Home Malware Programs Rogue Anti-Spyware Programs Antivir

Antivir

Posted: November 30, 2009

Threat Metric

Threat Level: 10/10
Infected PCs: 7
First Seen: December 11, 2009
Last Seen: January 10, 2019
OS(es) Affected: Windows

ScreenshotAntivir (not to be confused with Avira-brand products that share its name) is a fake anti-virus scanner from the same family as GreenAV, Total Security, Earth Antivirus, Eco Antivirus, E-Set Antivirus 2011 and Cyber Protection Center. Although Antivir will create a multitude of taskbar notifications and other pop-up-based alerts, the threat detection features that are advertised in these pop-ups are fraudulent, and Antivir is unable to detect or delete viruses. Since rogue anti-malware programs from Antivir's family have been known to attack security and anti-virus programs, SpywareRemove.com malware researchers recommend that you consider any possibility of infection by Antivir as a high-level threat to your computer's security. If you've purchased Antivir before realizing its true nature, it's recommend that you take action to protect your credit card from other fraudulent transactions that may be attempted in the future.

Don't Fall for Antivir's Brand-Name Disguise

Antivir may use the name of a line of popular anti-virus products, but, unlike real AV applications, Antivir doesn't have any of the security features that Antivir advertises. Rogue AV programs that piggyback off of the Avira brand have been known since at least 2010, and Antivir (along with its offshoot, Antivir 2010) is still being distributed as of 2012. Contact with Antivir may be precipitated by fake online scanners, Zlob Trojans that disguise themselves as updates for media players or drive-by-downloads from associated websites. Antivir's primary symptom is the usage of a range of inaccurate warning messages that are used to make it appear as though multiple types of PC threats are assaulting your computer. Samples of some of Antivir's alerts include the following:

Warning! Active Virus Detected!
Threat Detected: Backdoor.Poison.BQA
Infected file: [Random program file]
Action taken: Application Blocked
Description: This backdoor arrives as attachment to email messages spammed by another malware or malicious user. This is a backdoor component of the Darkmoon RAT (Remote Administration Tool), via this backdoor hackers attempt to control your PC.

Warning! Identity theft attempt detected!
Attacker IP: [Random IP address]
Attack Target: Microsoft Corp. Keys
Description: Remote host tries to get access to your personal information.

Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Warning!
Virtumonde is an adware program that tends to monitor your Internet browsing habits and may display targeted advertisements onto your computer screen. Virtumonde may also create a malicious DLL file in order to log your keystrokes and send the recorded information to a third party website. Virtumonde is an unwanted application and recommended to be removed.

Antivirus software alert
Infiltration alert
Your computer is being attacked by an Internet virus. It could be password-stealing attack, a Trojan-dropper or similar.

Warning! New virus detected!
Threat Detected: Keylogger.iSnake.Pro
Infected File: C:\WINDOWS\system32\asr_ldm.exe

Since these errors are only useful to Antivir's criminal maintainers by allowing them to hawk their non-functional AV program in a semi-convincing manner, you should ignore all of Antivir's fraudulent virus detection pop-ups and avoid following their recommendations. Other problems with your PC are likely to be derived from Antivir itself or a related form of malicious software (such a Trojan or rootkit that installed Antivir in the first place).

Taking Antivir Down a Peg Before It Does the Same to Your Real Anti-virus Software

Besides creating fake alerts as part of its scam to make you buy it, Antivir may also attempt to overwrite the .exe files of your real security programs. PC threats from Antivir's family (identified as Win32/FakeXPA) have been known to attack Avast, AVG, Kaspersky, McAfee and Norton brands of anti-malware software. If any of your programs have succumbed to this attack, the actual program files have been damaged, and SpywareRemove.com malware researchers recommend that you either reinstall the program or install another brand of anti-malware scanner that will not be targeted by Antivir. It should be noted that this attack can only affect files on hard drives with the NTFS format.

Despite these attacks, Antivir can be removed by suitable anti-malware applications, and SpywareRemove.com malware experts discourage any other means of deleting Antivir – particularly Antivir's included uninstall utility, which will avoid removing all components of Antivir. In most cases, if you've given your credit card information to Antivir's company, you should consider canceling the card to avoid future fraudulent transactions, which are common with companies that propagate scamware like Antivir.

ScreenshotScreenshotScreenshotScreenshot

Aliases

Suspicious.Insight [Symantec]Trojan.Win32.Generic.pak!cobra [Sunbelt]Suspicious file [Panda]Packed.Win32.Krap.as [Kaspersky]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



Antivir.exe File name: Antivir.exe
Size: 1.3 MB (1309184 bytes)
MD5: ae4042fb71d8411d6ceef0cadf49f2d9
Detection count: 94
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 11, 2010
Antivir.exe File name: Antivir.exe
Size: 2.19 MB (2195456 bytes)
MD5: 8eefda86a953bdbe9be6245a8a5bdceb
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 1, 2010
Antivir.exe File name: Antivir.exe
Size: 2.23 MB (2236416 bytes)
MD5: 940b50c1556ee76f2b56d9361207d444
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 2, 2010
Antivir.exe File name: Antivir.exe
Size: 2.23 MB (2232320 bytes)
MD5: f8091df4c0d35b7b64daab0d811f0595
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 4, 2010
Antivir.exe File name: Antivir.exe
Size: 1.3 MB (1305088 bytes)
MD5: ffd538a4ffd1ebb58399268953400d84
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 9, 2010
Antivir.exe File name: Antivir.exe
Size: 2.19 MB (2199552 bytes)
MD5: c0a19df83e0b2d09bdb65f1813a66a6a
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 19, 2010
Antivir.exe File name: Antivir.exe
Size: 2.18 MB (2183168 bytes)
MD5: 8eaa4bf87aa56649b20da03e5feda871
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 19, 2010
Antivir.exe File name: Antivir.exe
Size: 2.21 MB (2215936 bytes)
MD5: 05838ec8da13bb58071c1ba23d5ddd63
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 19, 2010
Antivir.exe File name: Antivir.exe
Size: 2.17 MB (2179072 bytes)
MD5: acedb2419f3c796d84ae582b262f6a6e
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 19, 2010
Antivir.exe File name: Antivir.exe
Size: 2.18 MB (2183168 bytes)
MD5: 6586b6c473de76dd52b9c154960d5e71
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 19, 2010
Antivir.exe File name: Antivir.exe
Size: 2.14 MB (2146304 bytes)
MD5: 556acb1dae1c04d4b70015163b758bf8
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 8, 2010
Antivir.exe File name: Antivir.exe
Size: 2.1 MB (2109440 bytes)
MD5: 4970c8387f8ff7a56a89e7fa9a45359d
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 8, 2010
Antivir.exe File name: Antivir.exe
Size: 2.13 MB (2134016 bytes)
MD5: f09e0686478e2e7477901c67f40c79ca
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 8, 2010
Antivir.exe File name: Antivir.exe
Size: 2.12 MB (2129920 bytes)
MD5: 9f0d9297c7b2c7c49c35ca7d8e9073cb
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 8, 2010
Antivir.exe File name: Antivir.exe
Size: 2.11 MB (2117632 bytes)
MD5: f907f81dd1190d5252f866954181f311
Detection count: 22
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 8, 2010
Antivir.exe File name: Antivir.exe
Size: 2.14 MB (2146304 bytes)
MD5: 18089a8610cb68ff49f7a3802d0c2d16
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 8, 2010
Antivir.exe File name: Antivir.exe
Size: 2.11 MB (2113536 bytes)
MD5: e2540660f0185ebf19157ff69d7f2363
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 8, 2010
Antivir.exe File name: Antivir.exe
Size: 1.32 MB (1323520 bytes)
MD5: 022a2a77688752b572ddbafc95c3c8d1
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 9, 2010
Antivir.exe File name: Antivir.exe
Size: 1.31 MB (1310720 bytes)
MD5: cb308ff82fd7b8e383709a0d9cc73b32
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 9, 2010
Antivir.exe File name: Antivir.exe
Size: 1.29 MB (1299968 bytes)
MD5: b6097634b8e83c0859e3a6cb8e77e2be
Detection count: 11
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 9, 2010
Antivir.exe File name: Antivir.exe
Size: 1.31 MB (1312256 bytes)
MD5: 04dfdcf553d22099fbdc0369f42b7845
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 9, 2010

More files

Additional Information

The following directories were created:
%ProgramFiles%\AntivirAV

Related Posts

34 Comments

  • Roxas (My False name for privacy) says:

    This Antivir is bothering me and will not leave my computer i grabbed it and dragged it into the recycling bin and deleted it. And its back and wont let me open things... Its interfering with the computer. Its causing me to take drastic measures of wanting to break the computer. It interupts my computer when im not even coneected. Its Annoying and i want the thing gone!!!
    Please help... i dont understand these steps!

  • karem says:

    HOPE THIS WORK TO ERASE THIS FREAKING SOFTWRE

  • Sim 1 says:

    trying to help my friend remove antivir but i could not find this registry key: HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
    is it possible that they changed the name

  • Ray says:

    Is this the same Antivir that is a recommended copyrighted download on cnet by Avira GmbH ? (Avira AntiVir Personal)

  • john says:

    my computer is infected with platinumantivir icant get any program to work not even task manager i cant get online

  • Barbara Hogan says:

    P;ease remove this horrible thing off my computer

  • gary says:

    Regarding Step 2; only one registry existed. Is it possible that the names have changed?

    Regarding Step 3; I could not unregister UpdateCheck.dll. I got the message "Access Denied"

    Regarding Step 5; I don't understand this list.; i.e. there's only one file called antivir.exe. And I did in fact delete it

  • juan perez says:

    THANK YOU FOR HELPING ME

  • Antivir Hater says:

    I got antivir it was horrible!!!!! I removed it by:
    1. Go to Documents
    2. Press CONTROL F, that to do a search of course
    3. Search "exe", that searches for all the executable files
    4. Manually looking for anything named Antivir
    5. I deleted that file, emptied out the recycling bin
    6. Reboot computer

  • anna says:

    I hope it's gone, thank you.

  • kirti says:

    I WANT TO UNINSTALL ANTIVIR 2010

  • nicolas simpson says:

    HELP ME REMOVE THIS PROGRAM FROM MY COMPUTER

  • Aberra says:

    ANTVIRUS IS FAKE

  • Aberra says:

    my anti virus is fake

  • Dan says:

    I seem to have the Antivir virus but unlike your examples and solutions there is no file or folder actually called 'Antivir' on my computer. Not only that but the normal solution everyone suggests, downloading and installing anti malware software, doesn't work since the virus won't let me run any executables (even command line programs like regedit won't run). Whenever I attempt to I get an error message saying the file is infected and nothing else happens.

    I did find a weird folder with an .exe file that was dated about the same time as the problems started. The folder is 'asyoqklnd' and the file is smxhmfmtssd.exe. I'm assuming those names are just randomly created when the virus infects the computer. When I try to delete them I get a message stating that I don't have permission.

    Any suggestions?

  • jack says:

    i cant get this of my other computer also i keeps bringing up porno websites and viagra website

  • castleboomer says:

    Just Antivir on my daughter's windows 7 computer. It appears to be a newer incarnation which doesn't follow the above pattern to remove. antivir has been named to ryqukxqtssd.exe and is tucked into the users AppData\Local directory. On her system the directory was named lbqffbfqh which is most likely generated. The name appears to be auto generated as well. I was able to identify the exe by clicking on the notification area icons properties screen. This showed the relationship to Antivir and the ryqukxqtssd.exe file. Using a command window I was able to remove the exe. I then tried to find antivir in the registry but nothing then searched for ryqukxqtssd and found entries in five different places then deleted them.

    Castleboomer

  • Joel Van Valin says:

    Using Windows XP version 5.1. I had to deal with the AntiVir malware today and got rid of it, but the manual solution you listed were not useful. The malware in my case was ahcpxoctssd.exe and located in Local Settings\\\\Application Data\\\\bsnxsames. I suspect the malware changes its executable name often.

    Here is a better way to find it:
    Do a search in Windows for all files with \\\".exe\\\" and a modify date that is on or after the date the pop-ups first started appearing. Look at the .exe files found and if one looks fishy, delete it. It may prevent you from deleting it because it is running ... and it also blocks the Task Manager from loading. In that case, do a reboot, and very quickly (beore the process can start) open Task Manager. Delete the file in Explorer. If it can\\\'t be deleted because it is running, end the process in Task Manager and then removed it. Worked fine for me!

  • kate says:

    I performed the scan and I thought it worked great but the next day it returned. I would like to know if there is a website that it is attached to that is causing it to reinfect my machine. Will I have to debug my machine everyday? Is there another scan that I should do to make it more complete?

  • Bill Ashley says:

    My computer is infected with Antivir. The directions you listed for its removal seem to be out of date, none of the directories or files you mention exist on the infected computer except for the Start directory, which has no malware listed in it. The windows task manager operation is blocked (as are all the rest of the programs). About the only thing I can do with my computer is to navigate through the directories. It would seem the Antivir has evolved into a stealthier format. Can your Spyware Removal program remove this new version of Antivir??

  • becky says:

    it seems to have updated itself since this was posted i got infected with it and have been cut off from all programs that can stop the false antivirus processes i can't even run paint let alone a system restore.
    searching the files has proved useless i have even tryed looking for hidden files and zipped files but that turned up nothing. going through my hard drive manualy hasn't turned up anything either.
    besides a forcefull crash to cause data loss i'm not sure what to do.

    if you have any further advice i would verry much like to hear it

    -becky

  • JazziePhazon says:

    Searched for ANTIVIR Antivirus and Antivir and got nothing. SpyHunter says I have threats though. HALP!

  • TLEE says:

    Let me be the first to leave a comment. I found the comments here to be very helpful. I had the exact issue mentioned here on this website. Thank you for helping me to fix it!!!

  • Furo Iyenemi says:

    help remove virus on my computer

  • Maurice says:

    Hello,

    Is ANTIVIR antivirus the same thing as Avira Antivir? I ask because both have the same name "antivir".

    Thanks for the reply.

  • tara warner says:

    plz plz plz HELP me just got a new wireless connect n this happened PLZ HELP ME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  • Wes says:

    I was trying to compare Avast with AVG when I heard of Antivir. The review I read said that Antivir is clearly better than the others.

    I looked further and found that some people think Antivir is malware which uses false scan results, fake security alerts and browser hijacking to scare you into thinking your PC is badly infected with all sorts of malware. You have to pay to fix them, only to find more during your next scan.

    Then I went to Wikipedia and read what Avira says about it. Avira says that in July 2010 "Antivir Solution Pro" was produced by AV Security Suite and has nothing to do with Avira. So its possible that Avira is in the clear. However, just to be safe, I'm going to avoid ANY Antivir.

  • david says:

    i just scanned the whole computer with microsoft security esentialls, did a full scan and nothing came up....HELP

  • Fernando says:

    Many tks for your help

  • EDWIN says:

    I HAD THE SAME PROBLEM....IF YOU HAE ANOTHER ACCOUNT TO LOG ON TO YOUR COMPUTER, LIKE "FAMILY" LOG OUT OF THE INFECTED ACCOUNT INTO ANOTHER ONE, SEARCH MSCONFIG FROM START MENU AND ENTER IT, HIT SELECTIVE START UP THEN HIT THE START UP TAB, LOOK FOR ANY STRANGE EXE. FILES OR PROGRAMS YOU DONT RECOGNIZE AND UNCHECK THEM, RESTART INTO THE ONCE INFECTED ACCOUNT, EVERYTHING SHOULD WORK NOW DO A COMPLETE VIRUS SCAN....ITS REALLY NOT DANGEROUS AS IT SEEMS, JUST AGGRAVATING BECAUSE IT COPIES ITS SELF TO ANY PROGRAM YOU TRY TO OPEN BUT IT IS A VIRUS.....ALSO WHEN YOU ARE IN START UP, WRITE DOWN THE PATH OF THE STRANGE EXE. FILE JUST INCASE IT DOES POP UP AND YOUR AV DOESNT FIND IT, YOU CAN DIRECT IT TO SCAN THAT FILE...HOPE THIS WORKS, IF ANYONE HAS ANY MORE SUGGESTIONS PLEASE NOTE THEM...THANKS

  • Kevin says:

    It worked. Thank you very much. Thanks to the message from EDWIN Says:
    2011-02-18 11:02:14
    I HAD THE SAME PROBLEM....IF YOU HAE ANOTHER ACCOUNT TO LOG ON TO YOUR COMPUTER, LIKE "FAMILY" LOG OUT OF THE INFECTED ACCOUNT INTO ANOTHER ONE, SEARCH MSCONFIG FROM START MENU AND ENTER IT, HIT SELECTIVE START UP THEN HIT THE START UP TAB, LOOK FOR ANY STRANGE EXE. FILES....

    Also, note the path to the .exe file such as C:\users\....AppData\Local\Temp\vyyvv....
    After rebooting, Then use window explore browse to the .exe file such as orwoyvska.exe, then delete it.
    Remember to clean up Window Registry where it config the start of the orwoy.. file
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

  • DocW says:

    This thing wouldn't let me close my account, either with the shutdown button or cntrl-alt-delete. Had to do a hard shutdown. Rebooted in SAFE MODE. Opened MSCONFIG, selective startup, startup & found it. a series of letters.exe in c:\users\(NAME)\appdata\local\temp. Unchecked the box & exited MSCOONFIG without restarting.. Deleted the file, then the folder & all superflous tmp files from around the time I caught this thing. Emptied the recycle bin and THEN rebooted. Seems to have worked. Just look for a wierd .EXE file that doesn't belong.
    BTW I caught the thing on TORSKY.NET, a torrent site, when browsing. Didn't even try to download anything. Not going there anymore.

  • Kevin says:

    please keeping auto clean the Avira Antivir control center keep remove the vires clean off all times

  • \\\\johnb says:

    Any new ideas on how to get rid of this rubbish .The people who produce or recommend should be SHOT at dawn,.Any help will be appreciated

Loading...