Antispymv.com is a browser hijacker that distributes Antivir Solution Pro program and other fake antivirus solutions. This rogue software spreads from a Trojan and is installed automatically without user’s knowledge and consent.
Type: Misleading Application / Browser Hijacker
Publisher: Antispymv.com
Risk Impact: Medium
Systems Affected: Windows 2000, Windows Server 2003, Windows Vista, Windows XP
Behavior: Antivir Solution Pro is a misleading application that may give exaggerated reports of threats on the computer.
How to remove Antivir Solution Pro:
Download a free copy of Malwarebytes’ Anti-Malware to remove this software.
How to manually remove Antivir Solution Pro registry values:
Note: The manual removal of files and registries should be performed by experienced users.
- HKEY_CURRENT_USER\Software\AvSuite
- HKEY_LOCAL_MACHINE\Software\AvSuite
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “{random string}”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “{random string}”
Other malicious files:
- %Documents and Settings%\[UserName]\Local Settings\Application Data\{random string}\{random string}.exe
See more rogue software removal instructions here.
If you have the WOT add-on installed for Firefox or IE, you will now get a warning for this malicious website.
Related Articles
How to Remove Antivirus GT
How to Remove MedicCop Rogue AntiSpyware
Beware of this Fake Antivirus Program AV Security Suite
Just shows that we need to stick with well known brands (or at least Tech Jaws approved) when it comes to anti-virus, anti-spyware and anti-malware programs.
Jonathan,
You are too kind and it’s all about the brands. If you never heard of it, move on.
Well,
Thanks a lot, a few minutes and everything seems to be fine so far
Michel,
I am glad the removal instructions helped!
I agree with Jonathan. use only tech-jaws approved brands. You’ll be safer that way.
Andrew,
Thank you as well!
Nice post Frank, its good to see that you are warning people about such horrible scams.
I have fallen victim to a spyware infection before, all of the drives on my PC showed warnings. An anti-spyware was suggested by this program that had infected my PC, which lead to me pulling out my credit card where an deduction is made each month!
Luckily I cancelled my credit card account and was refunded for the second hit.
Hi Frank,
Fell victim to this pile and thank you for the help. The only files that can’t be found are:
* HKEY_CURRENT_USER\Software\AvSuite* HKEY_LOCAL_MACHINE\Software\AvSuite
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “{random string}”
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “{random string}”
Have you seen this attack change or is it my lack of IT skills?
Thanks,
-Toby
Toby,
Did you perform a search in the registry for AVSuite? If so and you didn’t find the file, you should be good.
Hi, I just got rid of one problem to get this one. I am no expert ad running Windows Vista on a laptop. Can’t access internet to download file and no idea how to search registries etc so please help. Andy UK
Andy,
I updated the article with F-Secure which has an update to remove and defend against Security Tool Virus.