Antivirus and AnVi
Antivirus and AnVi is a counterfeit security application that commonly installs on computer by means of another Trojan infection. Antivirus - AnVi will be promoted on several online antivirus web site which will act as a gateway to get infected with this rogue security application. Its main objective is to scam computer users by showing fake reports and fabricated virus scan. If victims fall into this trap, they will be oblige to acquire the license version of Antivirus - AnVi. Beware not to pay for the full version of this. It is rogue – simply means that it has no capacity to protect a computer and remove any virus infections. In fact, it will also ask you to remove your antivirus program by means of a misleading alert:
Uncertified [your antivirus] antivirus software detected on your computer. You need to remove [your antivirus] software for correct operation of the Antivirus.
Attention: If you don`t remove [your antivirus] software, the performance of your computer will dramatically degrade. Press “OK” to remove the [your antivirus]
Just ignore and as much as possible avoid this unwanted program by blocking unknown and malicious web sites. If infected, just remove Antivirus and AnVi with a known antivirus program with updated database.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Antivirus - AnVi Infection?
It will modify Windows Registry and add the following entries:
HKEY_CLASSES_ROOT\AvBho.AvBhoApp
HKEY_CLASSES_ROOT\AvBho.AvBhoApp.1
HKEY_CLASSES_ROOT\CLSID\{9d541c6a-573b-4888-b35e-6816e68c3620}
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “wscsvc32.exe”
HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HLCU\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”
The threat will drop the following malicious files:
%programfiles\AnVi\about.ico
%programfiles\AnVi\activate.ico
%programfiles\AnVi\buy.ico
%programfiles\AnVi\avt.db
%programfiles\AnVi\avtext.dll
%programfiles\AnVi\avthook.dll
%programfiles\AnVi\avt.exe
%programfiles\AnVi\help.ico
%programfiles\AnVi\scan.ico
%programfiles\AnVi\settings.ico
%programfiles\AnVi\splash.mp3
%programfiles\AnVi\uninstall.exe
%programfiles\AnVi\update.ico
%programfiles\AnVi\virus.mp3
c:\Documents and Settings\All Users\Desktop\Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Uninstall.lnk
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
%Temp%\winupd64x.exe
c:\Program Files\Antivirus
c:\Program Files\Antivirus\Antivirus.exe
c:\Program Files\Antivirus\AvBho.dll
c:\Program Files\Antivirus\Uninstall.exe
c:\Program Files\Antivirus\wscsvc32.exe
%documents and settings%\all users\application data\fiosejgfse.dll
%temp%\mswinsck.exe
%desktop%\Antivirus support.lnk
%desktop%\Antivirus.lnk
%commonprograms%\AnVi\about.lnk
%commonprograms%\AnVi\activate.lnk
%commonprograms%\AnVi\buy.lnk
%commonprograms%\AnVi\Antivirus support.lnk
%commonprograms%\AnVi\Antivirus.lnk
%commonprograms%\AnVi\scan.lnk
%commonprograms%\AnVi\settings.lnk
%commonprograms%\AnVi\update.lnk
How to Remove Antivirus - AnVi Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove Antivirus and AnVi
1. Download and run Removal Tool to remove this computer threat.
Registry Smart Pro My Security Shield