How to remove Antivirus 2010?
What is Antivirus 2010?
Antivirus 2010 is a new rogue anti-spyware application, which is a duplicate of Antivirus 2010 Security Centre fake anti-spywares. Antivirus 2010 is directly promoted to be online scanner just like its previous relative applications. When fake online system scanning is done you will be informed about pretended infections, this is an attempt to force you into installation of Antivirus 2010 for removing of these infections. These rogues that show these fake alerts is installed through trojans. Any click on the warning will redirect you into the download page of Antivirus 2010, or even downloading and installation without knowing and permission of user. When Antivirus 2010 is already in your computer it will start every time when Windows starts. That causes multiple infection alerts, and claims that all potential risks will be fixed after download of Antivirus 2010. The scare tactics are used for pushing user into purchasing of totally useless and rogue application.
A couple new versions of Antivirus 2010 started infecting user PC’s in october 2010. These version is more aggressive and might even block legitimate programs from execution and hijack your desktop’s background with alert “Your system is infected!”. After that, some of them even make these programs inaccessible to common users. Typical warning will look like this:
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
This can be restored using program cacls, e.g. by running
cacls “C:\Program Files (x86)\Spyware Doctor\pctsTray.exe” /G Everyone:F
However, one might need to stop Antivirus 2010 processes before relaunching applications, as they might get blocked again.
Special Antivirus 2010 removal instructions
- Download these tools:
- Spyware Doctor
- TDSS Killer from http://support.kaspersky.com/downloads/utils/tdsskiller.zip
- http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe
- http://www.gmer.net/
- http://download.sysinternals.com/Files/Junction.zip
- Malwarebytes
- If you can’t download on infected PC, use USB drive to move them, on burn them on CD on non-infected PC
- Go to C:\Windows\System32. There should be 2 files named userinit.exe. Rename one with shield icon to userinit.bad
- Right-click on your computer icon on desktop, properties, device manager (or start Device manager from menu). Go to System Devices, right-click on “[cmz vmkd] Virtual Bus” and disable it
- Rename C:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll to shsvcs-baddll.dll
- Launch regedit
- Search for key that looks like to HKLM\System\CurrentControlSet\Services\VBMAXXXX, where XXXX are numbers. Right -click on it, Click “Advanced”, Check both “Inherit from parent….” and “Replace permission entries….”. Then change start value from 3 to 4
- Search for HKLM\System\CurrentControlSet\Services\Userinit, replace start value from 3 to 4
- Reboot
- Remove (or save) the files C:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs-baddll.dll, C:\Windows\System32\userinit.bad, c:\Windows\System32\Drivers\VBMAXXXX.sys (where XXXX are random numbers).
- Run Regedit and delete keys edited before reboot.
- Open Device manager. Uninstal “[cmz vmkd] Virtual Bus”
- Extract Junction.zip to C:\ then start->run-> c:\junction.exe -s c:\ >log.txt.
- Open the log.txt and look for files that failed to open. It is normal that user.dmp, pagefile.sys, and some Microsoft.NET framework files fail to open
- Drag the files failed to open to inherit.exe OR USE the command in the main article to reenable their execution
- Run TDSS Killer and gmer to check for rootkit infections
- Do a full scan with updated Spyware Doctor and malwarebytes to see if there are any other infection or unremoved files
You would be less likely to get Antivirus 2010 infection if your PC would have real-time anti-malware and anti-rootkit protection like one provided with full versions of Spyware Doctor and malwarebytes.
Antivirus 2010 is Extremely dangerous
Antivirus 2010 is a corrupt Anti-Spyware program Antivirus 2010 may spread via Trojans Antivirus 2010 may display fake security messages Antivirus 2010 may install additional spyware to your computer Antivirus 2010 may repair its files, spread or update by itself Antivirus 2010 violates your privacy and compromises your security
for Antivirus 2010 detection
Note: Spyware Doctor trial provides detection of parasite like Antivirus 2010 and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
Antivirus 2010 screenshots
Manual Antivirus 2010 removal
Important Note: Although it is possible to manually remove Antivirus 2010, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyware Doctor or other malware and spyware removal applications found on 2-viruses.com.
Stop these Antivirus 2010 processes:
Disable these Antivirus 2010 DLL files::
Remove these Antivirus 2010 Registry Entries:
Remove these Antivirus 2010 files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Antivirus 2010 infected files and get help in Antivirus 2010 removal by using free Spyware Doctor scanner. It comes with free real-time protection module that helps preventing Antivirus 2010 and similar threats.
Antivirus 2010 is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only Antivirus 2010 can help you to remove it after you download the trial version. As soon as the victim downloads Antivirus 2010 trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, Antivirus 2010 offers to buy the full version to fix these false errors. If the user agrees, Antivirus 2010 does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.
Some Rogue Anti-Spyware, such as Antivirus 2010, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install Antivirus 2010, which is another way for Rogue Anti-Spyware to spread itself.
Most of rogue Anti-Spyware, such as Antivirus 2010, is nearly impossible to remove manually.
I tried both the manual way and the Spy Doctor way.
The spy doctor way didn’t work because I would have to by that.
And the manual way didn’t work because when I deleted one of the processes it made my comp restart and the processes started up again.
Riley: Have you checked what viruses Spyware Doctor detects ? If the processes reappear after manual removal it means that you got more infection than this one. So you have to identify trojans that re-download malware.
you also need to clean the hosts file, or as soon as you go online it will reinfect from the website.
I suggest you download winsockxp.exe and use that to reset your file.
I kept getting re-infected until I found that trick.
i download malwarebytes onto my computer but when i try to run it it doesn’t work
also when i try to search or run any Antivirus 2010 programs they don’t come up. is this one of the “perks”(sarcasm) of having it??