Antivirus.NET is a totally malicious program that will try to convince you that your PC is infected. It does that for a tricky reason – by making you believe that your machine is under the risk of spyware, it scares its victims into purchasing so called “licensed” version. In order to avoid such secret intrusions, you should have the reliable anti-spyware with “full” version installed because only this variant will guarantee real time protection against this threat. Besides, make sure that you update your security software and have full virus data base to get rid of Antivirus.Net successfully.
“Full” version of Antivurs.NET is useless just like Antivirus Scan or Antivirus Action because it has been reveled to have no capabilities to find and remove any cyber threat. Though it will display numerous alerts, pop-up ads and scanners reporting dangerous malware, never fall into them because they are useless and have no informative value. So, instead of giving your money for scammers, please remove Antivirus.NET as soon as you start seeing such or similar alerts:
Antivirus software alert
Infiltration alert
Your computer is being attacked by an Internet virus. It could be password-stealing attack, a trojan-dropper or similar.
Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
– The website contains exploits that can launch a malicious code on your computer
– Suspicious network activity detected
– There might be an active spyware running on your computer
Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.
Security Warning
Application cannot be executed. The file notepad.exe is infected. Do you want to activate your antivirus software now.
Once AntivirusNET manages to get inside the system, Trojans that distribute it change some Operating System parameters and set the malware to launch as soon as you reboot your machine. That means numerous annoying alerts telling about trojans, spyware and other malicious components detected on your PC. However, it can be easily predetermined that there is nothing dangerous on your machine but Antivirusnet. While operating, this scamware will also disconnect you from Internet connection, so you couldn’t download and update your anti-spyware for malware’s removal and also may disable all legitimate security software running.
As you can see, Antivirus .NET is nothing but dangerous application trying to do its best in making you believe that only its “license” will save your PC. Please, instead of giving your money (and your important personal information!) for scammers, remove Antivirus.NET. For that, you should get legitimate anti-spyware (such as spyhunter or Malwarebytes Anti-Malware) and after updating run them to find malware’s iles. If you have been disconnected from the Internet, you should check your proxy settings and also stop all processes of malware running.
Special notes to recover IE:
If your internet connection is affected, disable proxy server on your PC. Choose Tools menu and select Internet Options, Connections, Lan Settings and uncheck the box labeled “Use a proxy server for your LAN”.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
I try to follow everyone’s advice, but it still won’t connect me to the internet. I’m on my phone looking things up and nothing is working. I dnt kno what to do!!
@charles
do a system restore
How do I do a system restore?
Autumn Reboot into safe mode. Press start->run . enter RSTRUI.exe.
After system restore I recommend scanning with anti-malware tools, as there are high chances of reinfection.
Awesome writeup. I figured this was a new one when my safe mode scan using Malwarebytes failed to detect anything on a 10 day old database. Behaves the same as *security tool* blocking all new processes from being launched.
Might want to add that users should turn off system restore and then re-enable it when the infection is removed to ensure 100% clean system.
Also stop downloading illegal movies. Had 3 units of this come in this weekend all from bearshare / lime/frost wire downloads. Must be a popular new movie out with a bad codec required 😀
Logbo: For some users it is better to do system restore (if they CAN’t Launch anything) then disable system restore, and do a full system scan. Then reenable it. This is especially true for Windows 7 – system restore is better than in XP.
Thank you so much, I have been trying to find a way to fix this aweful problem for days! 🙁 I hope this works, its restoring now! Cross your fingers for me! After I do a system restore, so I need to do anything else to rid this bug?
Autumn: It is highly advisable to scan with Spyware Doctor, Malwarebytes, etc after restore – it happens, that restore is not 100%.
IT WORKED!! Thank you so much! Whoever started this ugly bug should just be shot! Thank you for your support! I have dowloaded an spyware and virus protection on my computer now, do you think I am sufficiently protected now? Thanks Again! Great support system you guys have!!! 🙂
I would recommend running some internet security suite to stay protected. Personally, I use ESET Smart Security as my first line of defense, and SD 7 as additional anti-malware protection. There are many options though.
For me, it just came 20min ago and restricted me frm the Internet, system restores, and lots of other applications.
Any advise before this gets worse?
I’ve located the [random].exe process that is related to antivirus.net, but everytime I try to end it an error window pops up saying that the process is infected. Help!
I run Windows Vista, which I know can be buggy, but the system restore shouldn’t hurt any other files, right?
Also, I use Webroot Antivirus withAntiSpyware that updates regularly. It failed to catch the bug on two full scans.
Will running this after a system restore fix the problem? Because I’m really scared to try it manually.
I have this virus on my computer at the moment. When I try and start system restore, its turned off even though I always have it turned on. If I cant restore to an earlier time, is there another way I can get this virus off my machine?
Many Thanks for your help.
Is there Any other way to system restore? Antivirus.net on mine won’t let me do it through start-> run->rstruu.exe either!
Ok i downloaded the spyware doctor from another computer and i am not able to do use it in safe mode or normal mode i cannot do a system restore what do i do next
when I try to enter RSTRUI.exe my computer tells me it can’t find it and maybe I typed it wrong…argh
I just ran into this problem today and have tried all of the above. I can’t access any programs (If i could get on the internet I’m sure I could download something to help the situation out), I can’t system restore for some reason, and RSTRUI.exe. can’t even be used. Any other suggestions other than taking it to a professional?
System Restore NEVER gets rid of a virus/fake antivirus.. it only puts it dormant until next time it wants to activate. I have found Malwarebytes Does the trick.. Make sure it is updated
I copped this one today by simply clicking on an image of a weather vayne while searching for ideas on how to build one. All I got was a “Java” loading window. I closed immediately but it was too late.
Antivirus.Net would not let me access any applications on my computer. I went looking for it in safe mode but it was nowhere to be found. Back in normal mode, I eventually found an executable in C\Documents and Settings\Administrator\Local Settings\Temp.
I tried to delete all the files in the Temp folder. It was the one that I was prevented from deleting – bjbptlfsjmo.exe . I was able to change its name to something random eg “bob” without the exe suffix. I would say that I could have renamed this folder in Safe Mode once I knew which one it was. I then rebooted and it was pleased to see it gone. Apparently what was happening was that it uninstalled on shutdown and reinstalled on startup. This is to stop you getting access to its process in Safe Mode. Once the registry keys could no longer see its executable it could not start. I have run CCleaner and it found redundant Antivirus.Net registry keys which I have removed. I will mount a thorough search later but for now I will try to catch up on a lost morning.
How do I disable and then reenable system restore please?
Ive tried the system restore in safe mode and my computer tells me no restore points have been created on my computers system disk. Ive downloaded Spyware Doctor on a jump drive and it wont run on the computer. Also, I can’y unclick the LAN settings box because it automatically goes back on. Antivirus.net is the worst!!! What else can I do??? Thanks for your help in advance!!
PS I have Trend Antivirus, shouldnt it have stopped this??
Rayman: Try other tools, Webroot is not a single anti-spyware out there. I recommend Spyware Doctor, but Malwarebytes, Hitman pro work as well.
Joey: Try disabling its startup entry. If this fails, and you can not launch spyware removers, try booting into safe mode with command prompt or using alternate OS scanners.
OneNOnlyRose : The claim that system restore NEVER gets rid of the virus is a marketing gimmic of some anti-malware tools. It does, but, like all solutions, not in all cases. Some malware CAN infect restore points, some don’t. Same is with Malwarebytes – it does not remove every rogue, but it is still good tool.
@Patrick
Find the Antivirus .net executable. I am using XP and I found it in – C\Documents and Settings\Administrator\Local Settings\Temp. I was able to confirm that it was the file in question because the malware would not let me delete it. I selected all ( Ctrl A )in the Temp folder and then “Delete”. It soon stopped at the offending file saying I could not delete it. In my case the file was called – bjbptlfsjmo.exe.
Once you have identified the Antivirus.net executable go into safe mode and change it’s name. In my case, the Antivirus.net executable was called “bjbptlfsjmo.exe”.I changed it to “bob”. When you reboot in normal mode Antivirus.net should be dormant and you should be able to delete “bob”. Then you can go ahead with whatever clean out strategies you choose.
PS This all happened to me today 1st Feb 2011.
PPS Don’t use “bob”, Just make up a random name and make sure you leave the “exe” off the end.
Just out of curiosity, is this a relatively new virus?
I just fixed my computer from this awful hijack first go in and restart computer while it is rebooting click f8 over and over again a screen is going to pop up click on safemode then go in and system restore to a few days before your computer was infected this will let you go online but the problem with that is the virus is still in your computer but nomore pop ups but you can finally get online you will think its gone but it is not so now you can go online go to wiki and search antivirus.net it will give you all info needed to fix your system i used spyhunter4 and my computer is back to normal hope this helps you all. also when did you notice you were attacked? what internet site were you on if any? my computer was just on idle with no internet pages on.
Nick : Yes, less than 2 weeks old atm .
James is smart.
You dont have to do a system restore, and lose alot of info. I have gotten this Anti-virus stuff three times now, and going into “safe Mode” and FINDING the virus and deleting it is the answer. Alot of them dont tell you that, because they make money when you buy the cleaners. You can clean your system later and keep and good antiviral software for future use.
I can’t locate any of the files or registries that have [random] in them.
Nick: Random means that they change from install to install. Check locations for registry entries – they have to be in APPDATA folder.
@dee
Dee, when I first got the pop ups I was on a game called Blah. After it started to really annoy me, I got my mum and she is gonna try and fix it today.
I’m going to try and follow your steps now, thanks for the advice!
Oh my god, Dee your comment changed me!
I did what you said and I got my mum to help me to find System Restore ‘since I don’t know where it is’ and I went back onto the normal mode after it was done and it was gone!
Thank you Dee, my annoying Security Shield is gone thanks to you!
I have tried all the things above. When i try and do the system restore it says i have errors. so i ran a chkdsk and it found errors but will not fix them. Any other ideas?
I was “caught” tonight by Antivirus.net and “bought” it for $49.99 because it said I couldn’t use my computer without it — had not heard of the scam. Now I bought Spyhunter 4 to remove Antivirus.net — anyone know if Spyhunter is legit? Or did I get scammed again?
Just an update :
I found a registry entry called “HKEY_CURRENT_USER\SOFTWARE\INEUFBR1V\”
A Google search led me to this McAfee page:
http://vil.nai.com/vil/content/v_364937.htm
I recomend you to take a look at this page. I found the information accurate and relevant to the current version of this malware. I was able to perform a full manual removal with this info.
I also ran a spyware scan and that turned up one trojan that may or may not be related. Anyway I would recommend you do a scan to finnish off with.
PS: I also recommend you do a registry clean at the very end of your clean up.
My favourite cleaner is CCleaner.
valerie: Spyhunter is not recommended program at the moment. First, there is pricing (they charge 2x per year to increase profits).
James: I would guess the trojan was related and caused the infection.
@James – Thanks for posting! I had the same problem as everyone else in not being able to get online, run Safe Mode, or do a system restore. I did what you did (deleted files in Temp) except I wasn’t able to change the name of the presumed infected file. While the Temp folder was clearing out, the file seemed to have “disappeared” or the file name changed, not sure but after a few tries my Temp folder was empty and the pop-ups stopped! I was able to go online and download Spyware Doctor which found a trojan and a bunch of infections. I’ll try CCleaner as well. Thanks again!!
I am on vista and I could not find the virus files, i also cant get on to system restore, help please ?
also how do I get into ‘C\Documents and Settings\Administrator\Local Settings\Temp.’
*yawns* How about everyone calms down and we all list our [random].exe names when we remove. I have the virus and am searching for it right now. Thanks to a retarded mother, I am not the admin on my computer and cannot delete the files without her password and she isn’t home at the moment… I have the virus, listed in my program data as C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}, and C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}…
The exe file is the only thing I haven’t found due to the random name… Next time someone is able to manually remove the virus, please list the exact location and any definitive data regarding the name of the .exe…
UPDATE: Found the .exe as: >>>setup2028370540.exe.manifest<<<
Remove the arrows, and you've got your virus… The .manifest was probably meant to throw you off… Have fun deleting…
I was able to get rid of the virus thanks to Malware Bytes!
Restart your computer, and when it boots up, START TASK MANAGER QUICK ENOUGH BEFORE THE MALWARE STARTS UP! And end the process of the virus.
Then use a program called rkill to put down the virus.
Then FULL SCAN with MalwareBytes.
Use a program like ESET Smart Security to check for further infected files. Be aware, if you had any USB drives or other removable media during the malware attack, the files contained in them could also be infected
It tells me that RSTRUI.exe is not a file. and it tells me to check spelling and try again. any help?? @admin
Dan: which windows version are you using?
Now my problem us that I was locked out of my administrator account and use a non administrator account on windows vista home premium. If I download Spyware doctor onto a USB then try to transfer it to the infected computer, would itbe able to download at all? without an administrator account, I can’t install anything to the infected computer, regardless of the Antivirus.NET. Can anyone help?
Tony: If you are locked from admin account, reboot into safe mode or safe mode with networking. In safe mode you can try deleting files or doing system restore. In safe mode with networking, you can try running malware removal software.
@Blair
Blair: If You are using XP:
1)Open “My Computer”
2)Double click on “Local Disk (C:)
3)Open the folder “Documents and Settings”
4)Open the folder “Administrator”
5)Now this is where it could get a little tricky for those who don’t delve into their operating systems – “Local Settings” is a hidden folder. If it is not visable you will have to go to the top of your window and open “Tools”, then “Folder Options”, then “View”, then under “Hidden Files and Folders” click on the radio button: “Show hidden files and folders”.
6)The “Temp” folder is in the Local Settings folder.
Hope this helps.
But theoretically I can’t install anything new without an admin account, right? unless McAfee works. Is there a way for me to install Malware removal software in non admin account?
Tony: Try hitman pro , it does not requires install. Also, the good news is that your PC is easier cleanable from admin account, which should be unaffected.
@admin
i downloaded hitman pro, but the virus wont let me open it. help!!
OK, so this is how i did it. i found a file (dont remember the name- it was a just a bunch of letters and numbers) in my temp folders that was created today, opened it, and the icon for the doc inside was a radioactive icon, so i figured thats it. i renamed it “joe”. then i restarted, then started task manager ASAP, went into the temp folders again, and deleted “joe”. then i installed hitman pro, used it, and am now scanning with my normal antivirus software (norton). and so far so good….
Alex: Try safe mode with networking, or right-click and choose run as administrator. also, you could try renaming it to explorer.exe or starting from task manager as new process.
There are more options.
My girlfriend is having issues with her laptop, and I can’t look at it myself, but I’m trying to help her over the phone. Her computer is saying “Application cannot be executed. The file Wuauclt.exe is infected. Do you want to activate your antivirus software now?” And it lists the Antivirus.net as the virus software to use. McAfee is the other virus software that is on the computer. Could you please help me with this issue? I have read the above info, and explained this to her as best I can, but I’m not sure how to go about it without being able to look at the computer myself.
i woke up this morning with the antivirus .net on our ‘family computer’. ive been working on removing it since i got home from work 3 or so hours ago.
i tried to search for the .exe file location maxwell provided but got nothing. so i tried a search on exe.manifest and found these two suckers….
eqnedt32.exe.manifest (folder location C:\WINDOWS\system32\usmt)
migwiz.exe.manifest (folder location C:\Program Files\Common Files\Microsoft Shared\EQUATION)
going to delete both and see what happens…
hope this helps.
Hi guys,
Really have had some serious problems with this virus and I am desperate for help. I have Windows Vista on the infected Laptop and I’ve tried a few of the suggestions above but still no joy. Could anyone tell me how to get rid of this virus in simple instructions?
Thanks
hey i just got the antivirus.net on my pc..it just appeared there. it doesnt allow me to do system restore and i did stop it with task manager but sometimes it just sends me to the blue screen. pleasee help..this trojan pissing me off
I went on safe mode, deleted my temp files…now what do i do?
i also just did a system restore..not sure what is happening exactly
restore point is good…now do just run a scan?
i have the up to date free avg antivirus…will malabytes and hitman pro work side by side with it or are all antivirus programs a one “man” team?
update..i just got done scaning and avg did not pick anything up..odd?
AVG is pretty poor at detection of malwares. Spyware Doctor does not work too well with other antiviruses, but you could do a scan with it too. Malwarebytes and hitman pro can work with other antiviruses.
what is one that is better than AVG and can run with Malwarebytes?
@alex
GO Alex
Ching: Any antivirus and internet protection suite can run with malwarebytes. We listed some here : http://www.2-viruses.com/resources/antivirus-tools-and-resources#antivirus . I choose ESET Smart Security each time, though Kaspersky Internet Security, or any other would be good choice too.
Hey everyone, I need some help with this program. I finally managed to restore my computer by manually ending the antivirus.net process by finding the random gibberish name for it in taskmanager. Once it was shut down my internet still wouldn’t work, but I could restore.
After restoring everythings fine again and the virus hasn’t turned on again. BUT there seems to be some kind of browser hijacker installed now. I can access my internet, access any site I want, but if I happen to google any website about anti-virus.net (including this one) I am automatically redirected to seemingly random and shady “antimalware” websites, forcing me to manually find this website and search for the virus there instead.
So does anyone know if this hijacker is a result of antivirus.net, or is it some other trojan that came with it?
Thank you for this webpage by the way, it’s helped me more than I can describe.
My computer got infected yesterday so I performed a scan with Avast and once it finished it prompted a restart of the computer and now it won’t boot at all. I just get a black screen with lines of text if I use safe mode. Does this mean there’s absolutely nothing I can do?
Can anyone confirm if the virus is completely removed after these steps I took:
Had virus, which restricted everything
Did system restore to 3 days ago, which then let me use pc as normal
deleted all temp files in c/doc sett/admin/local sett/temp (none of the files were restricted or required renaming, though…)
disabled system restore and ran full scan with spydoc and found NO infections
am i clear? i still dont quite understand how to ‘find’ the virus manually. thanks…this thing was nasty.
@James
ya dude i rock
and so do you for helping me, as well as all these other fine people.
i am, however, worried about it coming back, thought i read somewhere that this happens. what can i do to prevent this? i cant drop any cash on anything… anymore programs like hitman out there that will catch anything that norton and hitman pro didnt???
I have ESET, which is supposed to be the best out there, and it didn’t catch the virus. So, I am disappointed with it.
@Alex
James: Registry entries without files can do little harm. It is more important to scan against trojans.
The youtube link you gave is distributed by people behind product of questionable reputation.
I had this spyware for three weeks. I cant connect to internet and reboot. I had solve this problems by deleting my present account and creat a new one. But after one week, it showed up again. I did my way again, for more than a week, it didn’t show up any more. I am worrying if it may still in my PC. What can I do to remove it absolutely?
@admin
asmin:
A simple registry cleaner will find the registry entries without files. The registry entries that I found concerning were in Internete Explorer-phishing filter and Windows/Current User/Internet Explorer- proxy server settings and proxy server overide.
Cheers.
James: Your fix would not remove nor disable parasite alone.
Nam: After you create new account, you should do 2 things: First one is to scan with couple anti-malware tools ALL your PC, the second is consider upgrading your antivirus to internet security version. You either miss trojan downloader or get reinfected.
how do we download the antivirus program if we cant get onto our internet?
Tommy: use usb disk, or reboot into safe mode with networking, disable proxy server and all browser add-ons. In many cases it is enough to restore internet connection.
I can’t eject the USB normally. A pop-up would appear on my screen:
This device is currently in use. Close any programs or windows that might be using the device, and then try again.
I already closed all programs I used but still it won’t eject my USB. What could be the problem? Is my PC infected with a virus? Please help me how to solve this problem. Thank you!
It is possible, though unlikely. Just pull out flash from drive and check it on another PC with decent antivirus.