AntiVirGear Removal Guide
Do you know what AntiVirGear is?
DESCRIPTION
AntiVirGear is a fake anti-spyware program which downloads and installs itself onto your PC without your knowledge or consent, through a Trojan called Zlob. AntiVirGear will try to mislead you with constant false pop-ups and system alerts into buying the full version of the program in order to remove the supposed threats. When the icon that has a constant pop-up in the system tray is clicked, downloads and then installs AntiVirGear. AntiVirGear detects any malware in your machine and then requires you to go to AntiVirGear’s website to purchase the rogue software. AntiVirGear may also change your settings and make them appear as if the network’s administrator has changed them.
AntiVirGear is known to be a clone of VirusProtect Pro. Home site for the rogue is www.Antivirgear.com
Non-Techie terms: Spyware makers create programs like AntiVirGear to extort money from you. AntiVirGear does not detect spyware. AntiVirGear is the spyware you should avoid and not give out any personal information.
ANTIVIRGEAR OVERVIEW
Name: AntiVirGear 3.7.exe
Type: Rogue Anti-spyware program
Size: 1794048 bytes
MD5: %program_files%\AntiVirGear\ff8e28873c069c7e966328d1ec74d8c5
AntiVirGear .com WHOIS Information:
Website IP Address: 64.28.186.68
Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: www.estdomains.com
Domain Name: ANTIVIRGEAR.COM
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 65
All Postal Mails Rejected, visit Privacyprotect.org
Monster
null,2680 AB
NL
Tel. 45.36946676
Creation Date: 14-Aug-2007
Expiration Date: 14-Aug-2008
Domain servers in listed order:
ns4.sigmacode.biz
ns3.sigmacode.biz
ns2.sigmacode.biz
ns1.sigmacode.biz
AntiVirGear Automatic Removal Instructions
This automatic removal method is for non-techie computer users. If you’re too lazy to learn about spyware removal or how to access sensitive files in your computer, then this is the method for you.
Before you start: Print or bookmark these instructions because you’ll have to reboot into Safe Mode. Also back up your computer in case you make a mistake.
- Download and save SmitFraudFix to your desktop.
- Restart your computer in Safe Mode (how to do safe mode). Once the
desktop appears, double click on the SmitfraudFix.exe on your desktop. - After the credits screen, you’ll see a menu. Select the option number 2, which is ‘Clean (safe mode recommended)’, and then
press Enter to delete infect files. - SmitFraudFix will begin cleaning your computer and take a series of cleanup processes. When the process is over, it will automatically begin the Disk Cleanup program.
- Once the Disk Cleanup program is complete, you will be prompted with the message ‘Registry cleaning - Do you want to clean the registry’. Answer Y (Yes) and hit Enter. Reboot your computer.
- SmitFraudFix will now check if wininet.dll is infected. SmitFraudFix will ask you whether to replace the infected file (if there’s any) ‘Replace infected
file?’ Answer by typing Y (Yes) and hit Enter. - Reboot your computer to complete the cleaning process.
- After reboot, a Notepad screen may appear containing a log of all the files
removed from your computer. If it doesn’t appear, a file will be created called
rapport.txt in the root of your drive, (Local Disk C:). - Restart your computer in Safe Mode (how to do safe mode).
- Go to C:\Windows\Temp, click Edit, click Select All, press DELETE, and then
click Yes to confirm that you want all the items to go to the Recycle Bin. - Go to C:\Documents and Settings\[LISTED USER]\Local Settings\Temp, click Edit, click Select All, press DELETE, and then click Yes to confirm that
you want all the items to go to the Recycle Bin. - Reboot your computer back to normal mode. Go to Windows Update and download all critical updates.
AntiVirGear Manual Removal Instructions
This manual removal method is for techie computer users. AntiVirGear manual removal may be difficult and time consuming to remove. There’s no guarantee that AntiVirGear will be removed completely. So read the AntiVirGear removal steps carefully and good luck.
Before you start: Close all programs and Internet browsers. Also back up your computer in case you make a mistake and your computer stops working.
- Uninstall AntiVirGear Program
Click on Start > Settings > Control Panel > Double-click on Add/Remove Programs. Search for and uninstall AntiVirGear if found.
- To stop AntiVirGear processes (view process removal steps)
Go to Start > Run > type taskmgr. The click the Processes tab and you’ll see a list of running processes.
Search and stop these AntiVirGear processes:
AntiVirGear 3.8.exe
AntiVirGear 3.7.exeFor each unwanted process, right-click on it and then select “End task”.
- To Unregister AntiVirGear DLLs (view DLL removal steps)
Search and unregister these AntiVirGear DLLs:
bqrcr.dll
yneid.dll
pfrmj.dll
tkosvv.dll
itdtjjf.dll
fqgwiw.dll
ugbtna.dll
beahahl.dll
clbrcek.dll
nczupfw.dll
gaaplp.dll
fwzozx.dll
mxhfjy.dll
sttwrd.dll
flirek.dll
siiyal.dll
rrtrit.dll
gdrtul.dll
fifzqip.dll
hymww.dll
hteogat.dll
veptlh.dll
rmtdvc.dll
vzfhprk.dll
vusxqm.dll
swqzdtj.dll
rnxwph.dll
jrpkmgh.dll
pluwue.dll
zdhgsp.dll
txxkb.dll
iheuv.dll
lgaac.dll
vmlwp.dll
ddllup.dll
wqzdtjg.dllTo locate the AntiVirGear DLL path, go to Start > Search > All Files or Folders. Type AntiVirGear and in the Look in: select either My Computer or Local Hard Drives. Click the Search button.
Once you have the AntiVirGear DLL path, go to Start and then click on Run. In the Run command box, type cmd, and then click on OK.
To locate the exact DLL path, type cd in order to change the current directory. To display the contents of the directory, use the dir command. To remove the DLL file type regsvr32 /u FILENAME.dll (FILENAME is the name of the file that you want to unregister).
- To unregister AntiVirGear registry keys (view registry keys removal steps)
Go to Start > Run > type regedit > press OK.
Edit the value (on the right pane) by right-clicking on it and selecting the Modify option. Select the Delete option.
Search and delete these AntiVirGear registry keys:
2dcea392-ea10-4e6d-aba4-329ac377119c
41591d7f-9e25-4bd0-af53-9908fcf3a738
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\2dcea392-ea10-4e6d-aba4-329ac377119c
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\41591d7f-9e25-4bd0-af53-9908fcf3a738
837d024d-e0fb-44e8-acb1-24ec2309c487
daecb1b9-9f49-40f3-873d-5db0fdb14d7d
7dfa04a9-5e60-458b-ace4-4a7613504e8d
3aea41ad-3ce4-48d9-acab-be40ad329e40
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\837d024d-e0fb-44e8-acb1-24ec2309c487
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\daecb1b9-9f49-40f3-873d-5db0fdb14d7d
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\7dfa04a9-5e60-458b-ace4-4a7613504e8d
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\3aea41ad-3ce4-48d9-acab-be40ad329e40
75a65a53-15c9-4a0c-bb40-a7ca8b24f544
eb4c6870-721f-4989-9c90-8cbfa46d0298
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\75a65a53-15c9-4a0c-bb40-a7ca8b24f544
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\eb4c6870-721f-4989-9c90-8cbfa46d0298
12a8c4e6-06c8-4ab3-9274-a0cde148e3da
f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5
a6d478c6-7961-4fe9-be4b-e621dd640112
e0e6e3da-f3af-4fb4-9411-2cf92fdeefc2
c74f7434-a6e7-46c3-bf60-62a005074fe5
7999c5e2-b500-4ba5-8e9a-99639eca65fc
23ED2206-856D-461A-BBCF-1C2466AC5AE3
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\12a8c4e6-06c8-4ab3-9274-a0cde148e3da
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\a6d478c6-7961-4fe9-be4b-e621dd640112
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\e0e6e3da-f3af-4fb4-9411-2cf92fdeefc2
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\c74f7434-a6e7-46c3-bf60-62a005074fe5
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\7999c5e2-b500-4ba5-8e9a-99639eca65fc
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\23ED2206-856D-461A-BBCF-1C2466AC5AE3
a47e7ce0-263d-40aa-86bc-27c1f6433143
e1adb94e-0dc6-487c-b274-981bee6301a1
ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\a47e7ce0-263d-40aa-86bc-27c1f6433143
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\e1adb94e-0dc6-487c-b274-981bee6301a1
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b
34ec76b6-53c4-4686-822f-910c790683fb
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\34ec76b6-53c4-4686-822f-910c790683fb
16be3225-e902-4d2a-ac98-aab162796927
Microsoft\Windows\CurrentVersion\App Paths\AntiVirGear 3.8.exe 3.8
AntiVirGear 3.8
DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5
FA38F299-57F8-4FEB-9096-715460AE943C
F90A7969-20A0-4257-B39D-9C73D64CE3B0
F6FDBF9A-19A7-4F0A-9F46-6F015A067B44
C183B073-2D7F-45BC-8967-80147CECEE45
A7FE54B2-B167-4017-BCCC-CF73B2F678E3
7D2A83A4-0687-4704-937E-A29045826F77
73D25394-992F-43D1-BF92-48494CC0D1AE
58A1ACE6-0DBA-45D2-8154-E8253A7B87BB
50B388D5-4A80-4191-8BCC-5DD031D7F3EE
47A93011-1004-440C-9960-BD3B0348A7C2
409A05EF-1B48-4198-B6BF-993B8B52790C
3D5E5AE1-5DED-4520-BDC2-B9292EA708CA
38EEEF46-CA24-4ACA-A90D-540978DF7252
2447284F-3590-4E8C-A869-049BD87CAD07
14F47CA3-2291-4B3E-9ED4-8C7E6AE80851
0A0FC1A4-41D4-4793-9AC5-0B55CDC95AE9
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\16be3225-e902-4d2a-ac98-aab162796927
79cdca21-5055-4cae-b609-e1685ef55cf7
02e155c1-202c-43a5-a212-58bb67d4341c
92050ffb-b796-4146-ae27-7e5e1d93b8a8
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\79cdca21-5055-4cae-b609-e1685ef55cf7
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\02e155c1-202c-43a5-a212-58bb67d4341c
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\92050ffb-b796-4146-ae27-7e5e1d93b8a8
60dea04c-9817-4309-bfa2-f8a1766c3cd1
adf64b1b-c68c-4ce8-bb55-258b7b8b0f81
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\5feba593-3e6d-4606-ae6e-0680501cd29e
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\adf64b1b-c68c-4ce8-bb55-258b7b8b0f81
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\60dea04c-9817-4309-bfa2-f8a1766c3cd1
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\d6ef030a-a235-41ba-9ead-89b6ff542f00
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\cc25189b-1b13-4abe-900e-65e08bd961af
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\b02c6db1-a1ea-470f-8100-b1391463ba92
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\95dde900-8bf3-428c-b9be-8345c9d194f7
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntiVirGear 3.7
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\8a96d76c-97fc-42c8-8e68-5613bacef854
27882a9f-8937-4ae4-87ab-ed669c8b6d7a
655560a9-3ca8-4509-9632-6abbef21426b
98013eb8-258b-4979-bfd5-04ecd93f765c
d4c4bc43-0974-4dec-a669-9f7bfcb3503d
Microsoft\Windows\CurrentVersion\App Paths\AntiVirGear 3.7.exe 3.7
AntiVirGear 3.7
AF0C5CBA-52E1-4B29-A2DC-58D91D599612
FD9A05E8-4A1E-45E6-B3B6-37CE20140278
F1666E4E-45C8-462A-97FF-BFD5A103BFFA
EE241504-6F15-49E4-847F-B4D7DA9EA8F9
B2882CC2-0077-426B-916D-E0B9EA23A1B5
AD7CA0BC-693A-4AF9-B31A-60472248F761
AB5E9971-7086-4E6E-ADFA-BE9C685BE68B
AA500EFC-3C92-44C9-B1D6-7A7033343A50
A2224C72-745E-4046-882F-1A48C9311D77
897F5CB6-C1C1-494E-8F17-972784193442
8742F319-C916-4930-B781-1C148134C05C
77E616D5-5DB4-4B6A-8BDA-2BE4103A9921
765A8F7D-F57B-4601-A038-3F463A4D3193
64A8E3CA-AE17-4EB0-8C67-47D1103A5B6F
61840430-C7CF-43A0-9D49-3B3ED563FED1
5F251303-F8C4-44C3-A7C2-9E8A93C59322
418985AE-4FE4-448D-83EE-238C887D8FC2
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\b8ea5f37-7327-4923-9808-8fd3b6f0d529 - If your homepage has been changed, go to Start > Control Panel > Internet Options > click on the General > click Use Default under Home Page. Add the your desired default homepage, then click Apply > click OK. Open a new web browser to check that you have your desired default homepage.
- Remove AntiVirGear Directories.
To find AntiVirGear directories, go to Start > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder.
Search and delete the following AntiVirGear directories:
bqrcr.dll
yneid.dll
pfrmj.dll
tkosvv.dll
itdtjjf.dll
fqgwiw.dll
ugbtna.dll
beahahl.dll
clbrcek.dll
nczupfw.dll
gaaplp.dll
fwzozx.dll
mxhfjy.dll
sttwrd.dll
flirek.dll
siiyal.dll
rrtrit.dll
gdrtul.dll
fifzqip.dll
hymww.dll
hteogat.dll
veptlh.dll
rmtdvc.dll
vzfhprk.dll
vusxqm.dll
swqzdtj.dll
rnxwph.dll
jrpkmgh.dll
pluwue.dll
zdhgsp.dll
txxkb.dll
iheuv.dll
lgaac.dll
vmlwp.dll
ddllup.dll
wqzdtjg.dllRight-click on the AntiVirGear folder and select Delete.
A message will appear saying ‘Are you sure you want to remove the folder [NAME OF FOLDER] and move all its contents to the Recycle Bin?’, click Yes.
Another message will appear saying ‘Renaming, moving or deleting [FOLDERNAME] could make some programs not work. Are you sure you want to do this?’, click Yes.
- To remove AntiVirGear icons on your Desktop, drag and drop them to the Recycle Bin.
You’ve completed the AntiVirGear manual removal instructions!
I hope this article has helped you solve your AntiVirGear problems. If you want to contribute to this article, post your comment below.
Disclaimer: This article is for educational purposes. By using this information you agree to be bound by the disclaimer. There’s no guarantee that AntiVirGear will be completely removed from your computer. Seek professional help if your computer continues to experience problems.
Did You Find this Article Helpful?
Subscribe to Spyware Techie for more!
Or get latest articles to your via email:
