How to get rid of Antivir

Is this a new method of bumping without bumping lol

geek_therafter1, Mar 1, 8:51 pm

geek_king1, Mar 1, 10:24 pm

Hi, some time ago i deleted Antivir from the laptop, however it has hijacked it selfes to Window security centre under Antivir desktop. about twice a weekwhen i start up,it pops up,asking to renew and or giving a deal,and i also think it is slowing down the start up as well,as even using cccleaner before closing, start up is slow andi get no responding when trying to go to yahoo,all though after about 5 min,. it gets oke,and no trouble after that.Also i run daily malware. Many Thanks

geek_tradenow100, Mar 20, 11:01 am

If no one comes in to help, I suggest you go to their forum. You might have to register before you can post there. Or perhaps search existing posts.
http://forum.avira.com/wbb/index.php

geek_chnman, Mar 20, 12:03 pm

geek_mm12345, Mar 20, 12:32 pm

chnman and mm12345, many thanks for that ,i will try later on, and let you know.Cheers.

geek_tradenow100, Mar 20, 12:50 pm

Hi, Yes, went there,i downloaded Spyhunter, they scanned came up with 3 nasties, but to clear them had to pay,so did not go any further,so would you know any one there who does it without having to pay. many Thanks

geek_tradenow100, Mar 20, 4:56 pm

This is a fairly common tactic among sites claiming to remove such and such.provide a link to a program (which may or may not actually be any good) that has limited functionality.

Go to http://www.malwarebytes.org/products/malwarebytes_free and download the free version. Install it, update it, and run a quick scan.
After the scan is complete, have it delete all items found. If it prompts to reboot to complete the removal, do so promptly.

Let us know what it found.
Also, what actual antivirus are you using!

I've read mixed reviews of Spyhunter. I would not be inclined to trust it too much, because of the way it's marketed. MBAM makes it's money by also vending a paid version (which is good value for money) that is resident. The scanner linked above is a demand scanner. It's extremely competent.

geek_mark.52, Mar 20, 5:30 pm

Hi Mark, Many thanks, yes, i have got malware,running scan every day and even the other day in safe mode,but it has not picked up,and i think becouse it hijacked onto windows security center, i tried malware tools---run tool--- than i typed inantivir desktop but than a pop up comes saying this file does not exist,but when i look at the window security centre there is say's also i typed in window security centre but same think file dos not exist. my anti fire is bullguard,and yes, very happy with that one. i have deleted spyhunter.

geek_tradenow100, Mar 20, 6:13 pm

You uninstalled or deleted Spyhunter!
Pity. A look at the log (if any) would have shown you the location of the files that need to be deleted.
See if you can find a log file.

Does MBAM not detect this infection! (Commonly called a rogue antivirus.)Did you update MBAM first!
(BTW, best not to call MBAM "malware". Malware is the name given to malicious software. Includes viruses etc. Call it MBAM. Everyone will know what that means.

geek_mark.52, Mar 20, 7:52 pm

Hi Mark, Thank you so much for your help, and, yes i uninstalled spyhunter,so all is wiped there. Also, i will call MBAM from now on, as point is well taken there, Each morning the 1st thing i do is update the MBAM, than scan and leave till finished, usually, i do the quick scan,but this morning i did the long one,which took 1 hour and 58 min. and no has not picked it up. How ever late yesterday,with a new up load from Bullquard,they did found this,location,but they did not see it as a virus,so i could not delete it, the pathis as follows c/documents @ settings\all users\appiication data\avira\avira desktop\temp\augvard.tmp Thanks you so much.regards richard

geek_tradenow100, Mar 21, 12:09 pm

Try uploading that file (augvard.tmp) to Virus Total:
https://www.virustotal.com/ In addition to MBAM, another I use is SuperAntiSpyware (free edition). http://www.superantispyware.com/

geek_chnman, Mar 21, 12:25 pm

Hi Chnman, many thanks, will do

geek_tradenow100, Mar 21, 12:27 pm

had no luck with virus total,but could be my fault, so will try again late this afternoon,right now downloading the superanti

geek_tradenow100, Mar 21, 1:07 pm

Something strange has happened to sas. I updated the program the other day and now a quick scan takes forever where it used to take 58 seconds.

And when going here: http://www.filehorse.com/download-superantispyware/6199/old-versions/ to get the older version again, downloads the latest version again. Had to download an uninstaller from their site to bin the rubbish. Just use malwarebytes now, although might try spybot again. Seems that a lot of software that they continually update, in fact they end up screwing forever. Opera is just rubbish now and it used to leave other browsers in it's dust. Use ff 4 now and it doesn't keep nagging to update.

geek_hakatere1, Mar 21, 1:39 pm


Can you navigate to that file in windows explorer (Not internet explorer).this is done by double clicking on "my computer" and going to the folder concerned.

You might need to enable viewing of hidden or system files to do that. Click on control panel then folder options, view, and scroll down to tick the boxes "show hidden files and folders" and down a bit more to un-tick "hide protected operating system files". You shouldn't need to do the latter one, though.

Once you've located the folder and the file concerned, delete it. ".tmp" files are almost always safe to delete.

It would be interesting to see what else is in that folder. It has a legit sounding name. Avira is a respected antivirus company. Did you ever actually install Avira, then perhaps fail to uninstall it before installing Bullguard!

geek_mark.52, Mar 21, 9:45 pm

Hi Mark, Thank you for all you going through,but i am no good with the computer,but did as you sayand pressed on richards document ,not there,share ditto, than on disk,but cant find any files,allthough i did got onto all users did see antivir,right click,delete, but a pop up saying acces deneid. Also unticked hidden folders,but don't know how to get a folder,as the onces i click on just don't show files. Also on control panel the umbralla is there,but again can't delete it.
I think i had bullquard 1st, than saw under computer the antivir and good to have 2, but after a while antivir came up each time with the same virus or what ever it was,so i deleted throughthe acces and default.

Mark, if i get to much of a newson,i understand if you wan't to give up on me,and i just have to live with it,or take it to get fixed, Many thanks for all your time.

geek_tradenow100, Mar 22, 5:07 pm

I think I might be able to provide a fix. This is for Windows XP. (Vista/7 in [] brackets next to each instruction, where there is a difference.)

1) Go to the control panel. Open "add/remove programs". ["Programs and Features"] Wait for the list to populate. May take up to half a minute.

2) If "avira" is anywhere in that list (which is normally ordered aphabetically) double click on it. It may come up with options such as "remove" "repair" or "change". Select "remove".

3) Wait for it to be uninstalled. Reboot.

If none of that worked, continue with the steps below anyway.

4) Click on this link: http://www.avira.com/en/download-start/product/avira-registrycleaner!x-origin=web
It is the uninstall cleanup utility for Avira, direct download from their site. Save the file to your desktop.

5) When it has downloaded, double click the file to run it. Follow the prompts. When it has finished reboot.

Report back. Hope that helps.

geek_mark.52, Mar 22, 7:48 pm

HI Mark,thank you for your persistance, i should have said that before, i have got Windowsxp and FF.
Yes, i have deleted it from ad/remove at that time,and it is not there.
i have downloaded your linka,d cleaned,but then after a few seconds i get,Failure to delete one or many keyes.

So i got a real stubborn one here,i will go to add and remove the one just downloaded.
Thank you so much Mark, have a good weekend. richard

geek_tradenow100, Mar 23, 2:17 pm

Hi Mark, this new one is not in the add'remove either, must be on the back on the old one ! Cheers.

geek_tradenow100, Mar 23, 2:21 pm

Is "this new one" the program I got you to download!
If so, it's not an installed program. The executable runs directly from the download location. (The desktop).

Try rebooting into safe mode, and run it again.
Please list the keys it's not able to remove, if that doesn't work.

geek_mark.52, Mar 23, 3:12 pm

Hi Mark, Thanks again, Oke here is what happen, i click on your link,get download---get page were it also sayes click on safe file, and aslo select directory ie desktop---press safe file--but it does not give option for directory--gives me---run-press---than comes up--a block mesuring 200mmx140mm with the top sayingreg cleaner a lot of blank lines,down below it sayes--configuration-----scan for keys--so i press that and after a few seconds get---
hkey_local_machine\software\av-
ira
''\x-avsd
\control set 001\services\antiverscheduler\-
services
''\"'"""\antivir services
"""\""""\avgntflc
"""\""""\avipbb
""machine\system\current control|set\services\antivir scheduler servce
""""""\antivir service
""""""\avgntflt
""""""\avipbb

so than i press delete all and get failure to delete one or many keys.

I hope you can make sense of it all, and tomorrow morning i will do it in the safe mode.
You deserve a medal they way you still hang in there.
Have a good evening.and again many thanks
richard

geek_tradenow100, Mar 23, 4:57 pm

Just confirm you're running on an administrator account!

geek_mark.52, Mar 23, 6:00 pm

No, i don't think so,it is under ,Richard, and i am sure that the computer guy here who sold me told me i also was the administrator, and wont be able to find for sure till monday,as they don't work on the weekend here,but i could try tomorrow morning in safe mode,as they ask that there adm or richard,so takeadm and see what happen !

geek_tradenow100, Mar 23, 6:07 pm

Just go to the control panel, then user accounts, and your account will be listed, possibly along with the guest account.
It will also state your account type (computer administrator or limited.)

geek_mark.52, Mar 23, 6:10 pm

yes, thank you, it sayes richard, computer adminstrator, guest account is off

geek_tradenow100, Mar 23, 6:16 pm

If this doesn't work in safe mode, there's a couple of other things you could try, but frankly, if I can't talk you through locating a file using windows explorer, they're probably doomed to failure.it's starting to get a bit advanced, plus we're not even 100% sure the file/s causing the problem are leftovers from a legit program, or a rogue program.

Best I can suggest is to take the 'pooter to a geeky friend. Or have one over for dinner.

geek_mark.52, Mar 23, 8:23 pm

Hi Mark, i have run it all in safe mode,and the same thing happened,like i explained in #20, with all those blank lines,so pressed again the scan for keyes and some 16 this time turned up,and was than able to clean them all,but all though when i looked at window security the umbralla is still there. Also i can't find internet explorer,as it is not on the desktop or anywhere else,so in safe mode downloaded explorer 8, but again can't find it, so i take up your suggestings and get it looked at.
Many thanks for all your help,many others would have given up long time ago.Take care and good luck. richard

geek_tradenow100, Mar 24, 1:54 pm

Good luck with this, Richard. I don't know, but I'd be surprised if a reasonable tech couldn't fix this for a hundred bucks or less. Depending on what's involved.

geek_mark.52, Mar 24, 6:34 pm