Advanced Virus Remover - How to remove

Advanced Virus Remover

Advanced Virus Remover is a fake anti-virus program, which uses malicious tactics to spread and make a profit. This parasite typically enters the system by using trojans like Zlob and Vundo, but has also been known to come bundled with all kinds of freeware. Upon entering, it will try it’s best to scare the user into purchasing it’s “full version”.

Advanced Virus Remover is not called “scareware” for nothing: this bastard of a program unleashes a flood of popups upon the user, supposedly to inform him of an infection present on the system. Advanced Virus Remover supports this claim with fake system scans, which identify benign files, created by the program itself, as threats. The point of such tactics is to trick the user into thinking he is infected and therefore in need of an anti-virus program. Not just any anti-virus program, of course. As if all of that doesn’t suck enough, having Advanced Virus Remover on the system will result in a significant drop in overall efficiency.

Advanced Virus Remover is a scam and should be treated as such: do NOT download or buy it and block its homepage (advancedvirusremover.com) using your HOSTS file.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Manual removal

65 responses to “Advanced Virus Remover

  1. I have this on my computer and now I have to use my laptop to do research on it. I can’t use my computer to surf the internet it doesn’t work. What should I do? It has infected my McAfee so it doesn’t detect it. And I can’t use that computer to get on the internet and download a new virus remover. McAfee want;s $89.95 to even take a look at it.

  2. Mcaffee is pretty much average remover, even not too good. The paid support costs around the same for Norton too.
    I would try using spyware remover. Try scanning with Spyware Doctor scanner. If it detect your strain of parasites, it is only 29$. There are some semi-free removers as well, like Malwarebytes Anti-Malware (www.malwarebytes.org) though it does not provide real time protection in free version and I have better experience with Spyware Doctor scans myself.

  3. lots of people recommending spyware doctor, but “advanced virus remover” doesn’t let it install!!!

  4. Can someone please help me? Somehow, I attempted to download a new toolbar, and what pops up constantly is an ADVANCE VIRUS REMOVER telling me my computer is infected. How do I remove the ADVANCE VIRUS REMOVER?

  5. This virus is ugly. I’ve seen a number of other variations, but this one takes it to a new level. Trying to boot in safe mode results in a blue screen. Ctrl+Alt+Del has been disabled, Internet connectivity is compromised and it won’t let you install programs even from a CD. I’ve had success using Spyware Doctor before, but the person who is infected now removed it on their own and now I can’t even re-install… Ugly situation.

  6. About internet connectivity, my sister had this and right when I started looking at it, the internet access went out. It did let me install Malwarebytes’ Anti-Malware and hijackthis from a flash drive. After running Malwarebytes, I ran hijackthis and found a problem with winsock2 settings. The hijackthis log reader here: http://hijackthis.de/ recommended LSP-Fix here: http://www.cexx.org/lspfix.htm – this fixed internet access right away, try it.

  7. Hi,

    I was wondering if I have an infected PC that is not letting me run any of the anti virus programs on it, is it safe to move that hard drive to a good pc with virus protection and try to scan it on the good pc?

    On the other PC I’m using Avira antivirus.

    Thanks,

    Randy

  8. Randy:
    only partly. there are ways virus might be executed (autorun type of files). Also, it will not clean registries, so some parasites might remain. And do not forget to update your Avira!. Also, have you checked our Spyware Doctor build? It might not be affected by advanced virus remover.

  9. this malware cannot be removed by quick heal. it doesnt let me open any of the system processes….

  10. Well i think i was on to something. I ran msconfig stopted all the services and start up programs. then i created a new admin acount. Deleted the file in the c:/programfiles/advancedvirusdetection folder. The new admin acount could use the task manager. Sence i disabled all the start ups and services i could not access usb or the net. But the new account could access task manager. Im still fighting with this thing. I then enabled all services and start ups accept for the AdvanceVirusRemover prosess. After i enabled all other processes it spread to the new user account. Maybe this info can help.

  11. @Thomas
    Thomas, I just found out I have Advanced Virus Remover, too. I downloaded Spyware Doctor and Malwarebyte’s Anti-Malware,
    Please let me know how you fare as I plan on trying this tomorrow…

    Thanks!
    Rob

  12. Run the following command in RUn window and restart the computer. You can connect to internet
    Start -> Run -> CMD and hit Enter Key
    NETSH WINSOCK RESET
    and hit enter then reboot the computer.

  13. This virus is the most annoying thing i have come across in my computer BY FAR.
    I had security scan virus, numerous other trojans, and other spywares.
    I have been able to remove it or at least stop the problems it causes.
    I cannot do anything with this virus so far.
    Doesnt let me use Task Manager
    Isnt in 1 of the program and files thing
    Cant open my google chrome
    Cant find it with Mcafee

    i need serious help =[

  14. I made some headway. Started in safe mode and could run cmd and reggedit
    deleted files and registry. No pop ups but still figuring out how to get
    task manager back. Got Internet back thanks for the command. It worked

  15. I downloaded this into my computer and now it isnt there. So now how do i fix my computer and get rid of it?

  16. Spyware doctor is trying to get an update files before running on the machine but fails. All the other websites I tried work fine. Is the virus doing this?

  17. Probably. Try checking your hosts file and proxy settings, or re-download spyware doctor from alternal location (its a bit different build).

  18. easiest way to get rid of it…

    1st see if you can access your regedit.. (go to start menu -> Run)
    type regedit.exe
    under current user/software/microsoft/windows/current version/policies/system there might be a key that says disable taskmanager, DELETE THIS KEY!.. then do what it says above, end the 2 processes, go to your program files folder and DELETE antispywareremover folder… it will have that PAVRM or w/e file in it… get rid of the reg entries stated above… If then you are getting an error in your browser, do a system restore… This method requires you not to have to download any useless software.. i’ve used this method and both my PC and laptop work PERFECT… actually on the laptop the browser runs faster.

  19. Avast home edition is free and does a good job on this thing. Let it do a scan before windows loads and the virus is in memory.

  20. do as Otakucho said
    start
    run
    regedit
    find …”pavrm”

    get a virus list online for more files to delete…
    use start search to find other rvirus files…

    ps
    if anyone knows where this is coming from or who created it
    post it..:)

    domino

  21. Somehow Advanced Virus Remover was installed on my laptop. I have a basic knowledge of how to get into the guts of the program files and did what I could. Ran it in safemode and deleted programfiles/advancedvirusremover and the PAVRM file. When trying to shut down its processes, found a roadblock. Internet connectivity problems did not let me install any other killers… Soybot and McAfee (both of which I had beforehand) are infected. AVR disabled system restore capabilities and task manager. This is the absolute WORST I have ever come across. Any ideas?

  22. I had what I think was a milder version of this crud, and it loaded and launched when I was on the site and trying to renew my at-sea towing insurance. I hadn’t been on the site in a while, but it didn’t look quite right. I was looking for renew button and hovered over an ad with the mouse cursor when adobe acrobat launched by all by itself. I shut Adobe down, and that’s when everything went haywire and I started getting virus messages.

    A legitimate looking window (dead ringer for McAfee) said I needed to reboot, so I did, and when I did, I got the pops both at the bottom task bar (click here to protect your computer from spyware) and the regular popups (The “TrojanSPM/LX” thing). I thought the task bar bubble was legit, but it kept launching the site. I was doing a McAfee scan when the bogus site launched all by itself, so that’s when I knew I was had, so I pulled the LAN cable on the PC.

    The MacAfee scan said I was clean, and that’s when I started getting really concerned. Like I said, I think I had a milder version, as the ‘run” command & regedit, and task manager still worked. My background picture was gone, and my desktop edit under “properties” was hosed. I poked around on the net with the other computer and found you guys. I ended up running SpyBot two ore three times, which purged some of the crap and stopped the popups. My desktop was still hosed, so I knew Spybot didn’t get it all. A soft reboot indicated updates at the “turn off computer” button, and when I tried a reboot, the updates didn’t act quite right, so I shut the box off cold with the power button. Another SpyBot scan after the hard boot indicated that some of the nonsense had returned. Apparently I was able to I shut the box down in time, because the pop ups didn’t return.

    After I found you guys on the web, I downloaded Malwarebytes’ Anti-Malware on the other computer and transferred it to the infected box with a thumb drive. I knew that I had a chance when Anti-Malware successfully loaded, launched, and ran. I did a full scan, and it ended up finding 14 other offending objects (see report). When I purged the infections vow Anti-Malware and did the reboot, my desktop picture came back, and my desktop properties worked again. After the reboot, a MacAfee window popped up (yellow warning) advising of a registry change (well duh!!), so I naturally said to let the change occur.

    Out of paranoia, I ran SpyBot and Anti-Malware two more times each, doing a reboot after each time, and everything seems now as clean as a whistle. What’s creepy is that this thing came via a legitimate website, and that really knocked McAfee for a loop. Thanks everyone for the help. I’m crossing my fingers here

    Malwarebytes’ Anti-Malware 1.41
    Database version: 2775
    Windows 5.1.2600 Service Pack 3

    10/4/2009 2:22:53 PM
    VirusRemover Malware Attach-mbam-log-2009-10-04 (14-22-01)

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 235312
    Time elapsed: 1 hour(s), 45 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 6
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0)

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0)

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0)

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\MSINET.oca (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\AVR09.exe (Rogue.AdvancedVirusRemover) -> No action taken.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.

  23. I have this on my computer. Whenever I start my computer up, the Advanced Virus Protection starts to run and then 1 minute later my computer shuts down and restarts. Over and Over. Annoying. Can I fix this?

  24. Bonnie : try starting PC in safe mode ( press F8 during boot up ). Also, try to stop processes during the time computer is up.

  25. Malwarebytes works very well in removing this from my computer.
    But the spyware keeps coming back after a couple of days. Does
    anyone know how to permanently prevent this “Advanced Virus Removal”
    spyware from getting installed? Is it part of a windows service
    pack update? I am on XP SP2.

  26. Malwarebytes free version has no real time protection. Also, it can miss something. That will result in virus reappearing. I would recommend getting an anti-spyware with real time protection or a very good antivirus.
    Second, scan your PC with other antispywares after you remove it with malwarebytes. Each of them have different removal engines, and might detect different parasites.

  27. I have Advanced Virus Remover on my laptop, and it is preventing me from opening regedit, the task manager, cmd, EVEN Malwarebytes when i try to run it. I can’t seem to find a way around this evil program, does anyone know of a way?

  28. hey i have advanced virus remover on my computer too. I would try to remove it manually or download those programs however as soon as i turn my computer on and try to do anything it because extremely slow and doesn’t allow me to do anything. it takes about 2-5 minutes just for me to open up my start menu and when it finally opens a pop-up from Advanced virus remover comes up. the only reason im able to access the internet right now is cause i ahve an old ubuntu boot disk. even with this, however, i can access my c drive or my terminal or anything. any help would be GREATLY appreciated. i have alot of files on my computer i dont want to lose.

  29. this is not easy to get rid of because the people behind it are reading the solutions and updating it to keep it from being removed. malwarebytes no longer works and these assholes have changed all the names in the registry so you can’t find it under advanced virus remover or avs. here is how we got rid of it, if you keep doing a ctl alt delete to bring up task manager, it will stop it for awhile, keep doing it and then finally task manager will open. you’ll see some crazy exe file names which if you stop, restart immediately, those are part of the process, but you will also see dllhost.exe which is a microsoft file that they have modified. if you stop it, it pops right back, so first do a search on your hard drive for dllhos and delete all instances. all but one will delete, which is the one in the windows\system32\dllhost.exe, get it ready to delete and then go to task manager, stop it and quickly click to delete it before it pops back. it may take a couple of tries, but you can do it. now write down the other weird exe file names in task manager and search them out and do the same on your hard drive and registry (google the one’s you aren’t sure of). you will gradually crush this and then you can run your virus cleaner and spyware cleaner and be done with this piece of crap. i was hesitant to write this because they will attempt to override any fixes.
    tom

  30. oh, one more thing, if you can do a system restore, do it to a time before you got this crap, but it would not work with the version i was working on. you can boot into safe mode by hitting f8 when you are rebooting and this may help you access the tools to delete it.

  31. I have this one too on my pc. Ive use malware bytes and deleted the files that are infected. The problem is that I cant access my internet and my audio is affected

  32. ish : There might be settings messed up in your explorer (proxy settings or add-ons) /hosts file. Though audio corruption might mean that virus messed up with drivers, and that is not a good sign. Reinstall audio drivers.

  33. I got the virus last Thursday, spent all weekend battling it,and finally got rid of it, however my audio is still missing. I’ve reinstalled the drivers a few times now and each time the computer restarts, its back off. Have I maybe missed a virus file or process somewhere?

  34. The virus probably returns after a day or two because your hosts file is edited to redirect your google (and other) searchpage to Poland. Do you notice google doesn’t look quite right? If so edit C:\WINDOWS\system32\drivers\etc\hosts to remove rogue redirection

  35. I have the same problem as ish. I was able to delete the infected files, but I can’t access certain Internet sites, particularly through google, and my audio doesn’t work. How specifically do I fix this?

  36. Good afternoon, I too have this stupid virus on my other computer and remaned of the file before running it on my other computer. Well needless to say that didnt work either. Any suggestions as to what I need to do now?

  37. Just downloaded Spyware Doctor from PCTools.
    Download worked fine, presently computer is working good.
    Only thing so far is Task Manager isn’t working.

  38. Thought I should mention this; I picked up the virus in a link to a Sarah Palin
    article on AOL home page.

  39. I would like to add.. I was initially unable to run things like regedit and taskmanager. I ended up masking taskmgr and email it over gmail from another machine, downloading it to the desktop, then using ‘run as’ and ran it as a different admin user than the current user. This let me get in and kill the processes. Once those were killed I was able to begin the work of cleaning the reg, etc. This is quite a bear. My son got it ‘trying to watch a movie’ he says. Good luck out there.

  40. My other computer has this virus. Some websites say delete the key “disable taks manager” and delete a process in the processes tab with all #’s or something that has a suspicious name. Should i trust this?

    P.S. After you get this nuisance off your computer, it would be best to check the internet browser settings and make sure that the home startup page isnt set to thier home page (advancedvirusremover.com). Simply stumbling into the website will re-screw your computer.

  41. well i was able to finally remove this thing off of my computer, but now I dont have any sound….

  42. Saw this junk on the screen this morning. Asked my husband where it came from and he, too, clicked on the Sarah Palin website on aol. Gonna try all the suggestions, but I’m no computer whiz.

  43. Okay, I’ve been having some serious issues here. I’ve heard several people mentioning pulling up regedit.exe. I tried running it, says it’s “infected” same with CMD, which it pulled the window up for a few milliseconds and then shut down saying “infected”. I don’t have any money to spare to buy any programs. We have mcafee via our internet provider. I tried using that and it doesn’t kill it either. And now I think it’s killed my search thing as well while I was trying to search for the infections.

  44. Hi. I followed some of these instructions and after about a week I thought I had it removed. Now it’s back and I’m not able to even boot into safe mode (reboots after I select safe mode) this is terrible. Any thoughts?

  45. Tom : typically, there are couple trojans coming with parasites like this. Thus even after manual removal it is critical to scan with couple good antispywares and see if you got everything out. Most of them provide scan feature for free.

  46. I have Norton Antivirsu on my pc. It got rid of the trojans but today I got infected by Advance virose Removal. I was wondering if I can download another spyware with norton ?? are they compatible ? or will it make my computer go crazy ?

  47. i have this same virus and have managed to remove most of it by using superantispyware, malwarebytes and avg + i also realised the virus didnt actually mess with my audio drivers but it just muted the volume so try checking this finally i would be gratefull if someone could tell me how the **** to get back on the net! ive been trying for days.

  48. my boss’ laptop got infected with this crazy advancedvirusremover, and the malwarebytes couldn’t get rid of it. I really think that the guys behind this spyware have upgraded their program.
    I’ve figured out how to open regedit and task manager. No matter what, the virus is just a machine, coding, robot.. anything. we are supposed to be faster. So, when windows initialize first time after restarting, before the virus runs, click Ctrl+Alt+Del 2 or 3 times. It will bring up the Task Manager. Not done! You have to right away click start-run-type Regedit.exe, and enter. It will run the regedit before the virus notices. The reason to open Task manager in the first place is to distract the virus to ‘eliminate’ it first before it even noticing that we’re opening the regedit (but, be fast!). Once the Regedit is opened, set the DisableTaskManager to 0. Then you can right away open the Task Manager again. Once you do it, check the processes. There will be some odd applications. I figured out that the process is ‘updatewin86.exe’ and when you end it, you can delete the AVR10 file in the System32.
    However, though I’ve got rid of it manually, I haven’t figured out the name of the application which allows it to resurrect again after we restart or turn off (dank it!). The programmers use so many different names, and it’s difficult to find it. The best way to eliminate it is by reformating windows.
    Hope this information helps. It took me +- 6 hours to get all of this information

  49. I have the same problem, what used to take about 2 minutes now takes 30 minutes to an hour to visit 1 web page, we cant really afford any virus removal programs so we’re stuck with free versions. I’m trying to figure out how to find and remove trojans, viruses, and other things like that manually, but can’t get it. Got any advice?

  50. Oh, and the audio is muted to, I try to change that and my security preferences but it says “The file is infected and cannot be opened”

  51. Finally got rid of the virus!

    The information above on how to remove the virus helped a lot. Task manager and regedit was disabled. What worked for me was to go to the start menu, run, and tried to open regedit.exe multiple times. Finally it let me open one, and from there I searched for taskmgr and set the default value to 0. Now how do I get rid of the traces?

  52. @cynda
    cynda- great advise. I had spy ware that acted like wanted mw to pay to download a virus remover. I could not connect to the internet or run any programs. I called Microsoft pc safty (866-727-2338) They knew all about it. Online support is FREE, but it did take 45 minutes. My computer is running better than ever. Microsfort sent me free anti spyware to install. Thanks
    0

Leave a Reply

Your email address will not be published. Required fields are marked *