How to remove Antivir

Friday, November 27th, 2009 at 4:17 am
Home » Rogue Antispyware » Antivir

Antivir description

Don‘t mistake Antivir for a real virus remover. The program is advertised using fraudulent „online scanners“ that invite downloading Antivir as it was a legitimate anti-virus tool. The real purpose of Antivir is milking money from gullible users. The malware is also installed by trojans when people visit one of the fraudulent websites. Antivir hijacks web browser and bugs users with enormous amounts of pop-ups.

Antivir

Antivir offers full computer protection by loading fabricated security alerts. The pop-ups invite purchasing full version of Antivir for deleting spyware and viruses. None of the problems reported by this fraud is real and the full version is a hoax as well. Don‘t trust notifications displayed by Antivir and don‘t pay for this program.

Antivir is a Rogue Antispyware software

How to manually remove Antivir

To remove Antivir spyware you must block Antivir sites, stop and remove processes, unregister DLL files, search and delete all other Antivir files and registry utility. Follow the Antivir detection and removal instructions below.

The most typical software removal method is to remove Antivir by using "Add or Remove Programs" service. However there may be hidden Antivir files, running processes and registries in your computer, so Antivir may recreate all other files after reboot.

Antivir manual removal instructions

Block Antivir sites:
browsersecurityaddon.com
prowebantimalware.com
top-rate-scan8.com
computer24protection.com
antivrusfreescan07.com Read more how to block Antivir sites

Stop and remove Antivir processes:
antivir.exe Read more how to kill Antivir processes

Locate and delete Antivir registry entries:
HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinNT-EVI 25.11.2009" Read more how to delete Antivir registry entries
Download RegistryBooster 2010 to scan errors caused by Antivir

Search and unregister Antivir DLL libraries:
UpdateCheck.dll Read more how to unregister Antivir DLL files

Detect and delete other Antivir files:
c:\Documents and Settings\All Users\Start Menu\AV
c:\Documents and Settings\All Users\Start Menu\AV\Antivir.lnk
c:\Documents and Settings\All Users\Start Menu\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk
c:\Program Files\AV
c:\Program Files\AV\antivir.exe
c:\Program Files\Common Files\Uninstall
c:\Program Files\Common Files\Uninstall\AV
c:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk
c:\WINDOWS\system32\UpdateCheck.dll

We strongly recommend you to use spyware remover to track Antivir and automaticaly remove Antivir processes, registries and files as well as other spyware threats.

Download does not start? Try a mirror download here

Tags:

27 Responses to

Antivir

  1. kevin frey
    November 27th, 2009 at 6:44 am

    i am a complete novice i do not understand how to get antivir off my computer its telling me i cant go on safe sites i cant do anythin i usually do!!!

    Reply

    Luciana Reply:
    November 27th, 2009 at 7:08 am

    If you find the manual removal too complicated, download some anti-spyware and let it do the job. The websites are blocked by Antivir, this problem will disappear once you delete this malware.

    Reply

  2. Binnaccle
    December 1st, 2009 at 6:33 am

    Last night I subscribed to Spyware Doctor, for $29.95 , and have a receipt.
    I am still being bombarded with “Antivir” popups !!!!

    HELP !!!!! Please

    Reply

    Luciana Reply:
    December 1st, 2009 at 6:52 am

    Make sure your anti-spyware is updated. Run a scan and remove everything it finds.

    Reply

  3. jennifer.
    December 3rd, 2009 at 4:49 pm

    ive done almost all the manuel removal steps, but when i tried to delete the registry key files it had one file that couldnt be deleted. then when i tried to unregister the dll files it said it wasnt a valid file. please help!!!

    Reply

    Jacob Reply:
    December 20th, 2009 at 1:19 pm

    Try going to task manager and close it in processes then try to delete files thats what i did

    Reply

  4. bec
    December 4th, 2009 at 7:45 pm

    My web browser was caught by AntiVir yesterday and I found it SOO irritating. I then followed your manual steps and now AntiVir is nowhere to be found! I can’t thank you enough for your removal tutorial!!! (:

    Reply

  5. Melissa
    December 5th, 2009 at 9:36 pm

    This Antivir program just downloaded itself onto my computer when I never even clicked on it! I tried to stop it from installing but to no avail. I deleted everything I could that was associated with it, but now everytime I go onto my usual websites, even my own homepage, it keeps blocking me! I don’t know what to do to get rid of these annoying website blockings!!!

    Reply

    Luciana Reply:
    December 7th, 2009 at 12:13 am

    If you deleted every thing related to Antivir, there’s probably another infection ruining your computer. We could help you with the manual removal if we knew the name of the infection. For now, I recommend running anti-spyware.

    Reply

  6. katy Bee
    January 14th, 2010 at 8:51 am

    Thanks so much, I deleted and uninstaled AntiVi and theres no more popups! I Installed AVG and its taking the rest of the viruses off my PC. Thanks!

    Reply

  7. Lee
    February 19th, 2010 at 4:39 pm

    if you have difficulty removing updatecheck.dll you need to first unregister it. This is the process to unregister the .dll file for windows xp

    Goto your taskmanager and go to processes. Highlight the process called “antivir.exe” (or “av.exe”) and hit the button “end process”. Exit the task manager.

    1.) close all applications and open windows that you may have open (so copy these directions or print them out because you can not have this open either.)
    2.) select start -> run
    3.) Type “CMD”. then hit “OK”. ( a black window will appear)
    4.) type “cd C:\” and hit enter(or your local hard drive letter name, typically C)
    5.) then type “cd windows” and hit enter
    6.) then tpye “cd system32″ and hit enter
    7.) now type “regsvr32 /u updatecheck.dll” and hit enter
    8.) a windows error message may appaer… its ok just hit OK
    9) now try to delete the updatecheck.dll file and it should work…

    Reply

  8. Tanner
    July 13th, 2010 at 12:12 am

    Antivir has downloaded itself onto my computer and has blocked everything including the internet. I am writing this from another computer because of this. How the heck do I get rid of this thing, if i can’t get onto the internet to download the removal tool?

    Reply

    Jimbo Reply:
    July 14th, 2010 at 4:56 am

    Download on the other computer and transport it via thumb drive or CD to infected PC. The removal tool is approx 36mb in size.

    Reply

  9. Tyler
    July 13th, 2010 at 11:37 am

    I tried to find the process through Task Manager, but it was not listed. Right now I am just running antivirus and hoping for the best… =(

    Reply

  10. Kari Lynn
    July 14th, 2010 at 8:46 am

    I’ve uploaded the virus software you’ve recommended. I’ve updated it as it asked. My computer is telling me that TASK MANAGER has been disabled and I cannot get to my processes as I know how too to stop the antivir.exe process. It looks like the antivirus software cant get past this darn virus.

    Any other option you can offer?

    Reply

  11. PC Dunce
    July 14th, 2010 at 11:01 am

    I know this may read like I’m the dumbest in the world; but the sites are KNOWN:

    browsersecurityaddon.com
    prowebantimalware.com
    top-rate-scan8.com
    computer24protection.com
    antivrusfreescan07.com

    The sites are ON physical servers located SOMEWHERE physically? So I guess writting and distributing virus software is NOT illegal? or just to small-fry for any police agency to pay attention?

    Reply

  12. anne-sophie
    July 23rd, 2010 at 1:39 pm

    antivir has infected my PC and even internet explorer, i can’t manage to download the program you are suggesting because of that and I can’t find the files you said to delete

    please help me

    Reply

  13. Tiago
    July 29th, 2010 at 4:55 am

    Hello guys, i have tried everything but is not working… basically antivir is blocking the install of new programs, the opening of new folders, even task manager he does not allow me to open it i have tried to install iexplorer and most spyware programs but antivir does not even let me open them. Does anyone else have a solution to it. Please it woul be much appreciated.

    Reply

    BmC Reply:
    August 6th, 2010 at 8:00 am

    This is what I did:

    Reboot your computer, and as soon as your desktop is displayed, hit ctrl + alt + del. That will normally load task manager BEFORE the antivir is fully loaded, and it won’t close it down. You then need to find the process and end it. Mine wasn’t called antivir.exe like it says here, it was a heap of random letters starting with ID I think.

    Reply

  14. DMoney
    August 2nd, 2010 at 11:34 am

    1) Open Windows Explorer – Either by right-clicking on the START menu and selecting ‘Browse’ or from a desktop icon if the infection allows you to.
    2) Navigate to C:Windows\sytem32\taskmgr.exe. Right-click and copy this file to your clipboard. Paste it on to your desktop.
    3) Rename the file ‘iexplore.exe’ and double-click it. Task Manager should open.
    4) search-probably manually- for a file that ends in the characters ‘tssd.exe’ (i.e. 1234567tssd.exe). The first seven characters are gibberish, but it always ends in ‘tssd.exe’. KILL IT! This will give you control of your pc back…
    5) In Internet Explorer, go to Tools>Internet Options>Connections Tab>LAN Settings button.
    6) You will see that the virus has checked the proxy server box at the bottom left. Uncheck ALL proxy settings boxes. Then, check the ‘Automatically Detect Settings” checkbox at the top left. OK out of the dialog series and this will give you back web access.
    7) Now you can go about updating virus defs and scanning your machine and cleaning reg entries, etc.

    Reply

    Jodi Reply:
    August 3rd, 2010 at 9:37 pm

    Thank you! This was the post that helped me FINALLY have my husband’s computer back! Good grief this malware is a pain. Thanks again for all your helpful information!!

    Reply

    Jazz Reply:
    February 14th, 2011 at 1:35 pm

    Thanks a lot for your help! I followed all your steps and they worked for me. But finding the correct file in the task manager consumed most of my time. In my case it was “yrbussjsika.exe”. Just an input for those who are still working on this problem.

    Reply

    stuart Reply:
    February 16th, 2011 at 7:53 pm

    Dmoney you are a champion….had got rid of everything but the proxy server settings change it had made……once I did that I can browse

    Reply

  15. Gulfwave
    August 3rd, 2010 at 2:20 pm

    Thanks so much to DMONEY’s comments above so I can now work to get this junk off.
    God bless & thanks to all.

    Reply

  16. StorminNorman
    August 4th, 2010 at 5:48 pm

    DMoney, you rock. Thanks for your post, you’re helping a lot of people.

    Reply

  17. mnp1962
    August 5th, 2010 at 8:10 am

    I could not open any programs at all. Started up in safe mode with command prompt and did a system restore by typing in rstrui.exe
    This allowed me to run in in safe mode. It worked as I have now rebooted and everyting seems fine. Will now download some splyware programs etc and make sure it is all gone

    Martin

    Reply

  18. Bridget
    August 11th, 2010 at 8:03 pm

    I was finally able to delete by restarting, doing alt/ctrl/del at the very beginning of startup, and ending the file from within Task Manager that ended in tssd.exe –This ended the pop-ups temporarily so that I could proceed to finally run my REAL anti-virus software (the virus had previously stopped access to all programs including the Internet, and also would cause all browsers to crash within 30 seconds of opening.)

    Five days later, the virus is back again, calling itself by a new name (System Secure? I have already deleted it so I can’t remember exactly) and with a slightly different icon (greenish instead of blue)– This time the file in Task Manager was droarmush.exe

    I’m upgrading my antivirus software (webroot) so that it will detect viruses and not just spyware/adware… hopefully that will keep it gone for good.

    Reply

Leave a Reply

Download does not start? Try a mirror download here
«
»