Attentive Antivirus - How to remove?
Attentive Antivirus is rogue antivirus from WinWebSec family (new generation) and direct clone of System Doctor 2014. These parasites share both design and functionality. Both rogues will infect the system through trojans, hijacked pages or malicious advertisements. First you will see a fake warning screen claiming that Windows detected problem with privacy and is looking for a solution. It will claim that it installs antivirus, though the rogue has been preinstalled before and this step puts some links on desktop only. After that Attentive Antivirus will display lots of popups and alerts to scare you into purchasing its full version. To scare you further, it will block majority of programs and display alert that the files you are trying to launch are infected.
Attentive Antivirus popups look like this:
Warning! Infected file detected
Location: File System
Suspicious activity detected in the application cmd.exe to the behavior of the virus Win32/Conficker.X. For your security and to avoid loss of data, the operation of application xxx.exe has been temporarily restricted.
Warning! Network attack attempt detected.
We strongly recommend activating full edition of Attentive Antivirus for repairing threats.
You can ignore all these popups, as all the threats detected by Attentive Antivirus are fake. However this rogue is dangerous as it comes with rootkits usually and is tough to remove.
Attentive Antivirus special removal instructions
- Reboot, press F8. Choose Safe mode with networking from menu.
- If you are asked, loggin to your account.
- Run msconfig. Disable all startup entries from ProgramData or Application Data folders.
- Download http://www.2-viruses.com/downloads/spyhunter-i.exe and other anti-malware programs just in case your browser fails to work in normal mode.
- Reboot normally.
- Download and scan your PC with http://www.2-viruses.com/downloads/spyhunter-i.exe, hitman, Malwarebytes to remove rootkit and Attentive Antivirus files.
Video version of these removal instructions are below.
If this approach fails, you can try to fake-register it with code : AF03E-902B6E19-6FD491E6-A33AF708-2B4B6DFE or create hitman Kickstarter usb on unaffected PC and booth the infected one from it.