Antivirus Action - How to remove?

 

Antivirus Action is a dangerous computer program, one of rogue anti-spywares that are incapable to remove any kind of virus and seek only to steal computer users’ money.  This scam may look as a useful security application in the beginning but in reality it’s worth nothing. If left inside the system, it will negatively affect your computer, so the one and only solution for you if you are one of its victims is to remove Antivirus Action Lite.

As a rule, Antivirus Action just like earlier created its direct copy Security Suite starts posing to be scanning your system for viruses as soon as it gets there. Mostly, this scam is installed through the use of Trojans that camouflage themselves under the name of fake system scanners or video codecs, required for watching something online. When people click on such alerts, Trojans get inside very easily and additionally download malware which starts its activity as soon as computer reboots. Trying to make you scared about the machine, AntivirusAction starts scanning the system for viruses and then reports hundreds of them detected, for example:

Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

Security Warning
Application cannot be executed. The file notepad.exe is infected. Do you want to activate your antivirus software now.

These “viruses” in reality are fake system files, invented by Antivirus Action just after intrusion. However, there may also be some legitimate your system files reported as well, so never remove these files reported. Additionally, you will be offered to purchase Antivirus Action Standart or Antivirus Action Ultimate. Never do this!

No matter where did you get this scamware from, it’s essential to keep in mind that you must remove Antivirus Action as soon as possible. This program is a typical rogue anti-spyware, so rely only on legitimate anti-spyware and get rid of Antivirus Action.

UPDATE: Detailed instructions on removing Antivirus Action rogue.

1. Reboot, keep tapping F8. Choose Safe mode with networking from menu.
2. if your internet connection is affected, disable proxy server on your PC. choose Tools menu and select Internet Options, Connections, Lan Settings and uncheck the box
3. Download and scan your PC with spyhunter. If you can not execute it, download this version: http://downloads.2-viruses.com/IEXPLORE.exe . Do not forget to run updates BEFORE scan.
4. Delete the files Spyware Doctor finds or programs listed bellow. If you want, you can use full version of Spyware Doctor for that or try other tools : MBAM, hitman pro.
5. Fix the registry keys affected by Antivirus Action
6. Fix permissions of HOSTS File by executing these commands:
cacls “%WinDir%\system32\drivers\etc\hosts” /G everyone:f
attrib -s -h -r “%WinDir%\system32\drivers\etc\hosts”
7. Empty ALL lines from %WinDir%\system32\drivers\etc\hosts file except referencing domain localhost
8. Reboot, rescan with your antivirus software, upgrade it to internet security version. It its highly advisable to have an anti-malware program with real time protection like spyhunter or commercial Malwarebytes to prevent such infections in the further.

if something goes wrong with Antivirus Action removal procedure
a) If you can not download programs, use other PC and move them using USB drive.
b) If you can’t execute programs in safe mode, try stopping Antivirus Action processes using task manager (ctrl+shift+esc). Look for random process names. Also you might try system restore and proceed with steps 6-8 of the guide above. You have to rescan your PC to avoid hidden parasites.
c) Internet does not work after removal or behaves strangely: repeat step 2 in normal mode. Also check this guide: http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
d) If you can’t do anything in safe mode or any other mode (including safe mode with command prompt), you might want to run alternate OS scanners from any of major Internet security manufacturers. Repairing windows install might be an option as well.
e) If you can access uninfected windows account on Windows 7 (possibly Vista ) machine, it is recommended to do full scan from there.

 

Automatic Antivirus Action removal tools

 
  Download Spyhunter for Antivirus Action detectionNote: Spyhunter trial provides detection of parasite like Antivirus Action and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 

Manual Antivirus Action removal

 

Important Note: Although it is possible to manually remove Antivirus Action, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.

Processes:
Files:
Registers:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Antivirus Action infected files and get help in Antivirus Action removal by using Spyhunter scanner. 

 

Antivirus Action screenshots

 
antivirus_action
 
 
 
 
 
 
 
 
 

102 thoughts on “Antivirus Action

  1. K
     

    I tried what you suggested but when I hit F8 nothing happened; it restarted the same as always but then I tried the next steps and it kept on popping up with this program is infected blah blah blah. Any other suggestions? I need to get this off my computer like now!

     
  2. Alex LeRoy
     

    when I encountered this virus, it stopped me from being able to use anything, unless I opened them up quickly. eventually I used a method very similar to this to get rid of the virus, but wasted hours at it. once that program is started it limits you access to everything. I am trying to report the company.

     
  3. Christopher Jones
     

    I ran Virgin security virus Scan It took about 5 hour and I took my computer off line as I did this. When it was done I did a system restore about half way through that I opened task manager found the virus (ncbjtsetsbl.exe) on my computer I found file location and opened it. I then went to the task manager and deleted the virus. After this I ran windows defender and then cleaned my registry and every thing else on my computer. I also did a lot of praying while all this went on but I am now 100% clean I hope this helps you all. Chris

     
    1. Christopher: I recommend rescanning your PC and updating your antivirus and anti-malware tools.

       
  4. Cameo
     

    I went into my registry and could not find any of the files listed. this virus is driving me crazy! it wont go away. i ran malware bytes, i ran macafee i ran superantispyawre. nothing works.

     
    1. Cameo : Antivirus action uses random file names. Try running Spyware Doctor and hitman pro too.

       
  5. Jen
     

    Spyware Doctor is not a free program as suggested by your website. It will scan and ‘find’ Threats or Infections but does not remove them unless you buy the software for $29.99!

     
    1. Jen: Spyware Doctor allows identifying malicious files and other entries for free. You can delete them manually or use different tools. And yes, you can pay for SD and it will both remove and protect your PC in the future. We picked Spyware doctor because it has one of the largest databases in anti-malware field, and it has good record at removing malware.

       
  6. FEONA SMITH
     

    Everything I try to do to remove Antivirus Action wont work

     
    1. FEONA: Have you tried scanning with spyware doctor, hitman pro, tdss killer?

       
  7. Nick Lofthouse
     

    This virus is sending me nuts. Even when I restart in safe mode with networking and uncheck the checkbok labelled use a proxy service for you LAN I still can’t access the internet. I’ve tried installing malwarebytes and similar things from my laptop but while these find and delete the viruses as soon as I restart in normal mode everthing’s the same. I use Microsoft essentials and the automatic updates and real time have been turned off and I can’t turn them back on, probably because I can’t access the internet. Any ideas please anyone?

     
    1. Nick:
      The problem is malwarebytes is not removing everything.
      Run TDSS killer from kaspersky. Then run Spyware Doctor and Hitman Pro.

       
  8. Nick Lofthouse
     

    Thanks for that. Can I downlowad this TDSS Killer and spyware doctor and hitman pro to a usb and install them in safe mode that way as I can’t access the internet.

     
    1. Nick: TDSS Killer should work from usb drive with no problem. Hitman pro and Spyware Doctor should be updated, but you can move their installers using usb disk.

       
  9. Zee
     

    Hi,

    In the normal mode the warning notices just kept on running so I switched to the Safe Mode with networking. I have been looking for a solution and tried to scan with HiJackThis (in the SMwN) but as many sites suggest, there is no file ending with agnz.exe. So leaving it on I ran the Spyware Doctor (also as suggested by various sites) in the same mode. I have 3 threats with application.tracking cookies, trackware.tracking cookies and adware.advertising. All seem to be browser cookie. Should I try to find these and delete them? But where are these?
    Or should I go to the normal mode and run the Spyware Doctor again?
    In the normal mode, nothing was running… not even the taskmanager stayed opened.

    Any help would be much appreciated.

    Thank you.

     
    1. Zee: Have you updated spyware Doctor ? Typically, Spyware Doctor is distributed with old definitions, thus updates are critical. If scan in normal mode reveals nothing, then these are either a new version of Antivirus Action (that is not yet in definitions) or there is a rootkit (that is not in definitions as well). I recommend trying hitman pro in this case, and scanning with SD afterwards (in case there was a rootkit).

       
  10. Zee
     

    Hi,

    I just wanted to give an update of things and also check with admin if this has got rid of the problem (I got my my laptop yesterday so I want to make sure I will be able to keep it safe from now).

    Hit Man Pro 3.5 (30 day trial) seemed to have gotten rid of the Antivirus Action malware for me. [the last thing I tried]
    Spyware Doctor (non trial) figured out the problems but would not allow me to delete them (even after the update).
    Malware-bytes found no threats.
    HiJackThis logs were not helpful.
    TDSS killer found no threats.
    Did all of it in the Safe Mode with Networking.

    This morning my cousin’s computer had the same problem and again I went on the Safe Mode with Networking and got Spyware Doctor, TDSS killer and Hit Man Pro. Ran TDSS killer first, no threats. Then Hit Man Pro and that found the problem files and deleted those. Normal mode was working fine again!

    My school provides Symantec Endpoint (both our laptops had it) for free. Uninstalled that and got Spyware Doctor for 15 days (for checking again for any additional malware/spyware files left). The scanning is still going on so can’t give a result for that yet.
    In addition to that(we have Windows 7), as many websites suggested, fixed the HOST file too (auto-fixed with microsoft’s thing).

    If admin can give an opinion of my steps and if it appears like I have gotten rid of the stuff right now, it would be very kind.

    Thank you very much.

     
  11. Grace
     

    Hi. My problem is that, although I am able to connect to the internet, Antivirus Action prevents me from accessing any pages. I downloaded Spyware Doctor with a usb, and would pay for it, but unfortunately I cannot connect to the internet to register. I tried deleting it from the registry but couldnt find the files mentioned. Using task manager, I was able to find and delete the process that Antivirus Action uses, but I still can’t get onto the internet. Im hopeless. Please help.

     
    1. Grace: I recommend rebooting, pressing F8, choose safe mode with networking. Then press CTRL+SHift+esc (when being logged in into windows as administrator). If antivirus action process starts, stop it. Disable proxy server in browser. Then do scans – you should access internet normally.

       
  12. Grace
     

    thank you so much. i will try that. for now, i just bought a new laptop…

     
  13. Shelly
     

    I have located the files that need to be deleted, but my computer will not delete them. What do I do?

     
    1. Shelly: Rename them and reboot. They will not be launched on their own.

       
  14. Aron
     

    well this is how i deleted antivirus action, just saying this to help anyone who is still having trouble with this malware. I followed the steps above at the very beginning about the internet options and unchecked the box and all that other stuff. I did this all in normal mode, and when i went to go type in a new URL i found that the box had been checked again and had to continue to uncheck the box and refresh the page everytime i wanted the internet to work. I reached this website and read it over. Then i opened the antivirus action (did not run it) and right clicked and opened the properties. I found the location then opened windows task manager and clicked the processes tab and found a process that had the same exe. as the location. I ended that process and the icon on the task bar disappeared and now my computer seems to be running fine it took me a matter of mins to do this. I just hope that im not wrong and that i actually did delete antivirus action and im not posting this too early lol. wish me luck!

     
  15. sean
     

    sucess just follow as above click on internet then download hit man pro 3.5 free .it work its magic in 5 mins!!!!!!!!!!!!!!!!!!! thanks for info!!!!!!!!!

     
  16. Robert Beunder
     

    I want to express my huge gratitude to this website, and particularly this section for helping me out of the mess on my computer caused by this Antivirus Action bullshit. Following the instructions, and running the downloaded Spyware Doctor I really got rid of this. Thank you so much…!

     
  17. langston
     

    SUCCESS!!!!!!FOLLOWED ALL STEPS ABOVE DOWNLOADED HIT MAN 3.5 FOR FREE ALSO WORKED IN A MATTER OF MINUTES….THIS ANTI VIRUS ACTION IS A PAIN…..

     
  18. Lor
     

    I tried to ctl alt delete before windows came up and it wouldnt work. i tired the proxy and it still wont let me get online and then my maleware, spyware and pc registry will not work. please help I just got rid of one of the other virus now i have this please help!! I really cant afford for someone to help me.

     
    1. reboot into safe mode with networking.

       
  19. Lor
     

    Let me know what protection is good for virus, I thought I had virus protection but I think it is only for spyware!!

     
    1. Any antivirus of major antivirus makers are good, though I preffer internet security versions of ESET or Kaspersky.

       
  20. RockyD.
     

    Antivirus Action attack my computer last night and all I did was change my account user and delete the bad account that had Antivirus Action and also scam my computer with window defender and it told me that my computer is fine.

     
    1. Windows defender is quite poor anti-malware. Choose Spyware Doctor, Malwarebytes, hitman pro – all of them offer free scans.

       
  21. Conor
     

    You say to go into safe mode with networking and download an anti-virus program and run it. However, isn’t Windows installer disabled in safe mode? How can you download and run a new program without first installing it?

     
    1. Conor: You can install programs in safe mode with networking. It might depend on programs though, but I had no problems.

       
  22. Conor
     

    You say to go into safe mode with networking and download an anti-virus program and run it. However, isn’t Windows installer disabled in safe mode? How can you download and run a new program without first installing it? Thanks,

     
  23. ross
     

    These instructions work perfectly. I just had this infect my computer this morning… 5 minutes later (I chose to download hitman pro 3.5 from cnet.com) and after I ran the scan, I removed everything that hitman found, I rebooted and it is gone.

    thnx

     
  24. Butch Durochez
     

    My desktop computer was also infected with Antivirus Action. I followed the removal instructions “Safe Mode with Networking” and loaded Spyware Doctor and it seemed to have fixed the problem but when I rebooted my system it took about 10 minutes to reboot with the following errors: 1. nview.dll, 2. nwiz.exe, 3.shadowbar.exe.vir, and 4. BackWeb-137903.exe.vir. I’ve tried to reboot several times with the same results….any suggestions. Computer illiterate!

     
    1. Butch Durochez: Run CCleaner to clean registry or rescan in normal mode. The malware files are gone, but registry is not fully loaded in safe mode, thus Spyware Doctor could not fix that.

       
  25. Charles
     

    Antivirus Action infected my computer yesterday. After playing around in normal mode I right clicked on one of the pop-ups which showed the location of the .exe file. Then I hardstarted my computer in safe mode and deleted the .exe file. Everything is working fine now.

     
  26. Carney
     

    Why is it that whenever I try to open one of these programs you suggested or any other program for that matter, I get the warning message about not being able to execute it? How can I run the program if it won’t even let me open it?

     
    1. Carney: Try running everything in safe mode with networking, or rename programs to iexplorer.exe or mspaint.exe

       
  27. willie
     

    Hi, I had the Antivirus Action virus in my computer for about a month or two and i left it there till now, however, the “scanning for viruses” and warning screens are gone and don’t pop up anymore but now when I use my computer in normal mode I still cant log on to the internet, I can’t even open the full screen of IE nor open up internet options from control panel, and there’s button on the right bottom of my taskbar that keeps telling me to install some windows updates and the button also appears on the start/shut down button and I clicked on it before which I think messed up my windows even more.

     
    1. Wilie: You got trojans, maybe a rootkit that promoted Antivirus Action before. I would try scaniing with anti-malware tools by installing them using USB drivbe.

       
  28. Rodney Taylor
     

    I am listing where I found this Rogue Antivirus lingering in my friend’s computer (IN THE ORIGINAL FILEPATH I FOUND THESE)
    Again, these will NOT be identical filepaths as your computer.
    Hope this helps.
    Make sure when you are searching for these, you are “viewing hidden files”.
    After finding these files, delete them, Run CCleaner’s Registry Cleaner and update/run Malwarebytes: AntiMalware for a complete cleaning.

    C:\Documents and Settings\Matt Roush\Local Settings\Application Data\syssvc.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

    C:\Documents and Settings\Matt Roush\Local Settings\Temp\yvdqpftwm\hilbmsbtsbl.exe

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewdbsjdh

    C:\Documents and Settings\Matt Roush\Local Settings\Temp0591126.exe.vir

    C:\Documents and Settings\Matt Roush\Local Settings\Temp\9.87396431153246E8.exe

    Also, searching for .vir in my C:\ drive pulled up some of the infections.

    Again, I hope this helps.

     
  29. scholt
     

    I rebooted in safe mode, ran Anti Malware but it froze halfways. I tried rebooting again but the screen stays black & nothing happens… tried this rebooting already 10 times, got a bad feeling about this, is there any solution?
    Thanks in advance for any help!

     
    1. Schold : Try safe mode and restart the scan or run system restore. If it does not load, you have 2 options: Alternate OS scanners and hope they will fix messed up registry, or run System Repair from repair CD.

       
  30. Marco
     

    does anyone know if AVG works against this virus ?

     
    1. Marco: Impossible to tell without trying. AVG should remove some versions of it if updated, but not eveything

       
  31. Susan
     

    Hi,
    I am also a victim of the antivirus action virus. I ran the spyware doctor (and paid for it), but I still can’t access the internet. When I boot the computer, I get several boxes:

    “There was a problem starting….\Temp\vfravzb.dll Access denied.”

    All the boxes were for .dll files.
    BTW, I had McAfee on my machine and still got the virus. Is McAfee worth the money then?

    I would appreciate any help to get me back on the internet and protected.
    Thanks,
    The Frustrated!

     
    1. Personally, I uninstalled Mcafee quite fast from my laptop. It is not bad program, but I would not rate it too good. Get internet security version of any of major programs. Also, it is worth to note, that programs, which makers do not focus in malware detection/removal are better against viruses than malware. thus it might be viable to install SD or Malwarebytes full version to protect from malware as well.

       
  32. Susan
     

    Hi,
    Thanks for the advice regarding McAfee and additional protection.

    With regard to the antivirus action virus, I still cannot get on the internet. Does that mean there are remnants of the virus still on my computer? Is that why I get the problems with the .dll files?

    What can I do to get back on the internet?
    Thanks for your suggestions,
    Susan

     
    1. Susan: Go through this walkthrought: http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem .
      These DLL names can be unregistered – they are malicious (no real DLL files launch from TEMP folders).

       
  33. imac
     

    I have Antivirus Action right now as I type now – taking all my time doing this – as popups galor.
    Puter going to be wiped clean, and then start from scratch again, best way to clear it off.

    Do not – repeat do not download their spyware……

     
    1. Imac: If you see popups, your PC is alread compromised : The act to “download” the antivirus action was created to convince users that they got some choice. Most important is not to pay for them.

       
  34. readytogiveupbutcant
     

    my laptop has been having problems for the last 3 to 4 wks shutting down. windows reported error needed to shut down etc…i downloaded
    hitman pro3.5 tonight and it said it found a bunch of things most it deleted and two if needed to reboot to delete. i restarted and now i keep getting taken to a screen thats req me to enter password and user name under OTHER user then i get a msg when i try to log on that “says the specified domain either does not exist or could not be contacted” both when i try starting in safe mode,normal and safe mode with networking. it keeps asking for my user name and password word and will accept nothing. what do i do my life is on here? i have been meaning to get an external hard drive to save everything almost 215gb

     
  35. Waffle
     

    I ran a Spyware Doctor scan in safe mode and it showed me what was wrong… Didn’t do a lot of good without paying. But then I ran Hitman Pro and it cleaned everything up first try. It even fixed a completely different problem. Worked like a charm.

     
  36. quickfix
     

    I have foudn a quick fix to this. If you restart your computer in safe mode you could use a scanner like spydoctor to remove antivirus action and it would be a fix as well but you would have to pay. I on the otherhand found a extremely simple way of getting rid of anitvirus action in a free manner. When not in safe mode you cant run things like task manager or system restore and thats for the spywares protection because running either of those gives you the oppertunity to remove the spyware from you pc. However, if you are in safe mode you can run a system restore no problem. So I simpley ran a system restore to a earlier date because I knew when the spyware got on to my pc; because the night it happened I got all those annoying popups and because I was downloading some songs that night so putting 2 and 2 together i found out how I got it. But after i system restored to a few days prior to when i got it I no longer have any problem. I did download spyhunter because it detects antivirus action and i wanted to make sure. After running a scan with spyhunter it found no trace of antivirus action. However, it did find a bunch of other not so serious spyware. I am planning on purchaseing a anti-spyware program but for any of you that want a quick free fix from the antivirus action sypware just do a system restore in safe mode to an earlier date where you know you werent haveing the problem. Hope i helped some of you it took me about 3 hours to find this soluation.

     
  37. quickfix
     

    In my opinion I dont think that the antivirus action spyware has the ability to infect the back up files that your system is restoreing to because if it did the system restore would have not fixed the problem as with my case with a system restore. Please note that I am not saying that a system restore is a sure way to get rid of viruses and spyware because in most cases it is not. However, depending on how the virus or spyware oporates if it doesnt infect the backup files of your pc restoreing your pc to an earlier date will rid your pc of viruses and spyware because the original files the virus or the spyware was infecting are no longer on your pc. It is impossible to tell what virsuses and spyware dont infect your backup files but in the case of antivirus action im pretty sure a system restore to a date proir to infection will rid you of the spyware because like I said i have scanned my pc after the system restore and it didnt detect antivirus action.

     
    1. In my opinion, Spyware Doctor is better at the moment.
      Do not forget one, most important thing: System restore does not protect from re-infections. I recommend getting some sort of internet security suites (legitimate ones, of couse) and/or antivirus and decent anti-malware with real-time protection.

       
  38. quickfix
     

    I agree with you that it wont protect from reinfections. I am saying if people are having serious trouble getting rid of antivirus action doing a system restore acctaully does work. I just scanned my comp with spydoctor and got the same results as spyhunter. The spyware is no longer on my pc after a system restore. I wrote it down as a solution because its a very simplistic free way to rid your pc of antivirus action. For those who arnt very good with a computer it is a method that will work if you preset the restore to a date prior to infection. Not only that I have been searching for ways to rid my pc of antivirus action and i havent read a thread yet that provides a free simplistic way to do it. For that reason I posted this system restore method. Just trying to help those confused by the other methods posted on the internet.

     
    1. quickfix: I agree – system restore is as valid as any removal process, as long as system restore point is not infected, and system restore is not disabled (both things happen). Though I always recommend to upgrade people anti-malware defenses because you can never be sure if you won’t have system restore option on next re-infection ( or have a latent infection).
      Thank you for your contribution :)

       
  39. quickfix
     

    On another note I have noticed people have been posting a lot of problems about internet explorer not working after the removal of antivirus action. This is probally due to antivirus action corrupting some of the files associated with running internet explorer making it not run. By doing a system restore in safe mode it will rid your computer of anivirus action and you wont have to worry about other files such or programs such as internet explorer being corrupted by the spyware. For those of you still strugglining to rid your pc of antivirus action I do recommened giving my solution a try. Also I would urge those who are trying to purcharse the full version of spyware doctor on the pc thats infected with antivirus action to not purcharse it on that pc. Making the purchase allows the spyware to easliy access your credit card number because you have to type it in, in order to pay. So I would suggest purchaseing it on a computer that is not infected and then register it on the pc that is infected that way you can be worry free that your credit card information is safe.

     
    1. Quickfix:
      Actually, (In my experience) most of the rogues do not incorporate spyware (yet). They rely on people entering CC’s on their webpages at the moment, and I think it will remain that way for a while. So, if no other PC is available, I would install and register/purchase program on infected one as well. Additionally, most of rogues today focus on monitoring/blocking internet traffic instead of browser content. The problem with this approach is they can not easily decrypt HTTPS connections(like Payment pages) and quite often they are left untouched.
      I do not think System restore will fix internet connections in many cases. Quite often it is as simple as proxy server, that routed the !unencrypted! part of internet connection through malware process ( HTTPS connections are not routed through proxy usually). In many cases this results on loosing internet connections after the process itself is removed, but is easily fixed without any program. On some cases, you need specialized tools.
      System Restore does not replace all the files. Many of the problems with Internet Connection means one of several things: Additional infection, proxy server, Malicious DNS settings, Infected Router, corrupted hosts file and so on. Few of this list can be fixed by system restore. System restore can not battle MBR infections as well, which are likely with popular rogue programs. we put a nice list of stuff that CAN happen and are not likely be fixed neither with common anti-malware tools (nor, in many cases, with system restore) : http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem .
      What I suggest instead of system restore is doing full system images (backups). I use Acronis for that in office, though there are some other tools available. They save EXACT system state (instead of partial like System restore does) and is much more reliable way to fix problems.

       
  40. quickfix
     

    I agree with the admin. I would purchase a legitiment spyware removal program for the future. If you were infected once you can always become infected again espically if you arnt too good with computers. I can lend another good peice of information here. Norton Antivirus is NOT a bad antivirus program. However, if you dont have the version of Norton with spyware protection it will not help at all with antivirus action. Norton is very good with VIRUSES however, antivirus action is a SPYWARE. Therefore, you will need a anti SPYWARE program to remove antivirus action. If you have Norton Antivirus and have scanned your whole pc and it does not detect Antivirus Action dont be fooled. Just because it didnt detect anything dosent mean there is nothing wrong it just means that the spyware cannot be handled useing Norton. I now have both Norton and Spyware Doctor installed on my pc. They do conflict with eachother if you are trying to scan useing both of them. However, having both installed does ensure almost complete protection from spyware and viruses alike.

     
  41. quickfix
     

    That solution could work as well. However, so far I have not had a problem useing a system restore to restore my computer to a previous date before any data corruption took place. I guess either one could work or could not work it depends on the state of your pc more or less. As for the purchase of spyware doctor on the infected pc I still do not agree making the purchase on the infected pc. If there is a chance that your credit card information is in jepordy because of this spyware i would NOT purchase on the infected pc. Not only is Antivirus Action dangerous itself but it also allows for other spywares and trojans to be downloaded on your pc and any one of those could also put your credit card information in jepordy if you are useing your credit card online to make purchases. In the case of someone stealing your credit card at least you can cancel your credit card knowning someone has it so they cant make purchases. However, If someone came acoss your credit card number over the internet from spyware you would have no idea that they did until they started using it to make purchases. I would strongly advise against making online purchases on pc’s infected with any high risk spyware.

     
    1. Well, usually these rogues are pretty much focused on extortion. But I understand your concern. That is why we recommend first disabling the malware using tools on hand (task manager, process explorer, etc), then identifying its remaining processes (Spyware Doctor or any other tool), removing them. And then upgrading your PC protection.

       
  42. shaun
     

    @Alex LeRoy
    Hi ALex, did you manage to report them?

     
  43. Magnus
     

    Ty for this awesome forum, i tried Malware and all sorts of guides, but nothing worked – i then stumbled upon Quickfix’s idea of resetting it to a previus date and it worked! (i saved all my important documents, and then reset to 5th of November) Even though it didnt actually delete any docs. I have a feeling its working now, since nothing is preventing me from using Chrome ! ty so much!!! And hope this helps sum1 as lame with a pc as me! best of luck!

     
    1. Magnus: good to hear that comments here helped. Just do not forget to rescan your PC after system restore – it will not delete some of the files (as you notice), and some parts of malware might be still active.

       
  44. ronard
     

    Followed the instructions noted above: start if Safe mode, decided to try the Hitman Pro 3.5.7 30 day trial. Dowloaded it let the program do its deed and it removed the sorry azz program. Ran Spybot and it found a virus that would have not let me rewind to a previous date. Deleted those two malware and restarted the computer. Antivirus Action is completely gone. Updated and ran CCleaner just for good measure.
    Thanks everyone.

     
  45. quickfix
     

    Yes magnus as the admin said I would do a follow up scan after the system restore just to make sure. However, I am pretty confident that Antivirus Action is not able to infect the back up files so you should be fine. If everything works properaly after the system restore you should be fine:) Im glad I could be of some help:)

     
  46. Mary
     

    Hi. I also have antivirus action and i ran the spyware doctor and it found some trojans and other infections however I am not an expert so i dont know how to remove the files. I know that you have to pay if you want the spyware doc to remove it but like people have already said i dont want to risk puttin my credit card info. is there any way to remove it without paying??? HELP!!!!

     
    1. Mary: you can delete the files SD detects manually. Usually, Antivirus Action does not involve keylogger.

       
  47. Becky
     

    Everyone got hacked today!! I turned on my laptop and it was working fine and then all of a sudden i have firefox opening some site. I have popups coming out from every corner. I have deleted many files. I tried Spyware Doctor, it found some files that were infected and I went ahead and located them and deleted them. I rebooted my laptop but the problem is still there. I’ve gone crazy looking for the Registry keys but cant find them. I’m working with Hitman Pro now and waiting.

     
  48. Becky
     

    I used Hitman Pro, and I have to say it worked. after it finished scanning everything I went over the files that came up infected and I deleted most of them. Then I let the program finish the rest. I rebooted my laptop. Normal Mode. I’m so happy. This site is going to be saved forever. I dont know what I wouldve done. Thanks A bunch

     
  49. David
     

    Can not run Hitman pro in safe mode?

     
    1. Hitman pro uses network for scanning. Thus it requires safe mode with networking rather than safe mode.

       
  50. gatewaygal
     

    this website saved my sister’s computer. thank you for the helpful info! after five hours of frustration, i found this site and followed the instructions. thanks again!!!

     
  51. Roger
     

    free complete removal with no nasty side effects! no reloading windows no loss of files read on, this will save you a lot of grief.
    “Antivirus action” appears to attack more or less any program that ends with “.exe” it kicks in at the initial windows start-up but fortunately is the last one to load. This delay allows time to access “user accounts” and create another user log-on account unaffected by their nasty program blocker but you will have to be quick!
    Click “start”, “control panel”, “user accounts” and “create new account”, all links have to be clicked on before the program blocker kicks in or you have to shut down and start again. Once the “user accounts” program has started, the virus can’t affect it, although the ever present false “windows” warning gets in the way. The rogue antivirus program will not affect your new logon, this allows you to shift your files via a memory stick (it does not block the copying of music, video, picture, games files or text files as long as you do not activate them, only the main programs especially the antivirus and security ones will be affected) this permits you to re-install them to your new logon. When all your wanted files are transferred, run your genuine antivirus program I used http://www.microsoft.com/security_essentials/ to disinfect my system and I then deleted my old account. This may be achieveable in safe mode but I did not try it at the time to be honest,(press F8 repeatedly at initial start-up and select “safe mode” to access and create your new account)
    WARNING! some removal programs are not necessarily your friend!
    one removal program I tried deleted the infected files ok but also wiped out vital shared ones in the system; in short it could not perform a clean uninstall. important parts of my operating program got steadily eaten away like woodworm and eventually after a couple of months it failed completely due to the “curing tool” programs indescriminate deletions.

     
    1. Roger: Your method depends on windows version. In some cases TDSS rootkit is present, so TDSS killer is highly advisable no mater if you use MSE or different tool.

       
  52. Paige
     

    Okay, so I tried downloading this to remove Antivirus Action but EVERYTHING is “infected” I already have McAfree, so I don’t know. I really need this thing removed! I need my computer fixed! It’s killing me with all the pop-ups!!!

     
    1. Paige: try rebooting into safe mode with networking first

       
  53. migi
     

    How do we know that Spyware Doctor isn’t another “Antivirus Action”
    Check Youtube videos, You don’t need another program to remove Antivirus Action

     
    1. migi: If system restore does not work, in many cases you will need tools to scan and remove trojan downloaders. If you do not trust Spyware Doctor you can use other tools. Malwarebytes, Spybot S&D, Superantispyware, Hitman Pro. Some free, some with free trials. That is not really my concern. More than half of the youtube videos on that topic suggest buying something too :)

       
  54. Nate
     

    i got that virus i not sure if by downloading music or when i was reading emails all i know is that a window pop up randomly and it was antivirus action i wondered why AVG didn’t detect it and i restarted my computer amazingly AVG said threat detected and removed it in seconds but that leaves me in doubt it was too easy is it still in my system? its been a few days

     
  55. Dillon Chaffey
     

    I have recently attained this virus on one of my lesser used Windows boxes, which caused much inconvenience when it came to posting to my site using that auxillary box as I was unable to access any files, programs or websites. I could not even run Windows Live Writer (which might I add I only use Windows for this program as Windows in general is a horrible system, which was proven even more so when the system came down due to this irritating piece of code). Things like this are what keep me using Linux and as soon as Windows Live Writer is ported to Linux or another extremely similar software is developed for Linux I will be completely migrated to the Linux platform. I also recommend for security reasons that you change all of your passwords that have been used to log in to anything over the internet or anything on a local server. I changed all of my passwords for every single online and local service I use in order to ensure security and continued productivity accross my website. Good luck to all of you, I recommend KlamAV (The KDE front-end for ClamAV) or ClamAV for a distribution other than Kubuntu, unless of course you like the look and feel of the KDE interface on your machine of course. Also do not forget to remove all lines from your hosts file other than the top two lines related to localhost. The hosts file can be opened and edited with correct privileges using notepad and can be found in the directory below.

    C:\Windows\System32\drivers\etc\hosts

    If you are running a server as I am then it is probably best that you use a dedicated firewall running Sentry Firewall or another dedicated firewall system of your choice as this will contribute somewhat to the backdoors that this spyware or any variations of it may have opened on your system. Sentry Firewall LiveCD can be downloaded using the link below.

    http://www.sentryfirewall.com/download.html

     
    1. Dilllon : Linux is not so affected by fake antiviruses due to small market there. Although there are huge amount of bugs and security holes, none of systems are really safe without antivirus and firewall. Personally, I would suggest running your windows applications in Virtual machine rather than dedicated one. VMWare Player is quite nice. Also, you might be able to schedule backups of that VM so virus attacks would be easily solved with restore from backups. That is if all you need are couple windows programs. That does not mean you can leave the machine without antivirus though :)

       
  56. Samantha
     

    Help! Last night, this virus just got onto my computer.
    I tried downloading an anti-virus/spyware disc I got from Best Buy, ran it in safe mode, and it said it deleted/ quarantined everything that it found.
    I restarted the computer and went into normal mode, and it was still there.
    Then, I tried to run the program in normal mode, but now I can’t even open anything on my computer!!
    I can’t even run Task Manager without the virus saying that it’s not able to open the application. I am not great with computers and I’m really in need of help… any suggestions, please? Is it time to call a tech guy?

     
    1. Try different anti-spyware packages in safe mode. Anti-malware packages are not equal, and none is 100%. I recommend Spyware Doctor, Malwarebytes, hitman pro or superantispyware.

       
  57. Samantha
     

    Oh, Windows Vista is my operating system. Its an HP laptop. …Not sure if that means anything.

     
  58. Alana Flores
     

    OMG!!! My daughter was doing homework last night and this thing started popping up… What the heck. It would not let her finish her homework. So I was going to take it in to Fry’s to get it removed because I am so not a techie person, but I will try what you suggest first on this site. Worse comes to worse, I will turn it over to the experts. Any suggestions for a first time malware hunter?

     
    1. Try various scanners.
      IF you can not download anything, try system restore first ( reboot, f8, choose safe mode, launch rstui). After That do FULL system scan with all the tools again.
      Thats the simples way in my opinion.

       
  59. hohnho
     

    Hi there,
    I downloaded the spydoctor and it blocked “antivirus action” immediately.
    if you have the same problem, you should download and use the program.
    You’ll see, I ensure u.

     
  60. Margoat
     

    Hi everyone,

    Yesterday the Antivirus action came up. I tried following many other sites on how to remove this rogue. Nothing could help because they probably already changed the .exe file (I think) But this site looks promising.
    Anyway, if nothing helps can I just delete everything form my pc except Windows and will it then be gone? Otherwise I think I trow the bloody thing out of the window…. It’s a new one so not much is on it. Ofcourse I reinstall a good up-to-date pc protector afterwards

    Thanks you for the comments

     
    1. Try creating another user account and logging in into it. If there is no antivirus action in another user account, copy documents from old one.
      If there is antivirus action in that account, you will have to remove it with other ways – deleting will not help.

       
  61. Margoat
     

    ok thank you! I’l try that one out after I checked right now. Btw, I tried resetting my computer back to today but I can only reset it till 12/12/2010
    Richt noz I’m doing a scan, so far no AA popping up

     
  62. Margoat
     

    it worked! i used hitman pro 3 trial (but i’ll defenatly buy it now) and i made a new account. that worked fine so i deleted the other one. now everything goes fast as normal, no popups of aa and no ‘not responding’ anymore! arigatou!

     
    1. Margoat: Do a scan with other tools too. Sometimes they uncover infections that hitman might miss. Hitman Pro is not protection tool, though, but extremely good alternate scanner.

       
  63. sue
     

    Help! I have the same nasty virus(I would call it a monster!!). It pops up all kind of crap, doesn’t let me open absolutely anything!!. I tried to get into internet through a save mode(f8), but the internet is dead too. I ran Malwarebytes through the save mode, it worked, detected 20 malicious programs, removed them,but it did not detect this monstrosity pop up virus, who ate my internet connection. How do I download hitman pro or spyware doctor without being able to connect to the internet? Thanks in advance.

     
    1. Sue: Try disabling proxy server in your browser. Also, try using safe mode with networking instead of Safe mode. Both tools require internet to operate (though might work with infected browsers). You will have to update Spyware Doctor, and hitman pro requires internet for checking files.

       
  64. Jon
     

    Now i have an Abnormal way of solving this issue. i recieved all of this issue last night, Anti virus action wouldnt let me do anything. All i had to do was hold the power button till it had an emergency shutdown, and i was then prompted to start my computer in safe mode, when i did, i could click on system restore, and restore it to an earlier date. nithing vital was changed and Antivirus Action was deleted. I Then ran and updated several security programs on my computer, with no later issues. Hope this helped and to remind you guys, this seemed the simplest method to me, but what do i know, im only 14.

     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>