Advanced Virus Remover is one of many fake antivirus applications like Antivirus Live or Internet Security 2010, which are really just rogue viruses that hold your computer hostage until you pay the ransom money. They tell you that your PC is infected with loads of viruses, even though it’s the only virus on your computer. The biggest problem with these things is that they block you from doing almost everything—you can’t use task manager, Safe Mode, or even install a real malware removal tool.
Advanced Virus Remover is Terrible!
This thing just covers your PC with messages about viruses that they claim you have…
There are popups, messages, and just dozens of windows that open…
Their goal, of course, is to get you to pay them.
Advanced Virus Remover is tricky… if you open an application more than once, it’ll block you from opening it again, preventing you from installing any anti-malware tools (I tried both SUPERAntiSpyware installed edition and MalwareBytes, no luck) Note that it also changes your wallpaper.
Advanced Virus Remover also prohibits you from heading into Safe Mode, where you at least might have a better chance of getting rid of it.
Removing Rogue Fake Antivirus Infections (General Guide)
There’s a couple of steps that you can generally follow to get rid of the majority of rogue antivirus infections, and actually most malware or spyware infections of any type. Here’s the quick steps:
Try to use the free, portable version of SUPERAntiSpyware to remove the viruses. If that doesn’t work, reboot your PC into safe mode with networking (use F8 right before Windows starts to load) Reboot your PC and go back into safe mode with networking. If that doesn’t work, and safe mode is blocked, try running ComboFix. Note that I’ve not yet had to resort to this, but some of our readers have. Install MalwareBytes and run it, doing a full system scan. (see our previous article on how to use it). Reboot your PC again, and run a full scan using your normal Antivirus application (we recommend Microsoft Security Essentials). At this point your PC is usually clean.
Those are the rules that normally work. Note that there are some malware infections that not only block safe mode, but also prevent you from doing anything at all. We’ll cover those in another article soon, so make sure to subscribe to How-To Geek for updates (top of the page).
So, Let’s Remove Advanced Virus Remover!
Turns out that the answer to getting rid of this virus is really simple—you’ll just need to grab the free, Portable edition of SUPERAntiSpyware, which we’ve featured as our favorite must-have spyware removal tool, and put it on a flash drive (from another computer).
Then open it up on the PC, making sure to run the scan immediately. Don’t close it and re-open it, or Advanced Virus Remover will figure out what you’re doing and block you!
Once it’s all done, it’ll get rid of the bad stuff.
Then you’ll be prompted to reboot, which you should probably do.
If Advanced Virus Remover Blocks SUPERAntiSpyware
If you have an issue running SUPERAntiSpyware, you can try and use the following technique. Open up the Windows Run box with the Win+R shortcut key, or through the start menu. Then type in the following commands, hitting enter after each one.
Note that this may or may not help… the goal is to try and shut down the processes that are blocking you, and malware changes filenames all the time. You can also open up Windows Explorer, head into the Windows\System32 folder, and try and locate the bad processes there (hit the properties screen on some recent, odd-looking files), then use the taskkill command to get rid of them. This technique is how I usually figure out what the virus is hiding under, so I can easily kill it with just a few keystrokes.
taskkill /f /im winlogon86.exe
Cleanup the Leftovers!
Since I never like to fully trust a single anti-malware tool, I usually run multiple passes from multiple malware removal tools. I highly recommend running a second pass with the free edition of Malwarebytes Anti-Malware. (see our previous article on how to use it).
You might notice some more messages popping up from the virus—in this case, my SUPERAntiSpyware definitions were out of date (because I wrote this article before the official portable version came out, so I was using my own hack to create a portable edition).
Just ignore any messages, and continue with the scan, letting Malwarebytes remove everything else.
At this point you’ll want to reboot your system, and then install Microsoft Security Essentials and run another full scan. Can’t hurt to be too cautious! We also highly recommend Microsoft Security Essentials for real-time protection against these types of things.
Note: If you used a thumb drive at any point during this process, you should make sure and scan that as well—I’ve had viruses hop over to the thumb drive, ready to infect the next machine.