AntiVira AV Adware Removal Instructions

[Christian Mairoll 237]

The Emsisoft malware research team has discovered a new outbreak of the AntiVira AV adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntiViraAV.

AntiVira AV is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

• %UserProfile%Local SettingsTemp%random%%random%.exe

Create/modify registry entries:

• HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload
  RunInvalidSignatures: 0×00000001
  CheckExeSignatures: “no”

• HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter
  Enabled: 0×00000000
  EnabledV8: 0×00000000

• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings
  ProxyOverride: “<local>”
  ProxyEnable: 0×00000001
  ProxyServer: “http=127.0.0.1:18810″

• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations
  LowRiskFileTypes: “.exe”

• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments
  SaveZoneInformation: 0×00000001

• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
  %random%: “%UserProfile%Local SettingsTemp%random%%random%.exe”

• HKEY_CURRENT_USERSoftware%random%
  knkd: 0×00000001
  id: “78.17″

Screenshots:

How to remove the infection of AntiVira AV (Adware.Win32.AntiViraAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Related Posts:

• Antivirus Scan Adware Removal Instructions
• Antivirus Action Adware Removal Instructions
• Disk OK Adware Removal Instructions
• Windows Optimization & Security Adware Removal Instructions
• Fast Disk Adware Removal Instructions

View the full article