What is Antivir.exe, How to remove Antivir.exe
Antivir.exe is a harmful program.
 |
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: Antivir
Filename: Antivir.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV
Command: C:\Program Files\AV\Antivir.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe
DDS Line:
uRun: [AV] C:\Program Files\AV\Antivir.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV”=C:\Program Files\AV\Antivir.exe
Description: core part of Antivir. Antivir is a rogue antispyware program.
How to remove: use these Antivir removal instructions.
December 20th, 2009 at 11:44 pm
Thank you…Sooooooooo much for your help! I tried Avira AntiVir, but it didn’t work. Your the best. How do I know what they got off of my computer. They wanted me to buy spyware software. They presented themselves as Microsoft.
February 14th, 2010 at 12:18 pm
Daughter’s laptop infected with “antivir.com”. Norton did not prevent it or find it with a full scan. I looked at your removal instructions and before I downloaded anything checked the registry at the entry below and that entry is NOT present with the {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} value, though it has 10 other entries with different values. Also, the name ‘Explorer’ is not capitalized but is ‘explorer’.
It would appear the virus has been amended to use a different value than the one you are familiar with.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
What Next?
February 17th, 2010 at 8:03 am
Run MalwareBytes Anti-malware.