So last week I was working on my laptop, trying to get some PBL basketball work done before I could get some sleep. Everything was working well, my old Sony VAIO has been a dependable workhorse since the day I bought it at a Best Buy “Black Friday” sale in 2007.
Suddenly I noticed a strange pop-up on my screen. Some new antivirus program told me that my computer was infected with malware, and asked if I wanted to click here to turn on my antivirus program.
This didn’t look right. I already have an antivirus program, it should be running right now.
I looked more carefully. Then this graphic popped up.
Oh no. This isn’t an antivirus program. It’s malware disguised as an antivirus program. And it knocked out my current antivirus software, and now it’s running roughshod all over my computer!
I quickly jumped onto Internet Explorer and tried to get to an anti-malware weblink. No such luck. The internet connection through MSIE was disabled. I then went to Firefox. Blocked there as well. I then tried the three-finger-salute (CTRL-ALT-DEL), hoping to activate Windows Task Manager and delete the offending program. Task Manager wouldn’t come up. And the program – Antivira.av, which also operates under several other name variants – was treating my computer like termites visiting a lumberyard.
I shut down the computer and tried to reboot it, hoping that the true antivirus software would kick in. Nope. Antivira.av came back, stronger than ever. This was no run-of-the-mill computer virus. This was a type of malware called “scare-ware,” where it gets into your computer registry and does horrible, horrible things. It’s almost like the Somali piracy of computer viruses. And this strain was extremely virulent, and it wouldn’t go away unless I “paid” for the version of the “antivirus” software that would get rid of the infection. I think I would have gotten better support from Peggy, the USA Prime Credit Russian dude.
This is not good. This is so not good. I can’t have this happen to my personal laptop. This laptop contains all my PBL basketball information. It contains my photo-editing software, which I use when I’m away from home and need to edit a digital photograph on the spot.
At this point in time, I had several options.
I could have:
(A) Tossed my computer into the trash and cried for weeks.
(B) Taken my computer to the local repair shop and waited for weeks for them to extract the virus – and paid lots of money for the privilege.
(C) Paid the blood money requested by the program and hoped that the computer wouldn’t completely flake out and ask for more tribute.
I could have gone with any of these options.
And in the end, I chose Option D.
And Option D meant that I took a deep breath, said to myself, “If this is a virus, there must be a cure.”
And with that, I went over to my other computer – my un-infected white label computer tower with its two brand new 1TB hard drives – and looked up any information on the nasty computer virus, and then followed the directions on how to surgically remove it from my computer.
Thankfully, my search led to this link from geekpolice.net. While reading the site, I discovered that the antivira.av program actually redirected my web browsers to proxy connections, effectively blocking them from reaching the Internet. That’s almost the equivalent of someone barricading the exits before torching a packed movie theater.
With help from the geekpolice.net website, I was able to turn the laptop browsers back on. I went back to the desktop and downloaded a program called Malwarebytes, which I saved on a USB portable drive. I then transferred the file to the infected laptop and ran the program.
Malwarebytes did remove the program – but then suddenly, Antivira.av came back, like a prizefighter up for a second wind.
It was at that point that I went to another site, and downloaded another malware-destroying program, Spyware Doctor from PCTools.com. Spyware Doctor found the antivira.av program, and after I paid $40 to register Spyware Doctor, the program erased and eliminated the antivira.av program from my computer. One week later, the virus has not returned. And I can breathe a sigh of relief.
Okay, a few things to be aware of. If this virus attacks your computer, remain calm. Antivira.av can be removed, but it’s not something that can be easily done in two clicks. You should read the webpages I liked above, and order an updated malware-blocking program as soon as possible. Back up your files and programs regularly and often. This is not a joke and this is not a drill.
Also, be aware that Antivira.av can operate under other names and variants, so if it doesn’t look like your Norton or McAfee or Symatec or Kaspersky antivirus software, and you don’t feel 100% confident that it came from a reputable company, DON’T INSTALL IT ON YOUR COMPUTER!! Also, be aware that these rogue scareware programs are often constructed with poor grammatical interfaces – as in, “Do you want compufix scanned now?” Legitimate computer antivirus companies will at least know how to write their graphic user interfaces with proper English.
Oh, and one more thing. The links I provided above will take you to legitimate sites and allow you to download legitimate anti-spyware and anti-malware programs. Sometimes a Google search could bring you to a webpage that looks legit, but the software you download from that page might actually contain more vicious and insidious malware. Don’t get fooled.
In all honesty, I got lucky. The anti-malware programs I installed and purchased defeated Antivira.av.
This time.
I just hope the malware doesn’t come back with six of its buddies.
Chuck The Writer 
Same thing happened to me a few months back…that virus was hard to get rid of. Remember to always scan with those two programs at least once a week to be sure that notheing else will get picked up on your computer. And don’t just back up your work, make a recovery disk whenever possible. Better to be preprared on the side of caution than to pay someone to do the job for you down the line
LikeLike
One tip: run scans with programs like Malwarebytes and antivirus software in safe mode. This will usually prevent a bad program from running while you try to kill it. Here’s how to start in safe mode:
http://www.computerhope.com/issues/chsafe.htm
If you need to update your virus/malware definitions, safe mode with networking will allow you to get on the internet even if everything else is screwed up.
LikeLike
I’ve found that safe mode doesn’t always prevent these programs from opening.
First thing I always try when I’m fixing a computer that has one of these is to use system restore to restore to a state a few days before the problem started happening. This is the easiest way to remove the program, then run Windows Update and Malwarebytes/Microsoft Security Essentials to remove any potential trojan downloaders.
LikeLike
I would love to find the 14 year old Russian kid that wrote this program and crack him with a pool cue.
LikeLike
I just had to fix this exact same thing last night.
LikeLike
I hope the information I provided in this blog helps, $cott.
LikeLike
Chuck – Thanks for the detailed information and fixes, and sorry about you taking another one ‘for the team’. We benefit from your bad luck, and I feel a bit guilty about it.
LikeLike
Chuck,
Well…you got taken by more than the rogue AV…
Spyware Doctor extorted you for $40 to remove the infection, which you purchased at the advice of a splog (removevirus.org). This is every bit as bad as the infection in the first place. There are plenty of free tools that would have removed that infection.
LikeLike
Maleware bytes removed it. The problem was you never disabled System restores. So the virus just restores itself.
LikeLike
This monster happened to me last night.
I did everything suggested in the article and it did not work.
Then, I went into safe mode and did a system restore- type “system restore” in search area of start screen.
I moved it back to suggested restore point (2 days earlier)and everything seems okay.
I am surprised my MS Security Essentials did not catch it.
LikeLike
Thank you! This happened to me today and I would have NEVER gotten my computer cleaned without this information. =D
LikeLike
Folks and Chuck, I recently had AntiVira Av and could not remove it for anything. My Norton Antivirus failed me and never could detect it let alone remove AntiVira Av. I actually found a few sources such as http://www.spywareremove.com/removeAntiViraAv.html where several of the readers with the same issue were able to remove it using F8 – Safe Mode. I had no clue what this did but somehow by using that program they offered and Safe Mode I was able to remove AntiVira Av. Worked like a charm. AntiVira Av no longer pops up on my screen when I startup my PC.
LikeLike
Thanks for this info. I had to fight this Antivira thing for a while but ended up removing it. Took two tries as it kept coming back when I got out of safe mode. Wasted about half a day… Thanks for the invaluable post.
LikeLike
Thank you for sending me this when my computer caught it. I felt pretty embarrassed (the “only stupid people get computer viruses” myth was running through my head), so thanks.
LikeLike