AntivirusIS is a Rogue Antivirus program. Once Antivirus IS is installed, it runs a scan, the program reports false scan alerts. The user is then prompted to pay for a full license of the software in order to remove the threats. The program is also a browser hijacker that changes browser settings. The program will prevent a user from accessing other programs on the computer such as; task manager, registry editor and even system restore.

If you are unable to launch Malwarebytes Anti-Malware, simply rename the installer to iexplore.exe.

Type: Misleading Application
Name: Antivirus IS
Website: Theprotectall.com (Site rated poor on mywot.com)
Risk Impact: Medium
Systems Affected: Windows 2000, Windows Server 2003, Windows Vista, Windows XP and Windows 7
Behavior: AntivirusIS is a misleading application that may give exaggerated reports of threats on the computer.

AntivirusIS Removal

AntivirusIS Manual Removal Instructions

AntivirusIS registry values:

Delete registry values:
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″

Other malicious files:
C:\Documents and Settings\[User Name]\Local Settings\Application Data\SET OF RANDOM CHARACTERS]\
C:\Documents and Settings\[User Name]\Local Settings\Application Data\SET OF RANDOM CHARACTERS]\SET OF RANDOM CHARACTERS].exe
C:\Users\User\AppData\Local\[SET OF RANDOM CHARACTERS]

Automatic Removal

Download and install SUPERAntiSpyware and Malwarebytes Anti-Malware. Both security programs come with free versions.

I recommend that you run multiple passes of SUPERAntiSpyware and Malwarebytes Anti-Malware.

It’s important that you keep your security programs up to date. I highly recommend downloading the WOT (Web of Trust) add-on for IE and/or Firefox. The WOT add-on warns you about risky sites before you click.

This rogue software is from the same family as Security Suite and Antivirus Soft.

Related Articles
How to Remove Win7 AV
How to Remove Major Defense Kit
How to Remove Desktop Security 2010
How to Remove AdWare Pro Rogue Software
Security Tool Installs as a Firefox and Flash Update