E-SET Antivirus 2011 - How To Remove?

Type: Rogue Anti-Spyware

E-SET Antivirus 2011 is a fake Anti-virus program that mimics the skin and name of legitimate software. While E-SET Antivirus 2011 design is similar to AVG, the name is reference to ESET, a legitimate makers of antivirus software NOD32 and Smart Security suite. Fake E-SET Antivirus 2011 has nothing to do with real antivirus company and best to our knowledge they are not related.

E-SET Antivirus is quite similar to another fake antivirus: AVG Antivirus 2011. This is not accidental : This is the same parasite with different name. The makers have changed the name string in the source, but the behavior of ESET Antivirus 2011 is the same as its predecessor. Typically, you get rogue infection by downloading it from fake scanner pages that display “you are infected” messages for all their visitors, by trojans using browser exploits or bundled with some sort of “free” downloads. Once inside, E-SET Antivirus 2011 will configure your PC to execute its executables on each system startup and will start trying to scare you as soon as PC is rebooted.

Once it is active, E-SET Antivirus 2011 will show various alerts stating that your personal information is being stolen. These alerts will be used to scare you into launching main program window:

Warning! Active Virus Detected!
Threat Detected: Email-Worm.Zhelatin
Infected file: <random file name>
Action taken: Application Blocked
Description: Worm Email-Worm.Zhelatin.vy is virus-like malware with destructive code, and is able to mutate, replacing its own code by itself. This makes Email-Worm.Zhelatin.vy very dangerous, hard to find, and difficult to delete. Like most viruses, worm Email-Worm-Zhelatin.vy may spread to other computers by secretly emailing themselves to Internet users in your address book.

Once installed on your machine, NetPumper may start monitoring your web browsing habits, such as what pages you usually load and what search terms you usually type in the search page. NetPumper may also deliver excessive pop-up advertisements even when you are not browsing the Internet. NetPumper also an ability to slow down your computer performance by using your hard drive recourses in order to deliver advertisements on your computer screen.

Some of them will deffinitely give you the names of viruses that in reality have nothing to do with your PC:

Warning! New virus detected!
Threat Detected: Keylogger.iSnake.Pro
Infected File: C:\WINDOWS\system32\asr_ldm.exe

Warning! Identity theft attempt detected!
Attacker IP: <random IP address>
Attack Target: Microsoft Corp. Keys
Description: Remote host tries to get access to your personal information.

If user ignores these warnings, E-SET Antivirus 2011 has several other ways to force them into scanning their PCs. One is blocking legitimate websites by claiming that Internet Explorer is in “Emergency mode” and this mode has limited functionality or some websites block browsers in that mode. This is completely untrue, as IE has no Emergency mode whatever sort. Another trick E-SET Antivirus uses is blocking anti-malware and antivirus software from execution by claiming that Active Virus is detected. Surely, these warnings are fake as well.

If you launch E-SET Antivirus scan, it will detect legitimate antivirus programs and useful programs as infected with various “popular” forms of malware, but it will refuse to repair the infections till you pay for its “full” version. You should never pay for malware like E-SET Antivirus 2011 as it leaves no option to uninstall itself, has no real parasite database and blocks other programs from execution. These signs pinpoint that it is extortion and phishing scam, and you would lose much more money than in claims. You should remove E-SET Antivirus 2011 to avoid additional infections.

How to get rid of E-SET Antivirus 2011

First, we recommend rebooting into safe mode with networking before using these instructions. If E-SET Antivirus 2011 launches in that mode as well, launch its scan, and move its window to the side of the screen.
This malware will block most of legitimate remover programs and task manager. So we recommend Process Explorer downloaded using this link: https://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe . Launch process explorer and make sure you can see folder of each process. Stop E-SET Antivirus 2011 processes. If you do this correctly, E-SET’s window will close.
Another, a bit simpler way to disable E-SET Antivirus has been discovered by security researcher Xylitol: you can fake-register this rogue antivirus using key : ABC12-DEF34-GHI56-JKL789. After registration, applications are no longer blocked.
Next, you should disable proxy server in your browser if one is set up. This should be done to prevent re-execution of malware process.
Lastly, download and scan your PC with legitimate anti-malware program to assist in E-SET Antivirus 2011 removal. I recommend spyhunter, Hitman Pro or Malwarebytes Anti-Malware. These program will detect real files infected so you can remove them safely. Full version of spyhunter or Malwarebytes Anti-Malware would have likely stopped E-SET Antivirus 2011 infection before PC gets corrupted and would save lots of time.
Note: You can distinguish legitimate ESET from illegitimate by its spelling and name. Legitimate antivirus uses name NOD32 instead of generic Antivirus, also the company name does not use dash in middle of its name.

Automatic E-SET Antivirus 2011 removal tools

Note: Reimage trial provides detection of parasites and assists in their removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.  We might be affiliated with some of these programs. Full information is available in disclosure

Manual removal


Important Note: Although it is possible to manually remove E-SET Antivirus 2011, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on 2-viruses.com.


E-SET Antivirus 2011 screenshots


About the author

 - Main Editor

I have started 2-viruses.com in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.

March 16, 2011 20:52, March 29, 2011 00:17

3 thoughts on “E-SET Antivirus 2011

  1. Confirming that the manual instructions above work.

    Notice that the following Registry keys may have mutated since the original note was published. As of 17-Apr-2011:
    HKEY_CURRENT_USER\Software\A88246 -> is now A88875
    HKEY_CURRENT_USER\Software\Mon246 -> is now Mon875

    Notice, also, that the following Registry value is dynamic:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “WinNT-A8I 16.03.2011”

    The date component of the value changes, according to installation date.
    For example, on 17-Apr-11 is was “WinNT-A8I 17.04.2011”

    In general, suggest you do this in two steps:
    1. Login to Windows in safe mode and remove the executables and Startup Menu entries.
    2. Login to Windows in normal mode, and use regedt32 (or your favorite Registry editor) to clean it up.

    Since e-set affects MSIE/Firefox/Opera/Chrome/Safari, the browsers will not work after msiexecs.exe has been removed.

    Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *