On Win-XP, how to REMOVE 'antivir'?

[SarasotaSlim]

[SOLVED:]On Win-XP, how to REMOVE 'AntiVir'?

On a friend's PC w/Win-XP/SP2, they have an 'AntiVir' program installed, but it's
wedged the machine, apparently trying to clear some spyware.

So, I booted up in 'safe mode w/ networking', and when I go into
control-panel, to the list of installed software, I do NOT find AntiVir!

So, how would I REMOVE AntiVir?
[I really don't "trust" software that doesn't put itself into the list-of-installed-sw. ]

TIA...

 

[Zidane24]

On a friend's PC w/Win-XP/SP2, they have some 'AntiVir' program installed, but it's
wedged the machine, trying to clear some spyware.

So, I booted up in 'safe mode w/ networking', and when I go into
control-panel, to the list of installed software, I do NOT find AntiVir!

So, how would I REMOVE AntiVir?
[I really don't "trust" software that doesn't put itself into the list-of-installed-sw. ]

TIA...

Download a real anti-virus free app (AVG, AVAST, MSE, etc) and can to remove the threat...

Also download MalwareBytes Anti-Malware and scan with it to also remove the threat if it is a spyware

 

[SarasotaSlim]

Download a real anti-virus free app (AVG, AVAST, MSE, etc) and can to remove the threat...

Also download MalwareBytes Anti-Malware and scan with it to also remove the threat if it is a spyware

Makes sense...was going to replace it with Avast anyway.

Are you saying that AntiVir is itself spyware, rather than legit anti-spyware?
Their website looked legit, but looks of course can be deceiving!

[Or, maybe there are two flavors...a legit one and a 'mock' one that is spyware?]

 

[hackerman1]

hi !

SarasotaSlim: "Their website looked legit"

which website ?
there are a lot of nice looking fakes...
exactly what is the name of this program ?
there are some programs that are hard to find in taskmanager, because their processes are named something completely different than the program itself.

 

[Carolyn]

If you are trying to remove Antivir by Avira, there is a removal tool available on their website
Avira Antivirus Solution - Download AntiVir Removal Tool

 

[SarasotaSlim]

If you are trying to remove Antivir by Avira, there is a removal tool available on their website
Avira Antivirus Solution - Download AntiVir Removal Tool

Thanks.

EDIT: [Carolyn: Nope, looked at that...that seems to be (another) tool to remove
viruses, not a tool to remove the removal tool itself. ["Who's on first?"]

To 'Avira': One should NOT have to 'chase down' a product's removal-tool (from a website
or anywhere). That's a poor substitute for having product-removal 'builtin'...i.e. the installer
then puts the program in the official list, where a button then exists to later
remove the pgm if it is unwanted, or is causing trouble.

Case in point is THIS one: Now one can NOT get to such a website (from THAT
machine), because the product has jammed the machine. Sure, could waste my
time chasing down the real 'removal tool' from their site, only later to learn that
it won't remove it, because it's a 'fake'!? So, current plan is to try to remove
it with Avast.

(Maybe this is spyware trying to 'ghost' itself as being Avira AntiVir, but not.
Who knows? Is it real or is it memorex? :devil As I mentioned, it is NOT my
machine, so I'm unclear of specifics of exactly how it got onto the machine.

 

[hackerman1]

hi !

hi !

SarasotaSlim: "Their website looked legit"

which website ?
there are a lot of nice looking fakes...
exactly what is the name of this program ?
there are some programs that are hard to find in taskmanager, because their processes are named something completely different than the program itself.

 

[Carolyn]

EDIT: [Carolyn: Nope, looked at that...that seems to be (another) tool to remove
viruses, not a tool to remove the removal tool itself. ["Who's on first?"]

Oops, my bad (more coffee needed here)

Download the AntiVir uninstaller,
http://www.avira.com/en/documents/utils/av7_tools/en/avuninstXPeng.zip

and Avira Reg Cleaner,
http://www.avira.com/en/documents/utils/av7_tools/registrycleaner.zip

Save them both to your desktop.

Unzip both files to their own folder.

Open the AvUninstXPeng folder. Close all programs including AntiVir, then double click on AvUnist.exe to run it. Click yes when asked if you want to remove AntiVir. When it is finished reboot your PC.

Open the RegistryCleaner folder and double click on the Registry Cleaner file. Click the Remove RegKeybutton then click Ok. When it is finished Reboot your PC again.

 

[Carolyn]

Another approach...

Boot to safe mode, launch MSConfig and disable the Antivir startup.

 

[SarasotaSlim]

I finally solved it.

I'm strongly suspecting that it is not the legit product, but some sort of a spoof equiv.

At any rate, what I did was MANUALLY navigate into ..\program files\ and found an 'AV' sub-dir, with
just a single file 'antivir.exe', so I deleted that and its parent 'AV' directory. Did that from 'safe mode'.

No other spyware was found on the machine, using newest 'avast'.

EDIT: The owner says it was NOT ever explicitly installed. Rather, one day,
while browsing the web (with IE v7), "AntiVir" just appeared. Machine now
has been upgraded to IE v8, and the Google Chrome browser has been installed
and will be (mostly) used instead as the new browser.

EDIT2: Another anomoly I found was that wifi would NOT connect, when I went
into 'safe mode with networking'. I tracked that down: This was on a DELL laptop
computer, and the DELL-provided network-mgr 'widget' was in charge. I shut
that off, and gave back control of 'network manager' to the Win-XP-provided
sys-tray widget, and THEN 'safe mode with networking' works as expected.

Case closed. Thanks for all the input and ideas.

 

[hackerman1]

hi !

good that you solved it.
but, earlier you posted "Their website looked legit"...
could you please tell me the address (URL), i really want to have a good look at it.

 

[SarasotaSlim]

hi !

good that you solved it.
but, earlier you posted "Their website looked legit"...
could you please tell me the address (URL), i really want to have a good look at it.

Maybe you're a bit confused?

I didn't mean that this phony CLONE of the real AntiVir had a website.

I meant the REAL AntiVir website.

[I'd never heard of 'AntiVir' until the spyware attack, so once I saw the
logo that the spyware was mimic-ing, I googled AntiVir, and found their
website. So, you too can google AntiVir, and you'll find it, too.]

Does that solve your 'mystery'?