How to remove AntiVirGear ?

September 14th, 2007

What is AntiVirGear?

AntiVirGear is a rogue anti-spyware parasite that has reached the Internet on September 13, 2007. Multiple infections followed, as AntiVirGear spreads through browser security holes and/or uses trojans to infiltrate unsuspecting systems.

Once inside, AntiVirGear starts to generate multiple fake security notifications, which, after the user clicks on them, start the "trial" AntiVirGear version that runs a system scan. This scan is completely counterfeit, as its reports display numerous false and exaggerated errors. This is done with the intention to scare the user to the point when he/she is ready to purchase the "full" AntiVirGear version, which is as useless as the trial one.

AntiVirGear is hosted on www[dot]antivirgear[dot]com, which was created on the 14th August 2007. That is exactly a month prior to the infections, which clearly shows the intent of its creators. Be sure to block their website with your HOSTS file to avoid accidental infection.

AntiVirGear is Extremely dangerous

AntiVirGear is a corrupt Anti-Spyware program

AntiVirGear may spread via Trojans

AntiVirGear may display fake security messages

AntiVirGear may install additional spyware to your computer

AntiVirGear may repair its files, spread or update by itself

AntiVirGear violates your privacy and compromises your security

for AntiVirGear
removal

Manual AntiVirGear removal

Important Note: Although it is possible to manually remove AntiVirGear, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using automatic spyware removal applications found on 2-viruses.com.

Remove these AntiVirGear processes:

AntiVirGear 3.7.exe

Remove these AntiVirGear DLL files:

msvcp71.dll
msvcr71.dll

Remove these AntiVirGear Registry files:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AntiVirGear 3.7" = "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe" /h"
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirGear 3.7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVirGear 3.7.exe 3.7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirGear 3.7
HKEY_CLASSES_ROOT\Interface\{418985AE-4FE4-448D-83EE-238C887D8FC2}
HKEY_CLASSES_ROOT\Interface\{5F251303-F8C4-44C3-A7C2-9E8A93C59322}
HKEY_CLASSES_ROOT\Interface\{61840430-C7CF-43A0-9D49-3B3ED563FED1}
HKEY_CLASSES_ROOT\Interface\{64A8E3CA-AE17-4EB0-8C67-47D1103A5B6F}
HKEY_CLASSES_ROOT\Interface\{765A8F7D-F57B-4601-A038-3F463A4D3193}
HKEY_CLASSES_ROOT\Interface\{77E616D5-5DB4-4B6A-8BDA-2BE4103A9921}
HKEY_CLASSES_ROOT\Interface\{8742F319-C916-4930-B781-1C148134C05C}
HKEY_CLASSES_ROOT\Interface\{897F5CB6-C1C1-494E-8F17-972784193442}
HKEY_CLASSES_ROOT\Interface\{A2224C72-745E-4046-882F-1A48C9311D77}
HKEY_CLASSES_ROOT\Interface\{AA500EFC-3C92-44C9-B1D6-7A7033343A50}
HKEY_CLASSES_ROOT\Interface\{AB5E9971-7086-4E6E-ADFA-BE9C685BE68B}
HKEY_CLASSES_ROOT\Interface\{AD7CA0BC-693A-4AF9-B31A-60472248F761}
HKEY_CLASSES_ROOT\Interface\{B2882CC2-0077-426B-916D-E0B9EA23A1B5}
HKEY_CLASSES_ROOT\Interface\{EE241504-6F15-49E4-847F-B4D7DA9EA8F9}
HKEY_CLASSES_ROOT\Interface\{F1666E4E-45C8-462A-97FF-BFD5A103BFFA}
HKEY_CLASSES_ROOT\Interface\{FD9A05E8-4A1E-45E6-B3B6-37CE20140278}
HKEY_CLASSES_ROOT\TypeLib\{AF0C5CBA-52E1-4B29-A2DC-58D91D599612}

Remove these AntiVirGear files:

AntiVirGear 3.7.exe
AntiVirGear 3.7 Website.lnk
AntiVirGear 3.7.lnk
Uninstall AntiVirGear 3.7.lnk
AntiVirGear 3.7.url
avrg.dat
blacklist.txt
English.ini
msvcp71.dll
msvcr71.dll
uninst.exe

for AntiVirGear
removal

AntiVirGear is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only AntiVirGear can help you to remove it after you download the trial version. As soon as the victim downloads AntiVirGear trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, AntiVirGear offers to buy the full version to fix these false errors. If the user agrees, AntiVirGear not only does not fix the errors, but it takes the user’s money and may even install additional spyware into the victim’s computer.

Some Rogue Anti-Spyware, such as AntiVirGear, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install AntiVirGear, which is another way for Rogue Anti-Spyware to spread itself.

Most of rogue Anti-Spyware, such as AntiVirGear, is nearly impossible to remove manually.

How to tell if your PC has been infected by a Rogue Anti-Spyware such as AntiVirGear?

Numerous undesirable and annoying pop-ups: A typical Rogue Anti-Spyware parasite keeps track of your internet browsing habits, sending your browsing history data to remote servers, owned by third party companies that use this information to advertise their products via numerous pop-ups, toolbars, hijacked homepages and spam letters. All these undesirable advertising methods are used on the victims of Rogue Anti-Spyware.

Changed or new icons: Sometimes, Rogue Anti-Spyware installs unwanted software to a victim’s PC without user’s knowledge and consent. This may lead to slower PC performance and stability, as well as more unwanted programs you can't remove.

January 2009
M	T	W	T	F	S	S
« Dec
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

How to remove AntiVirGear ?

What is AntiVirGear?

Manual AntiVirGear removal

How to tell if your PC has been infected by a Rogue Anti-Spyware such as AntiVirGear?

Comment on AntiVirGear