Antivirus IS

can you email the directions on how to remove it. I have windows Vista

You can use the share button on top to e-mail the removal guide to yourself. As stated above we already have created similar guides that cover basically the same threat so follow any one of those guides.

Can you send me a guide on how to remove it? I know it says to check those other guides, but I still can’t find the virus file. Please send some directions please, thanks.

We have not made a direct guide for this specific threat because the other guides have video and basically the same file structure as this. Perhaps we will make a guide for this soon but as of yet only like 15 people have visited this page so it’s not really worth hours of our time.

“Antivirus IS” has taken over my fathers PC.

An “Antivirus IS” icon has appeared in the bottom Taskbar.
Nothing called “Antivirus IS” is listed under Task Manager.
Regedit opens then closes immediately followed by a false alert message.
In Safe Mode regedit works fine but can’t locate anything labled “Antivirus IS”.
An advanced drive scan shows nothing called “Antivirus IS”
Windows Operating Disc is prevented from running for network support.
Booting to OS CD worked but the fresh installation went to the slave drive.
The popups are driving me crazy!

What can I do?

well it’s very worth your time to us.

i’m tired of using my PC in safe mode w/ no sound. I’ve ran Malwarebytes, SUPERAntiSpyware AND Spyware Doctor probably 5 times each and I still haven’t been able to remove “Antivirus IS”….pretty frustrating. :/ So please use the “few hours” of your time so that you can help prevent it from happening to us or anyone else in the future. THANKS!

I takes far more then 2 hours to create a good and accurate virus removal guide. It can take 8 hours of searching just to find this threat and another 8 hours to dissect it and analyze a manual method to remove it.

If enough people request a specific guide for this threat we will make one. As of now there are harder hitting threats and guides that need updating.

So I have this stupid malware in my computer. I get rid of it for awhile and it comes back but is called something different. I have McAfee but it didn’t catch it. I cannot run anything unless in Safe Mode. Do I have to purchase more software? shouldn’t McAfee catch these?

I have been working for 7 1/2 hours to remove this virus. I am not an idiot and have done all the correct steps. Everything that appears to work in safe mode does not translate over. I have downloaded and scanned multiple programs from suggested sites, including this one. HELP!!

Antivirus IS is pissing me off…all cuz i wanted to see some coochie, infected on FB for a friend posting a link

Im hosed except for Firefox……..no executable’s work, no outlook, etc, etc,

I know nothing about the computer..but I had to tinker once my computer was jacked by this krud. I know I probably haven’t fixed the problem completely, but my computer is running right for now…but I just know theres somethings in my computer waiting to pounce. grr

As you know, the stupid thing blocks your computer from accessing your own programs so my attempt at doing a system restore only got me that “infected” box. Pretty sure I couldn’t even use my calculator! So..I noticed the Antivirus IS icon on my bottom tray..as well as the pop ups didn’t start till about 30-60 seconds after I started my computer and desktop icons started appearing. This is your time to get your system restore to open.

While your computer is “acting a fool”…click on START then ALL PROGRAMS..then PC HELP AND TOOLS…then to SYSTEM RESTORE. Trying to open it only gets you the “infected” box..but doing so should put the SYSTEM RESTORE access closer to you as it will put it in your list of last opened programs when you click START again…it should appear right above the START after clicking (for me it did NOW…restart your computer..when windows starts opening and your desktop starts popping up icons..go to bottom and click START button as soon as its possible. Then your SYSTEM RESTORE should appear right above it..double click to open it. While your waiting for it to open..you will eventually start getting the stupid Antivirus icon in your tray..as well as pop ups. But if you got to it fast enough it will bring up your SYSTEM RESTORE on your screen in a few minutes.

Have it set to “restore computer to another date” (something to that effect.) It will pop up a calender. The darker bold days are your restore days available. Choose a date before your c0mputer was hijacked. I choose 2 says prior cuz I had nothing new I put on my computer I didn’t want to lose or redo. Click the next to complete. Your computer will restart and come out the way it was acting on the restore date you chose. The icon is gone..the pop ups are gone. My computer is ok again. Well for now at least. I did this a week ago and haven’t seen it again since. If someone can help out on keeping it from coming back i’d like to know. It may not be the best way..but hey..worked for me so I’m going with it. hth somewhat.

We are now actively looking for the virus to infect a few test computers. It may take a while to find the threat so if you know were you got infected please post a comment with the url and we will take a look.

We will be making a video and guide once we locate the virus.

Pretty much having the same problem has everyone else, not on my machine thankfully, but a flatmates.

I used to work in IT support so I recognised the issue straight away and tried to carry out what the sites suggests, but it has pretty much locked me out. Not helping is Windows 7 which I’ve never used before and is like some freaky alien software on it’s own compared to XP.

I think we got the virus from the either the NFL fantasy football website or google. My husband was downloading some images of deer on google. That’s at least where the popups started. Hope this helps!

I have this on my computer and i can not locate any files under app data. I am using windows 7 and just can not find any files that have any reference to IS in my system.
I can not connect to the internet with my computer but other programs are working.

Please please can you provide a guide.
Many Thanks

oh is it “hitting hard” enough now? It’s rendered several PCs practically useless and you just now think it’s worth your time?

I got rid of it last night using these steps: URL REMOVED. “Sorry we can not link to other unknown websites”

This stupid Antivirus IS has completely overtaken my system. I can’t get online or even open Task Manager! I found the file but it says I need permission to delete it! The file is under my Temps folder, it’s sbeueeglanw.exe. I am on Vista and am online through a Guest account. My main account is completely overtaken to the point where I can’t do anything including get online. Stupid McAfee doesn’t recognize it as a threat so that is useless! HELP!!! D

Spent a few hours looking for the virus and still not finding it. All urls submitted so far to us have not proven out. Please submit the URL if you know were you were infected from.

you’re joking right? you’re not helping anyone yourselves yet you delete my link to steps that worked for me? that’s fair. well sorry to those still dealing with the “antivirus is” crap.

I wish it was not a joke. Simple fact is people sue for no reason at all so we need to provide as little reason as possible. We get around 200 ( YES 200 ) spam links a day. We do not have time to check out URLS to see if it’s a legit site or not. We do however except links to well known security websites.

I got this nasty virus yesterday. Long story short: I tried what BrainySmurf (howtogeek.com) suggested in one of the comment sections, and it’s the only thing that worked for me. This is what he suggested trying:

BrainySmurf
I just had this nasty virus invade my laptop about 90 minutes ago! Took the IT techs an hour to remove it.
-Restart – hitting F8
-safe mode with networking
-deleted all temp files/cookies/history
-returned internet settings to default
-ran malwarebytes and removed all infections detected
-restarted – hitting F8
-System Restore to previous day
-Restarted in normal mode and problem was fixed!

I actually restored to this past Wednesday. So far, so good. I have been searching for answers since yesterday and hope this helps someone else. I’m not saying it will work for everyone else, only know that it worked for me. Good luck!

Looks like a lot of folks are having the same problem I had. Seems to be a recent attack, as mine happened 9-28-10. Norton Anti-virus and SUPERAntiSpyware couldn.t find it. However, Norton gave me a link to “Norton Power Eraser” (NPE).
I don’t know whether you must have a Norton Anti-virus Program or not. Anyway, the link is http://www.norton.com/virushelp Using a PC that connects to the Internet, you download the program to a flash drive. Then you read the flash drive from your infected PC and follow the instructions. It found a file named bvqdavtlanw.exe and removed it. My PC seems O.K. However, I’m having difficulty connecting to the Internet with my browser (Internet Explorer 8). My
infected PC was using cable modem (at a different location). I’m trying to connect it using DSL. Does anyone know if anything special has to be done to get it to work on DSL?

I just love it when users post solutions!!!!! Searched 5 hours today for the threat and still have not found it. I have found 2 new threats but not the Antivirus IS yet. As soon as we do I’ll make a guide and video on manual removal.

Got it!

Run Task Manager. If virus prevents running Task Manager then reboot and as soon as desktop appears run Task Manager before virus can prevent.

In Task Manger go to “Processes” tab.

There I looked for an out of place Image name and Description. For me it was titled: “yqllowhlanw.exe”

I checked the properties on this item and found an associated folder called:
“dkqmkqbvv”

Then end process and delete folder.

I also found an odd program in my program folder entitled:
“browser error address redirector”

I was not able to delete it manually but was able to over ride and delete with CCleaner.

That’s it, and so far so good.

OK, I found a solution for my internet connection problem after running Norton Power Eraser. For IE, go to:
Tools
Internet Options
Connections
LAN Settings
If there is an x in the check box for proxy server, uncheck.

For Firefox:
Tools
Options
Advanced tab
Network tab
Settings tab
Select “No Proxy”

We have a guide for this as well already

http://www.removevirus.org/how-turn-proxy-settings-ie-and-firefox

If you want to just watch a video on it there is one in the above mentioned virus removal guides as well.

I used the Norton Power Eraser with the same results. It found and fixed a file named nkmmvumlanw.exe. My computer seems to be free of the problem, but my internet connection isn’t working. I’m running Windows 7 with a DSL connection. Please share if you find a solution to this problem.

There’s a site called “URL Removed”
On live TV I clicked either cbs or nbc or abc… one of those.
I was asked if I wanted to download some random file to play the stream, I hit cancel, didn’t want to bother.
5 minutes later s*it hit the fan, my comp is basically working fine now after malware bytes, sys restore, almost did a Combofix, but that seemed too techy for me…but I don’t know if it’s completely gone, no more popups and everything LOOKS fine…

My thanks to Britta (and all members of this Forum). I used her solution for re-establishing my Internet Connection. It seems to work great. (Also, this explains why I could use Dial-up but not Hi-Speed, due to hi-jacking of Proxy.)

My friends computer was infected with this after our other flat mate stupidly downloaded ‘a new update for flash player’.

After hours of searching found this site and used the solution of downloading Norton power eraser on another laptop. Found a file name similar to the one mentioned above. Deleted it then followed the tip about the proxy internet settings and it worked perfectly.

Thank you!!!!!!

I believe I got it off an anagram website. URL RMEOVED
I clicked in the Tiles box and next thing that happened was my computer was being scanned and alerted that CPU was infected. Must say my heart pounded. Never experienced anything like this.

1. It disabled my Internet.
2. Disabled access to task manager.
3. Inserted red shield icon in system tray which constantly popped up alert saying that I had virus.

Resolution:
1. I finally figured out that I could get to task manager by striking ctrl-alt-delete during startup just as desktop appeared.

2. I ran Malwarebytes and it removed 9 items (log below.) I also ran SuperSpySweeper and it found a couple of more.

The red shield continued to popup on restart. In task manager I ended processes that looked suspicious. I tried ending the process called “wscntfy” which caused the red shield to replicate and repeat the infection alert. The “wscntfy” process reactivated in task manager.

While running one program, it noted that my Internet connection was odd and asked if I wanted to disable proxy settings. I confirmed. I don’t recall which program I was running, it could have been Spyhunter.

3. I found a microsoft program that purported to fool the “wscntfy” bug by naming the process-ending program iexplore.exe. I downloaded and installed.

4. Also, in safe mode, I found and deleted a file called wscntfy.exe. (with further extension letters and numbers I did not record.)

Thereafter, although the red shield would load initially in the sys tray, after a few minutes, it disappeared and the “wscntfy” process no longer appears in task manager. [Note - For some reason, although the USB keyboard worked striking F8 to get to safe mode, after I got to safe mode, the USB keyboard no longer worked. I had to use an old plug-in keyboard to use arrows to select the proper mode.]

5. Although it was difficult (trying to be too careful), I installed Webroot w/ Spy Sweeper. I ran that and it found and quarantined several more files. It produces no log though I can manually recreate if desired.

6. I am not sure if I should do a system restore or delete all restore points because I do not know with certainty when I picked up the virus. I know it activated when I clicked on the page noted above. Any suggestions would be appreciated.

Here is the Malwarebyte’s log.

Malwarebytes’ Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4736

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/3/2010 9:51:23 AM
mbam-log-2010-10-03 (09-51-23).txt

Scan type: Quick scan
Objects scanned: 146567
Time elapsed: 15 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mksybupgw (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Rapid AntiVirus (Rogue.RapidAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\krjacxfh (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dbldrv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbxdrv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\scoot\Local Settings\Temp\owuyxtwpu\kmhncoalanw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Thanks for the info. It will help when we make the guide. We have analyzed the url in question and did not find any malicious code on the pages we checked. However this does not mean it was not there for a short time.

In answer to number 6. It seems you were able to fully remove this threat. I would run a Disk cleanup and delete temp files and folders. Beyond that I would imagine a system restore is not needed. Wait a few more days and see if any abnormal behavior happens. If not then delete the restore points and create a new one.

I was downloading some music from Limewire. I selected three songs. While it was in the middle of downloading the first song, the fake virus alert popped up. I didn’t check the file type and had not filtered files by .mp3 so it is possible it was a video. It was an Alicia Keys tune – so sad I didn’t get it.

Currently can’t boot in safe mode, can’t access task manager at all. Planning to try the Norton fix…

I can log into another user account and received the initial fake virus warning once, only this time it had a different appearance and disguised itself to look more like AVG, even using the logo. I moved the box to the side, continued reading up on how to remove the malware, logged out, logged back in and haven’t seen it since. The other account remains unusable. I have also received requests to update Flash, which I have ignored and suspect are bogus.

Success!
Thanks to everyone on this site who made suggestions. Antivirus IS hijacked my husband’s computer (Windows XP) and I struggled with it, but the two key elements that helped me were a comment from another site that suggested that if you have more than one user account, it’s possible that only the user account that was being used when the problem first occurred is affected. If so, then you can install and run whatever anti-malware or antivirus program you need from another user account.

That’s what I did – logged into my own user account on his computer and was able to download & install MS Security Essentials and run a scan using that. That alone didn’t fix the problem, but then I downloaded MalwareBytes and ran a scan using that and it found and removed the critter. Re-started after that, and it looks good now, although I did have to go to the internet settings and un-click the “user proxy server” box to get the internet connection back. Whew!

Similar to a previous comment, I was able to start in safe mode, update all my anti-virus and spyware applications. Removed tons of junk, did a disk clean and just about everything I can think of to remove this thing but upon restart, that nasty red shield pops up temporarily then gets zapped away somehow – maybe Spyware Doctor is catching it. Anyhow, I’d love to find out what piece of it is left that is loading upon start up. Any suggestions?

I never did personally find this threat online.

However here is a tip that should work for you.

Hit the Windows Start Button. In the search/run box type “msconfig” with out the quotes.

Now select the statup tab. View all the startup entries. You are looking for that last fake threat that seems to be loading on you. Uncheck the box to what you belive it may be and re-boot. If the shield goes away that means you de-selected the correct program. Now you can browse down to were that trace is and delete it.

AFTER THOUGHT

The red box may be a legit Windows box. It goes away after the SDA client loads because Windows now detects you are running an antivirus client when before it was just loading so it shows a warning every time till the SDA client fully starts.

You may also want to consider running a full scan with the Malwarebytes client. The link is in the side bar.

my motherinlaw searched for something that would give her court records and downloaded a “search program” that popped up. now everything is going nuts. hope it helps

cannot remove a virus security file nod32 cannot get permission to remove this file
Please help