antivir64

Hi!
Yesterday this window antivir 64 came up and said I have some infected area on my computer.I downloaded antivir 64. So a few minutes later I tried to delete or uninstall this antivir64 but I couldn’t.When I click on the Are you sure you want to uninstall antivir 64 the screen become black.Please help me how I can delete this program.
Thank you for any help and please forgive me for any spelling mistake.

It’s a virus… some variants are missed by avast.
Can you run full computer on-line scanning?
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)

After that, I suggest:

  1. Disable System Restore and then reenable it again.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

First it isn’t a virus, but a rogue program, scum/scamware that makes fake alerts to con you into a) buying the program which is worthless, b) visiting a site for a scan, c) install it, which could well leave you properly infected.

So you potentially have two problems to deal with the rogue program that suckered you into downloading and installing it and any possible infection/protection to stop you getting rid of it.

You should also monitor this topic, http://forum.avast.com/index.php?topic=37910.0.

Also see the hits on a google search for just antivir64, http://www.google.co.uk/search?q=antivir64.

The Firefox WOT add-on reports this url (in the google search I did) as suspect, see image.

Thank you for your comments!
Could you please tell me how can I do the first step and the 3 step? (1. Disable System Restore and then reenable it again,Schedule a boot time scanning with avast with archive scanning turned on.) When I’ve done all the steps this program is disappearing? It’s make me crazy its on my toolbar and I cannot do anything with it its just all the time coming up :(.

Hi again so kaspersky found some things which I dont know what and how to remove it. Phrase to find: “not-a-virus:FraudTool.Win32.WinXDefender.bu”

Disable System Restore on Windows ME, XP or Vista. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After disabling you can enable it again. To use System Restoration it’s necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.

Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

What was the file name and location of the detected file, e.g. (C:\windows\system32\infected-file-name.xxx) ?

C:\Program Files\antivir64\antivir64…
Antivir64.exe\antivir64\antivir64
Antivir64.exe\antivir64\antivir64
Antivir64.exe\antivir64\uninstall.e…

What happens if you try to delete them?
Maybe using Unlocker (http://ccollomb.free.fr/unlocker/) or KillBox (http://killbox.net/) or MoveOnBoot (http://www.snapfiles.com/get/moveonboot.html) or Delete FXP (http://www.jrtwine.com/).

Maybe you need to boot in Safe Mode.

I tried with unlocker and killerbox but the file could not be deleted :(.I’m starting to get sad and angry :cry:

Well its looks like with killbox somehow I DID IT ;D.I deleted on reboot. Thank you for all the help you are great.I’m very HAPPY. :-*

If avast didn’t detect anything on this, try to add the C:\Program Files\antivir64\antivir64.exe (I assume that is the full file name under the … dots.) to the avast chest and then send a sample to avast.

Open the avast Chest, User Files section, and Add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file in the chest, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. Note: A copy of the file/s will remain in the original location, so any further action you take can remove that, using the tools Tech has suggested.

Though it looks like my post is a bit late to stop you deleting it before grabbing a copy for the chest to improve avast detections.

I’m thinking that this baddie is related to the vundo family
do the support helpers think that running vundofix might turn up something else?

http://www.malwarebytes.org/forums/index.php?showtopic=5786&hl=Virus.Win32.Alman.b