogue may come bundled with other malware as well. When AntiVirus System 2011 is running, it will display many fake security warnings saying that malicious software may damage your computer and compromise your privacy. It will display legitimate looking windows security center pop-ups and notifications from Windows task bar.
As you may expect, AntiVirus System 2011 can not be removed as legitimate software through add/remove programs. If you attempt to remove it this way, you will get an error message saying that you do not have permission to remove AntiVirus System 2011. What is more, this fake anti-virus will block other programs on your computer. It may state that particular program is infected and has been closed because it can lead to permanent data loss and etc. By the way, AntiVirus System 2011 can not delete your pictures, documents and other files. It's a fake scanner, not a virus. Don't worry about that. Last, but not least, AntiVirus System 2011 will hijack Internet Explorer and redirect to its purchase page e.g. antivirussystem2011tech.com or entirely unrelated websites which in fact may be infected with other malware.
As you can see, AntiVirus System 2011 is a fake program that uses misleading methods to deceive users into paying for the fake removal of malware. If you have already purchased this rogue program, please contact your credit card company and state that the program is a scam and that you would like to dispute the charge. To remove AntiVirus System 2011, please follow the steps in the guide below. Questions and helpful comments are welcome. Don't forget to inform your friends and colleagues about AntiVirus System 2011. Good luck and be safe online!
AntiVirus System 2011 removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
AntiVirus System 2011 removal instructions using HijackThis or Process Explorer (in Normal mode):
1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for such entry in the scan results:
O4 - HKCU\..\Run: [Security Manager] C:\Documents and Settings\[User Name]\Application Data\AntiVirus System 2011\securitymanager.exe
O4 - HKCU\..\Run: [AntiVirus System 2011] "C:\Documents and Settings\[User Name]\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe" /STARTUP
O4 - HKCU\..\Run: [3jdfrl34hdrmd] C:\Documents and Settings\[User Name]\Desktop\AntiVirus_System_2011\AntiVirus System 2011\securityhelper.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
OR you may download Process Explorer and end AntiVirus System 2011 processes:
- AntiVirus_System_2011.exe
- securitymanager.exe
- securityhelper.exe
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
AntiVirus System 2011 associated files and registry values:
Files:
In Windows XP:
- C:\Documents and Settings\[UserName]\Application Data\AntiVirus System 2011\
- C:\Documents and Settings\[UserName]\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe
- C:\Documents and Settings\[UserName]\Application Data\AntiVirus System 2011\securitymanager.exe
- C:\Documents and Settings\[UserName]\Application Data\AntiVirus System 2011\securityhelper.exe
- C:\Users\[UserName]\AppData\Roaming\AntiVirus System 2011\
- C:\Users\[UserName]\AppData\Roaming\AntiVirus System 2011\AntiVirus_System_2011.exe
- C:\Users\[UserName]\AppData\Roaming\AntiVirus System 2011\securitymanager.exe
- C:\Users\[UserName]\AppData\Roaming\AntiVirus System 2011\securityhelper.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus System 2011
- HKEY_CURRENT_USER\Software\AntiVirus System 2011
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "3jdfrl34hdrmd"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Manager"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntiVirus System 2011"
No comments:
Post a Comment