“Antivirus System” is a computer virus, which pretends to be a legitimate security program and claims that malware has been detected on your computer. However if you try to remove these infections, “Antivirus System” will state that you need to buy its full version before being able to do so.
“Antivirus System” targets users browsing Internet websites, and rely on social engineering to deliver its payload. This infection is promoted through web sites that have been hacked with scripts that try to install the software by exploiting vulnerabilities on your computer. It is also promoted through Trojans that pretend to be legitimate programs that are required to view an online video, but instead install the “Antivirus System” infection.
Once installed, “Antivirus System” will display fake security alerts that are designed to think that your data is at risk or that your computer is severely infected.These messages may include:
Security Alert
Vulnerabilities Found
Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence.
Upgrade to full version of “Antivirus System” software package now! Clean your system and ward off new attacks against your system integrity and sensitive data. FREE daily updates and online protection from web-based intrusions are already in the bundle.Security Alert
Unknown program is scanning your system registry right now! Identity theft detected!
Threat: Hoax.HTML.OdKlas.a
In reality, none of the reported issues are real, and are only used to scare you into buying “Antivirus System” and stealing your personal financial information.
As part of its self-defense mechanism, “Antivirus System” has disabled the Windows system utilities, including the Windows Task Manager and Registry Editor, and will block you from running certain programs that could lead to its removal.
This rogue antivirus has also modified your Windows files associations, and now whenever you are trying to open a program, “Antivirus System” will block this operation and display a bogus notification in which will report that the file is infected.
“Antivirus System” Firewall Alert
iexplore.exe is infected with Trojan-Downloader.JS.Agent.ftu. Private data can be stolen by third parties, including credit card details and passwords.
If your computer is infected with “Antivirus System” virus, then you are seeing the following screens:
“Antivirus System” is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy “Antivirus System” as this could lead to identity theft, and if you have, you should contact your bank and dispute the charge stating that the program is a scam and a computer virus.
“Antivirus System” – Virus Removal Guide
This page is a comprehensive guide, which will remove the “Antivirus System” infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
OPTION 1: Remove “Antivirus System” virus using its activation code
OPTION 2: Manually remove “Antivirus System” virus from your computer
OPTION 3: Remove “Antivirus System” virus with HitmanPro Kickstart USB stick
OPTION 1: Remove “Antivirus System” virus using its activation code
STEP 1: Activate “Antivirus System” to stop its malicious behavior
“Antivirus System” has hijacked the .EXE extension in your Windows Registry. This allows “Antivirus System” to launch before any application you start and to block it from running. To prevent this from happening, we can use the below code to register “Antivirus System”.
- Open “Antivirus System”, click on the Register button in the right top corner, then enter the below registration code.
“Antivirus System” Activation Code: ?O?Z?L?W?I?T?F?Q?C?N?Y?K?V?H?S?E
- “Antivirus System” should now allow you to open your web browser and other programs.
Please keep in mind that entering the above registration code will NOT remove “Antivirus System” from your computer, instead it will just stop the fake alerts so that you’ll be able to complete this removal guide without being interrupted by this infection.
STEP 2: Repair your Windows Registry from “Antivirus System” malicious changes
“Antivirus System” has changed your Windows registry settings so that when you try to run a executable file, it will instead launch the infection rather than the desired program.
- You can download the registryfix.reg utility from the below link.
REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download registryfix.reg on your computer) - Double-click on the registryfix.reg, then click on Yes on the Registry Editor prompt window, then click on the OK button.
STEP 3: Remove “Antivirus System” virus with Malwarebytes Anti-Malware Free
Malwarebytes Anti-Malware Free is a powerful on-demand scanner which will remove “Antivirus System” malicious files from your computer.
- You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free) - When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.
- On the Scanner tab, select Perform quick scan, and then click on the Scan button to start searching for the “Antivirus System” malicious files.
- Malwarebytes’ Anti-Malware will now start scanning your computer for “Antivirus System” virus as shown below.
- When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.
- You will now be presented with a screen showing you the computer infections that Malwarebytes Anti-Malware has detected. Make sure that everything is Checked (ticked), then click on the Remove Selected button.
- Once your computer will restart, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats.
STEP 4: Remove “Antivirus System” infection with HitmanPro
HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines for the “Antivirus System” infection.
- You can download HitmanPro from the below link:
HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro) - Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
Click on the Next button, to install HitmanPro on your computer.
- HitmanPro will now begin to scan your computer for “Antivirus System” trojan.
- When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove “Antivirus System” virus.
- Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
OPTION 2: Manually remove “Antivirus System” virus from your computer
When “Antivirus System” has infected a computer, it will drop it’s malicious files in the C:\Documents and Settings\All Users\Application Data\pavsdata (Windows XP) or C:\ProgramData\pavsdata (Windows Vista, 7 or 8) folder, and add on your desktop a Antivirus System.lnk shortcut. In the following steps, we will rename this malicious folder thus disabling this infection.
STEP 1: Display the hidden files and folders on your computer
Because the C:\ProgramData\ path is hidden by default, we will need to enable the Show hidden files and folders option.
- Click on the Start button, and click on Computer.
- Click Organize and choose Folder and Search Options. (Tools > Folder Options for Windows XP Users).
- Click the View tab, select Show hidden files, folders and drives, then click on Apply and then OK.
STEP 2: Rename the pavsdata folder to disable “Antivirus System” virus
- Browse to C:\Documents and Settings\All Users\Application Data\ (For Windows XP) or C:\ProgramData\ (For Windows Vista, 7 or 8), and find the pavsdata folder.
- Right click on the pavsdata folder, and select Rename from the context menu.
- Add a unique variation to the filename, such as _old (for example, pavsdata_old) or something random.
- Restart your computer.
STEP 3: Fix your .Exe registry association to revert the Antivirus System hijack
- After a restart, copy the below text and paste into Notepad.
Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\.exe] @=”exefile”
“Content Type”=”application/x-msdownload” - In the Save as type filed, select All files , then save the file as fix.reg to your Desktop.
- Double-click on fix.reg, and click Yes for Registry Editor prompt window. Then click OK.
STEP 4: Remove “Antivirus System” virus from your computer, and fix your Windows registry
You should now be able to start your web browser, even if you have managed to disable “Antivirus System”, its malicious files are still on your computer.
Now we will need to fix your Windows registry as seen in Option 1 on Step 2, and run a computer scan with Malwarebytes Anti-Malware and HitmanPro
OPTION 3: Remove Antivirus System virus with with HitmanPro Kickstart
If you cannot remove Antivirus System virus using the previous options, we can use the HitmanPro Kickstart program to bypass Antivirus System infection.
As the Antivirus System infection will prevent your from start your programs, you will need to create a bootable USB drive that contains the HitmanPro Kickstart program.
You will need a USB drive, which will have all of its data erased and will then be formatted. Therefore, only use a USB drive that does not contain any important data.
- Using a “clean” (non-infected) computer, please download HitmanPro Kickstart from the below link.
HITMANPRO DOWNLOAD LINK (This link will open a download page in a new web page from where you can download HitmanPro Kickstart) - Once HitmanPro has been downloaded, please insert the USB flash drive that you would like to erase and use for the installation of HitmanPro Kickstart. Then double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows).
To create a bootable HitmanPro USB drive, please follow the instructions from this video:
- Now, remove the HitmanPro Kickstart USB drive and insert it into the Antivirus System infected computer.
- Once you have inserted the HitmanPro Kickstart USB drive, turn off the infected computer and then turn it on. As soon as you power it on, look for text on the screen that tells you how to access the boot menu.
The keys that are commonly associated with enabling the boot menu are F10, F11 or F12. - Once you determine the proper key (usually the F11 key) that you need to press to access the Boot Menu, restart your computer again and start immediately tapping that key. Next, please perform a scan with HitmanPro Kickstart as shown in the video below.
- HitmanPro will now reboot your computer and Windows should start normally. Then you will need to fix your Windows registry as seen in Option 1 on Step 2, and run a computer scan with Malwarebytes Anti-Malware and HitmanPro
Your computer should now be free of the “Antivirus System” infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove “Antivirus System” from your machine, please start a new thread in our Malware Removal Assistance forum.
I have used OPTION 1, and it worked! Thank you Stealian!