Home About us Malwarebytes Spyware Doctor Threats Contact us
Home > Threats > Advanced Virus Remover

What is Advanced Virus Remover

Posted on 21 September 2009 under Rogue Programs

1. What is Advanced Virus Remover?

It is rogue antispyware program, which infects the computer through fake Video ActiveX Codec. The primary symptoms of the infected computer are: altered desktop background (now it is solid blue with "Your system is infected" note in the middle of a screen), "Click here to protect your computer from spyware!" warning message in taskbar area saying that:

Your computer is infected! Windows has detected an infection of spyware! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.

Even if you do not proceed by clicking the message, Advanced Virus Remover will be downloaded and installed anyways. It will take a minute till rogue program will start computer scan, generating exaggerated report in the end. The report is defined as exaggerated not without a reason: a list contains non-existent threats (most located in C:\Windows\system32 directory), unless Advanced Virus Remover dropped any of them by itself. The report is followed by warning popup windows (eg. Critical vulnerables found!) and Spyware Alert notices in taskbar area, which tell user that his computer system is infected, offering rogue program as a protection tool. All of these alerts are fake and should not be trusted.

At the time of installation, Advanced Virus Remover modifies Windows Registry and disables Task Manager (taskmgr.exe). Opening Task Manager will result in popup message "Task Manager has been disabled by your administrator".

2. Advanced Virus Remover screen shot:

Advanced Virus Remover

3. How to remove Advanced Virus Remover:

  1. Internet connection might be disabled or Internet browser might be blocked by Advanced Virus Remover, so it won't be possible to download any files to infected computer. In this case please download all files required for Advanced Virus Remover removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove Advanced Virus Remover download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove Advanced Virus Remover.

  5. Restart the computer to complete Advanced Virus Remover removal procedure.
To remove "Your system is infected" desktop background, navigate to C:\Windows\system32, find "critical_warning.html" and delete the file.

4. Advanced Virus Remover files:

C:\Program Files\AdvancedVirusRemover\PAVRM.exe

5. Hijackthis entries:

O4 - HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe