Antivir Solution Pro Removal Guide


*************************************************************************************************

Statement From the Editor

If you have a question, ask in comment area!

Click the Pic’s to Visit the Sites!

Read each guide at all links before starting the removal process so that you will know exactly what steps to take and which removal process is best for your issue

*************************************************************************************************

Antivir Solution Pro is a rogue anti-spyware program from the same family as Antivirus Soft and AV Security Suite . This family of rogues is installed through the use of malware and exploit kits that download and install Antivir Solution Pro onto your computer without your permission. When this program is installed it will be configured to start automatically when Windows starts, and once started, will perform a scan of your computer and state that it has found numerous infections. It will not, though, tell you the files that are supposedly infected and will also state that you cannot remove anything until you first purchase the program. This is a complete scam, as the program is scripted to display infections every time it is run. That means if you reinstalled Windows and ran Antivir Solution Pro it would still say that you are infected. It does this to scare you into thinking that your computer has a security problem so that you will then purchase the program. When you purchase the program, though, all you do is waste your money as the program has no useful function for your computer.

Antivir Solution Pro is known to be installed through exploit kits on hacked web sites. Exploit kits are are scripts that are added to hacked legitimate web sites that attempt to install malware onto a visitors computer through the use of known vulnerabilities in the Windows operating system and installed applications. Due to this, and to avoid being infected again after your computer is cleaned, it is important that you make sure that your Windows installation is completely up-to-date with all the latest Microsoft security patches. It is also important to make sure that all your programs, which include Sun Java, Adobe Reader, and Adobe Flash, are updated to their latest versions. A great program that you can use to scan your computer for insecure programs is the Secunia Online Software Inspector. We suggest that all readers scan their computer with this program to make sure your applications are not vulnerable to security exploits in order to add an extra layer of security.

NOTE:

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files suggested in these guides to another computer and then transfer them to the infected computer via a CD/DVD, external drive, or USB flash drive. A CD+R is best because it is read only and will prevent infecting the clean computer you have downloaded from, if you have to use it to get more downloads.

Step 1. Start here!

Bleeping Computer’s Antivir Solution Pro (Uninstall Guide)

Print out these instructions as you may need to close every window that is open later in the fix.

Antivir Solution Pro will also configure your computer to use a proxy server at 127.0.0.1:5643, which is actually the Antivir Solution Pro program itself. This makes it that when you browse the web using Internet Explorer, the rogue will intercept all your web browser requests and instead display a page that shows a security warning about the site you are visiting

Reboot your computer into Safe Mode with Networking using the instructions for your version of Windows found in the following tutorial:

How to start Windows in Safe Mode

Tap F8 at start-up(when you see the logo screen-Dell,HP,Acer,etc,etc…. until you see the Advanced menu screen like below

Use the arrow keys to highlight safe mode with networking and hit enter and enter again.

NOTE:

This infection changes your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software. Regardless of the web browser you use, for these instructions you will first need need to fix this problem so that you can download the utilities you need to remove this infection.

Open Internet Explorer
Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser
Click on Tools at the top and select Internet Options
Note: If you do not see Tools, press the Alt key on your keyboard and it will show up
Click on the Connections tab
Click on the LAN settings button
Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
Click on the OK button to close the Local Area Network (LAN) Settings window
Click on the OK button to close the Internet Options window

OR
Please start Internet Explorer, and when the program is open, click on the Tools menu

Connections and Lan Settings Tab

Lan Settings

Make sure that the “use a proxy sever for this lan” is NOT CHECKED and if it is un-ckeck it and click ok and ok again. You “may” have to do this several times to get it to work

Now you must end the processes that belong to Antivir Solution Pro so that it does not interfere with the cleaning procedure. To do this, download the following file to your desktop.

Rkill – What it does and What it Doesn’t – A brief introduction to the program

Rkill Download Links

Rkill.com
Rkill.exe

iExplore.exe

rkill.pif

rkill.scr

uSeRiNiT.exe

WiNlOgOn.exe

#1. do not turn off computer until after running Malwarebytes’ when using rkill or the process will have started again and you will have to start over.

#2. DO NOT USE ON A CLEAN COMPUTER as it could damage certain legit security programs.

#3.Vista and Windows 7 users, right click and click run as administrator.

#4. Keep running Rkill until no malicious processes are detected

Disable security software before using rkill(If possible)

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download ATF For cleaning of Temp Files & the Java cache

See Screenshots

****************************

Now you should download Malwarebytes’ Anti-Malware, or Mbam

Please download Malwarebytes’ Anti-Malware to your desktop.

The Free Version

Once downloaded, close all programs and Windows on your computer, including this one.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • If it asks for a Restart DO SO, Very Important

See the Tutorials for specific instructions.

Malwarebytes’ Tutorial *****by Bleeping Computer

Malwarebytes’ Tutorial*****by VMSAR

When Malwarebytes’ will not run see*****HERE*****

Common Issues,Questions,and their Solutions

Malwarebytes’ Antivir Solution Pro Removal

Microsoft How to Get Rid of Malware

Restart computer and run a Quick Scan with Mbam and if anything is found, run a Full scan

********************************************

Step 2. If Needed But Suggested

The Free Version

SUPERAntiSpyware Tutorial

When SUPERAntiSpyware will not install or run see*****HERE*****

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Portable Scanner can be downloaded from a different computer and run on the infected computer. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. It runs from the CD and requires NO internet connection. If the infected computer can not download, then this is a solution. Simply download the portable scanner and copy it to a USB/CD. NOTE: The portable scanner is random named to prevent the malware from stopping the scanner from running. For more software similar to this see the RescueCD software section on home page which scan an infected system and can recover personal data due to infection/defective or failing hard drive.

*********************************

Dr.Web CureIt!

**********************************

Ccleaner for a good clean-up

Screenshots

Ccleaner Documentation

<<<<<<<<<<>>>>>>>>>>

Step 3.

Uninstall all Adobe software and Java and install the latest versions

Adobe—>HERE

******************************

Use JavaRa to clean out old versions of Java>HERE

Then look for the following Java folders and if found delete them:

C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Then install new Java—>HERE

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cacheLeave BOTH CheckedApplications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page  HERE

***********************************************************************************************

Step 4

Clean System Restore

Four steps to this. #1. Have your antivirus open or use the ESET Online Scanner below and set to full scan and running. #2. Turn off system restore. #3. Launch ATF and clean until “No Files Cleaned”. #4. When scan is finished, turn system restore back on and create a restore point.

NOTE: Make sure that your computer is clean before taking these steps.

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

************************************************************************************************************************

NOTE
If you are having problems connecting your computer to the Internet after removing malware or spyware,

Try this Winsock Fix

***********************************************************************************************

For Rootkit Removal if needed

How to Remove the TDSS,TDL3, or Alureon rootkit using TDSSKiller

Or ***Gmer***for rootkit’s

or*** HitmanPro***RootkitRevealer

Bleeping Computer’s    RootkitList

**************************************************************************************************

If no luck See

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

***********************************************************************************************

If you are still having issues see

Virut and other File infectors-Throwing in the Towel?

When should I re-format?

How to Start Windows in Safe Mode

How to use the Task Manager

How to use the Microsoft Malicious Software Removal Tool

How to Install, reinstall, or uninstall Windows

*************************************************************************************************

Online Scanners that Detect and Remove for Free

*************************************************************************************************

Manual Removal Section Caution, a mistake here could cause operating system failure

Antivir Solution Pro Associated Files:

%UserProfile%\Local Settings\Application Data\<random>\
%UserProfile%\Local Settings\Application Data\<random>\<random>.exe

Antivir Solution Pro Windows Registry Information:

HKEY_CURRENT_USER\Software\AVSolution
HKEY_CURRENT_USER\Software\AVSuitE
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution
HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “<local>”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5643”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “<random>”

Issues that “may” be in a HijackThis log:

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O4 – HKLM\..\Run: [<random>] %UserProfile%\local settings\application data\<random>\<random>.exe
O4 – HKCU\..\Run: [<random>] %UserProfile%\local settings\application data\<random>\<random>.exe

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

Post your HijackThis log  HERE and I will advise what needs to be done. Please read the Tutorial so that you have a understanding of how this works.

*************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of what software’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

More to use

Jotti’s Malware Scan

Dr. Web Online Check

Kaspersky File Scanner

novirusthanks

*************************************************************************************************

Other Useful Infromation:

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

Forums


Advertisements

Posted July 27, 2010 by Wide Glide in Virus Removal

All Things Equal

A fine WordPress.com site

Everything Anti-Malware!

Reviews, Step-by-Step Guides,Toolkits and News

TechNet Blogs

Malware Removal

SUPERAntiSpyware Blog

Malware Removal

Security Garden

Malware Removal

S!Ri.URZ

Malware Removal

miekiemoes' Blog

Malware Removal

Malwarebytes Labs

Malware Removal

Metallica's blog

About malware

Malware Removal

Opera News

Malware Removal

WordPress.com

WordPress.com is the best place for your personal blog or business site.

%d bloggers like this: