Antivirus GT is a rogue antispyware program that is distributed to computers through Win32/FakeXPA Trojan virus. Once computer is infected, Antivirus GT completely takes over the system. You start receiving tons of fake pop up messages stating about some malicious files detected that may cause security issues to your system.
Despite the fact that you did not install anything by yourself, you will soon notice a phony scanner running after each computer reboot. Antivirus GT uses this tactics in order to convince you into thinking it’s a legitimate threat remover. The scanner reports about some infections and recommends removing them by purchasing Antivirus GT. However, the files that Antivirus GT reports as infections are either your legitimate Windows programs or some nonexsistent files. Then the program reroutes to some malicious website promoting Antivirus GT as a reputable antipyware program. The payment for Antivirus GT can be made at this website as well. Do not reveal your credit card details under any conditions there, if you don’t want to be ripped off.
Moreover, Antivirus GT tends to hijack your Internet browser and block most of the websites. Instead it constantly redirects to the one promoting Antivirus GT. Beware That Antivirus GT is a fake application that has nothing in common with a reputable antispyware program. Please remove Antivirus GT from your system as soon as you notice any of the symptoms of its existence.
Here are some messages that may appear while Antivirus GT is running on your system:
Security advisor: Important updates available
New important updates available:Virus and spyware database is out of date.
New Important updates:
– antivirus database definitions update
– anti-spyware database definitions update
– critical system vulnerabilities fix
Optional Updates
– resident shield update
– Internet Explorer potential vulnerabilities fix
AntivirusGT Resident Shield: Virus Detected
Warning! Active virus detected!
Threat Detected: Trojan.Injector.BZ
Infected File: C:\Windows\System32\rundll32.exe
Attention! Your web page request has been cancelled.
This web site refused your connection as it was reported as a malicious request. This can be caused by Viruses, Trojans or Malware installed on your computer.In order to resend your request to the website, press Resend request (please note, this action may cause a permanent block of your computer by the requested website)
In order to activate your security software, please press Fix Now (recommended)
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
i need help anti virous gt has infected my computor wot can i do it wont let me install any computor virous removers 2 remove it heelp
@alien bob help me Reading the above and following the instructions would help you…
On August 8th I somehow wound up being billed twice. I would like a credit for one copy please. Is there a phone no. I can call to clear this problem. I also have some questions about the Antivirus GT. It still seems to be in my computer even after running your Spy Doctor. Thanks. Is there a help phone Number please?
Les ODonnell: Try updating spyware doctor before running the scan. The update might require reboot. If it fails, pctools support will help.
i have no money to be able to buy anything to get rid of it. is there any way to do it for free?
Follow the manual instructions. Spyware Doctor might help to locate infected files for free.
the program blue screens my computer and i cant do anything
If you can’t boot, its either reinstall time or repair shop time.
What’s the point of a free scan?? I don’t need to be told I have a problem on my computer because I already knew that. Why don’t you explicity state that it’s a free scan but NOT A FREE SOLUTION.
Biff : You are wrong. Spyware doctor provides information about which files and registry keys are affected. You can delete these, or modify according keys. Also, it blocks some of parasite processes from launching.
How does the router get infected? Am I vulnerable just by having the infected laptop logged onto my home network? Also, can I just download Spyware Doctor to a clean pc and then copy on to the infected laptop then running the program without doing any manual cleaning? Have tried to run some other spyware programs and message comes back that Windows doesn’t allow program to run. I think Antivirus GT has total control!
If a router has no or default password (or there is a known vulnerability), scammers might connect to them and upload their firmware or change DNS servers to malicious ones. The best way to handle this is setting router DNS servers to auto detect or google ones ( 8.8.8.8 8.8.4.4)
Spyware Doctor should be run in safe mode with networking. It should install there, but you might need to stop Antivirus GT processes first.
This article does not mention the rootkit exploit associated with Antivirus GT. Most fake alert viruses contain a rootkit exploit that can be found and removed by various rootkit scanners, but as of 9-02-10 none can pick up the rootkit contained in Antivirus GT. That is why you can run tools for removal but the hijack portion is still present.
David: which rootkit removers have you tried and used?
I have Spyware Dr with antivirus and it is up to date, and multiple scans have not detected this virus and therefore hasn’t been able to remove it from my computer. Why?
Pamela : version 7 or version 8 of PCTools? Antivirus GT mutates almost daily, I suggest to contact PC Tools support at http://www.pctools.com/support/
Version 7.0.0.545
Reboot into safe mode with networking. Run this tool: http://support.kaspersky.com/downloads/utils/tdsskiller.zip. Run MSConfig and disable all startup entries from your home folder (C:\Users.. or C:\Documents and settings … ) that you do not recognize. Try doing Spyware Doctor scan from safe mode with networking. However, I would contact PC Tool support as well – they might help to solve your problem faster.
I used the kaspersky tool and that seemed to finish off the antivirusgt (after using all of the manual remove instructions above). To double check things, I also ran the Windows Live OneCare Safety Scanner and let it scan and clean up what it found. One thing it found was something called “spacequery”. Things it couldn’t delete I located the files and cleaned them up myself. Ran a final scan with the safety scanner and now the computer is clean and working correctly.
Good to hear, Pamela!
@admin
Thanks admin! TDSSKILLER worked for me. I can’t believe I haven’t ran across this tool sooner. Found an MBR rootkit in less than 30 sec.
How do you remove the antivirusgt manually?
AntivirusGT installed itself onto my computer and I can’t do anything to try and remove because it now has a blank screen with a blinking cursor. I tried to reboot in safe mode and there is no display except for the initial screen that displays the manufacturer’s name. I tried pressing f8 to no avail. What can I do?
Please give me contact no I have qustions
Mutates my ass. Just installed and updated the newest version and it didn’t detect any of the exact files you posted up there. Didn’t find anything remotely related to GT. No offense to spyware doctor though. I’ve seen this one before and spybot, avg, avast, super antispyware, none of em could find it. I believe it was that tdsskiller that finally worked.
BS: There are couple versions of trojans that promote Antivirus GT. TDSS Killer deletes the rootkit only, and one specific rootkit. Rookit is responsible for some redirects (sometimes it is just a proxy). It can not replace a scan with other tools. You can try mbam scan as well. It would be a good idea to submit the virus sample to the PC Tools lab so others will get protection as well.
Is there not a program that will get rid of all these? I tried one called “remove fake antivirus” which did detect and delete the program I’m infected with and some related files however, it left a registry key that redirected explorer.exe to the gt .exe so when you first log on and explorer.exe tries to load it loads the malware instead. In case anybody deletes the malware and upon starting windows you get no taskbar/desktop icons, you need to delete this key.
BS: At the moment there are known problems with all automated solutions due to the fact, that it uses TDSS rootkit. Though spyware doctor and malwarebytes should detect most of trojan files, and paid versions of these programs should reduce the risk of infection with such threats to the minimum.
After running TDSSKiller which found and deleted the rootkit. I had previously run various scanning products which have deleted many of the files that were on the system. I am not at the point of restoring my system but cannot complete due to D:/program files(X86)mywebsearch/bar/1.bin/F3WPHOOK.dll. I have tried to restore the system to a previous point without success due to the above file not being able to be extracted from the restore point, Need help! Otherwise I will have to restore to the factory settings which is my last option…
William: Do a full scan, it is quite likely that your restore points are infected with the rogue. If there was a rootkit in the system, then your restore points are not really safe.
@admin
The restore continues on a merry-go-round and I am completely dead in the water. I cannot run anything as the system restores and provides messages that it cannot restore and to send message. None of the other functions work. Seems this virus has completely taken over my portable. I ran Spyware, Spyhunter, and Paretologic PC Health and XoftspysE06 on my system prior to running TDSSKiller. When I ran TDSSkiller found the rootkit and the system automatically ran a system restore. Now each time I reboot the same programs run. Tried ctl+alt+delete but nothing.
Try pressing F8 and checking options in the menu. Try booting in one of these, it might stop the restore process. You have to stop the restore.
@admin
Admin
I have tried many times to use F8 to other options provided. Some switch, like Debug, closes windows to ensure no further damage but when it reboots the page defaults to the system restore. I will able under administrator to get into Commands under administrator X:/windows/system32/cmd.exe and did a system chkdsk and only message was “failed to transfer logged messages to the event log with status 50. Can I run a spyware program from this screen. Thanks
Do you think reinstalling windows will work?
I do not recommend reinstalling windows on top of infected systems. If you are going for reinstall, backup (files only, not user settings) and do a full system format. Running a program to check and clean mbr rootkits would be advisable as well.
Ok, so I downloaded a malware thingy and it took care of the antivirus GT problem but I Can’t seem to get rid of the Attention! Your web search thingy. It pops up when i try to search for something and I just need to know how to get rid of that.
I also downloaded the Spywared Doctor and they just wanted to charge me. I’m looking for freebies here. Can someone help?
Allen : Check what file is detected by spyware doctor. You can delete it manually.
i downloaded spydoctor and pc tools. i used pc tools first to locate the application and delete it because before it would not let me. pc tools gave me a message that it would be deleted the next time i reboot. now when i go to login (im running windows seven btw) instead of opening my desktop i just get a black screen. first it was a black screen with a cursor now its just black screen. im not getting avgt messages and i always make it to the login screen. any ideas
Jacob: contact PC Tools support from the page. It looks like TDSS Rootkit is on the boot record of your PC. You might need to download a special disinfection disk, burn it on CD, and fix boot record.
Hey got new Norton anti v to get rid of ft but does not seem to have done anything ideas?
All i get is a blinking cursor now. What do I do?
I purchased antivirusgt accidentally trying to renew my regular subsciption and was redirected to antivirusgt. What do I need to do. The purchase was made with my debit card, is my account in jeopardy?
@toriano julius
You need to do 2 things:
remove the antivirus GT completely (follow the instructions )
Contact your bank and dispute charges, ask to change your CC number.
Hi guys,can anyone help me with that???
my laptop affected by Antivirus GT and now the Windows doesnt work,and my recovery disks dont work as well.The blue screen comes before the windows loads and afterwards windows fails to work. What should I do???
I was able to remove AntivirusGT by using the recovery utility in Win 7.
Launch in windows SAFE mode and go to Control Panel. Select Recovery and look for a recovery date in the past before your computer was infected. Restore to this date and you should be good – no reloading the OS or wiping the drive.
Todd Sames : I recommend doing a scan neverless. System Recovery does not clean up everything, just some system files and settings. In some cases you can get reinfected quite soon.
Okay i have a Laptop and somehow this got onto my computer and it is denying me from getting into my iExplorer or Googlechrome so i can download a Malware Scanner to remove this damn thing. Now heres my question, how would i go about removing it completely, because i tryed doing a system restore and it is doing the same thing, im thinking its in my System32 Files. I have no Re-Installation Disc either. 🙁
Hi
I have been given a laptop by a friend who has lost all off his Desktop. I have found out that he has installed GT antivirus on it. When you start his e-machine D620, it will go through the boot up process, but after the welcome screen, all that is left is a dark blue screen and mouse pointer.
Can you advise on how to retrieve his fesktop, he has Vista Basic installed.
Many Thanks
Bob.