Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, January 5, 2011

How to Remove AntiVirus System 2011 (Uninstall Guide)

Tell your friends:
AntiVirus System 2011 is a rogue security program that performs a fake system scan and reports non-existent malware and viruses on your computer. It launches pop-up windows with fake or simulated detection of viruses, e.g. Trojans, worms and other malicious software. It may report up to 500 infected files on your computer. In other words, AntiVirus System 2011 provides no security and generates misleading security alerts to make you think that your computer in infected with some sort of malware. As a typical scareware, it will prompt you to pay for a full version of the program to remove the infections and to protect your computer against new threats. Do not fall victim to this scam. If you have accidentally ended up with this rogue security program then please follow the removal instructions below to remove AntiVirus System 2011 and related malware for free using legitimate anti-malware software.



AntiVirus System 2011 relies on social engineering in order to install itself onto victim's computer. It is mainly promoted via Trojans, fake online scanners and infected websites. The rogue may come bundled with other malware as well. When AntiVirus System 2011 is running, it will display many fake security warnings saying that malicious software may damage your computer and compromise your privacy. It will display legitimate looking windows security center pop-ups and notifications from Windows task bar.





As you may expect, AntiVirus System 2011 can not be removed as legitimate software through add/remove programs. If you attempt to remove it this way, you will get an error message saying that you do not have permission to remove AntiVirus System 2011. What is more, this fake anti-virus will block other programs on your computer. It may state that particular program is infected and has been closed because it can lead to permanent data loss and etc. By the way, AntiVirus System 2011 can not delete your pictures, documents and other files. It's a fake scanner, not a virus. Don't worry about that. Last, but not least, AntiVirus System 2011 will hijack Internet Explorer and redirect to its purchase page e.g. antivirussystem2011tech.com or entirely unrelated websites which in fact may be infected with other malware.



As you can see, AntiVirus System 2011 is a fake program that uses misleading methods to deceive users into paying for the fake removal of malware. If you have already purchased this rogue program, please contact your credit card company and state that the program is a scam and that you would like to dispute the charge. To remove AntiVirus System 2011, please follow the steps in the guide below. Questions and helpful comments are welcome. Don't forget to inform your friends and colleagues about AntiVirus System 2011. Good luck and be safe online!


AntiVirus System 2011 removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


AntiVirus System 2011 removal instructions using HijackThis or Process Explorer (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entry in the scan results:
O4 - HKCU\..\Run: [Security Manager] C:\Documents and Settings\[User Name]\Application Data\AntiVirus System 2011\securitymanager.exe
O4 - HKCU\..\Run: [AntiVirus System 2011] "C:\Documents and Settings\[User Name]\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe" /STARTUP
O4 - HKCU\..\Run: [3jdfrl34hdrmd] C:\Documents and Settings\[User Name]\Desktop\AntiVirus_System_2011\AntiVirus System 2011\securityhelper.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

OR you may download Process Explorer and end AntiVirus System 2011 processes:
  • AntiVirus_System_2011.exe
  • securitymanager.exe
  • securityhelper.exe
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


AntiVirus System 2011 associated files and registry values:

Files:

In Windows XP:
  • C:\Documents and Settings\[UserName]\Application Data\AntiVirus System 2011\
  • C:\Documents and Settings\[UserName]\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe
  • C:\Documents and Settings\[UserName]\Application Data\AntiVirus System 2011\securitymanager.exe
  • C:\Documents and Settings\[UserName]\Application Data\AntiVirus System 2011\securityhelper.exe
In Windows Vista/7:
  • C:\Users\[UserName]\AppData\Roaming\AntiVirus System 2011\
  • C:\Users\[UserName]\AppData\Roaming\AntiVirus System 2011\AntiVirus_System_2011.exe
  • C:\Users\[UserName]\AppData\Roaming\AntiVirus System 2011\securitymanager.exe
  • C:\Users\[UserName]\AppData\Roaming\AntiVirus System 2011\securityhelper.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus System 2011
  • HKEY_CURRENT_USER\Software\AntiVirus System 2011
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "3jdfrl34hdrmd"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Manager"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntiVirus System 2011"
Share this information with other people:

0 comments: