Antivirus GT with alias AntivirusGT is a fake security application commonly acquired by visiting web sites that pretend to be online virus scanner. Sometimes, this malware will be downloaded on to computer by disguising as a codec required to play multimedia files on fake adult web sites. If Antivirus GT was installed on the computer, a bunch of fake alerts and warning messages will be shown on the screen. These alert messages will attempt to convince its victim that computer is infected and a purchase of the registered version of Antivirus GT is necessary to remove the threats.
A legitimate anti-malware application is needed to completely remove Antivirus GT. Its licensed vesion is not worth to purchase since it has no capacity to remove virus from a computer. Remember that rogue programs were made to deceive and not to protect a computer from viruses and threats.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | AntivirusGT |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Antivirus GT Infection?
A virus scan will be launched when Windows is run. Antivirus GT displays a detection of dozens of infections that it promises to remove when a licensed version was obtained.
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “AntivirusGT”
- HKEY_CURRENT_USER\Software\EVAACD
- HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\5.0\User Agent\post platform “WinNT-EVI 25.11.2009″
- HKEY_CURRENT_USER\Software\FNULL246
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\{6A23338A-C725-48D0-BA96-B12FDD22DD39}_is1
Antivirus GT threat will drop the following malicious files:
- %Program Files%\AV
- %Program Files%\AV\AntivirusGT.exe
- %Program Files%\Common Files\Uninstall
- %Program Files%\Common Files\Uninstall\AV
- %Program Files%\Common Files\Uninstall\AV\Uninstall.lnk
- %Program Files%\Antivirus GT
- %Program Files%\Antivirus GT\AntivirusGT.exe
- %Program Files%\Antivirus GT\unins000.dat
- %Program Files%\Antivirus GT\unins000.exe
- %Documents and Settings%\All Users\Start Menu\AV
- %Documents and Settings%\All Users\Start Menu\AV\AntivirusGT.lnk
- %Documents and Settings%\All Users\Start Menu\AV\Uninstall.lnk
- %Documents and Settings%\[UserName]\Desktop\AntivirusGT.lnk
- %WINDOWS%\system32\UpdateCheck.dll
How to Remove Antivirus GT Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove Antivirus GT
1. Download and run Removal Tool to remove Antivirus GT