Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, December 12, 2011

How to Remove Antivirii 2011 (Uninstall Guide)

Tell your friends:
Antivirii 2011 is a rogue anti-virus program meant to scare you into paying for the bogus program to remove fictitious virus threats. This rogue AV was built using Napalm Rogue Builder which allows you to create custom rogue anti-virus programs in just a few minutes. You can name your rogue anti-virus whatever you want, add custom purchase page, change file names and paths were the rogue AV should be installed. But Antivirii 2011 it's not the fist if its kind. Earlier this year, cyber criminals were distributing another fake antivirus program called Antivirus Clean 2011 which was built using the same commercial rogue av builder. Both rogue AVs report non-existent infections on compromised computers, both share the same characteristics and GUI. Despite this, the malicious code for Antivirii 2011 is still only detected by roughly 20% the anti-virus companies on VirusTotal. Coming across a fake antivirus scam can be scary, this is way, we've got the removal instructions to help to remove Antivirii 2011 and associated malware from your computer. Please follow the steps in the removal guide below.

More about the fake antivirus called Antivirii 2011



The majority of the sites that we found affected by Trojan-downloaders were used to distribute Antivirii 2011, other scareware, and spyware. However, we still believe that this rogue anti-virus won't become a widespread infection. FakeAV programs appear legitimate, they create speech bubbles and genuine looking security alerts to scare you into thinking that your computer is infected. To minimize your chances of being affected by a fake antivirus scam, you should only download and install software from official websites. Once Antivirii 2011 is installed, it will pretend to scan your computer for malicious software, you know spyware, adware, Trojans, keyloggers and similar stuff. It blocks Task Manager and some other Windows tools/utilities. It may block your web browser as well. If you can't use it, reboot your PC in safe mode with networking. Of course, it displays fake warnings that say things like:
Your computer is in danger!
Antivirii 2011 has detected some serious threats to your computer!
These viruses need to be eliminated immedeately ! Please click this icon to remove threats.
Your system is infected!
Your computer is compromised by hackers, adware, malware and worms!
Antivirii 2011 can remove this infection. Please click this icon to remove threats.


This is BS. Antivirii 2011 doesn't even have a registration key. I mean if you buy it, you probably won't get your registration key. So, don't even think about buying this peace of malicious code. However, if you though it was real and bought it, then please contact your credit card immediately and dispute the charges. This is the only way to get your money back.

http://deletemalware.blogspot.com


Antivirii 2011 removal instructions:

1. Download free anti-malware software from the list below and run a full system scan.
If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. Don't run STOPzilla in Safe Mode! That's It!

Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.


Associated Antivirii 2011 files and registry values:

Files:
  • C:\WINDOWS\antivirii.exe.exe
  • C:\WINDOWS\[SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Security"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger"
Share this information with your friends:

6 comments:

Anonymous said...

Just pointing out, it's not in System32 but in Windows.

Admin said...

You are rihgt! Thanks :)

Joris said...

Good article. Thanks for sharing.

Anonymous said...

I did everything you said but it won't allow me to run stopzilla. Is there something I'm doing wrong?

Anonymous said...

I had a different type of malware in my computer it was the Xp Antispyware 2012. I downloaded stopzilla in safe mode and installed it, then soon after restarted my computer. Stopzilla took a while to start downloading again in normal mode but once it was downloaded and installed I robooted the system. The problem has been finally fixed after having been damaged by a fake AntiVirus. Thank you very much your article was very resourceful.

Anonymous said...

um my pc has the Cloud AV 2012 which i had removed why is it still in my pc?