It is very likely that at a certain moment in your web surfing activities, you’ll get your computer infected with some kind of malicious program. A powerful antivirus program is necessary to help you stay away from virus infections but even so, you still might deal with this kind of issues.
Today we’re talking about AV Protection 2011 and about what must be done to remove it. AV Protection 2011 is a rogue-antispyware program that is part of the Rogue.WinAVPro family. As many other malicious programs, AV Protection 2011 will display fake warnings and scan results to brainwash you into believing that your computer is infected with some kind of virus.
AV Protection 2011 will tell that in order to be able to remove all the infections found, you will have to purchase the entire program. Do not purchase it as this is a scam. Don’t let yourself fooled by these fake warnings since the program is scripted to show all these messages no matter how clean your computer is.
You won’t be able to run many of your programs and any executable you will try to run will be immediately closed. Windows will be configured to use a Proxy Server and thus instead of getting to the web pages you want to visit, you will get to another series of fake messages telling you that the page requested is malicious. So, if you had the bad luck to get your PC infected with AV Protection 2011, then follow the guide below to get rid of it:
1. First of all, make sure you use another computer to read these instructions as you will have to close all the windows and programs later in the claening process. You can also print them. Still, another computer might be needed if you cannot download the necessary tools on your infected computer. Therefore, download them on a clean computer and then transfer them to your infected computer by using a CD/DVD, external drive or USB flash drive.
2. Reboot your PC into Safe Mode With Networking. So, turn it off and then on. Once anything appears on the screen, press the F8 key. This will take you to a menu from which you will have to choose the Safe Mode With Networking option. When Windows boots in this mode, you will have to login as the same user you were logged in before.
3. If AV Protection 2011 has configured Windows to use a Proxy Server, then you will have to take care of this problem before going any further. So, launch Internet Explorer and then go to Tools>Internet Options. When you get to the Internet Options screen, you will have to hit the Connections tab and then the LAN settings button.
4. You will get to the Local Area Network screen where you must check the “Use a proxy server for your LAN” box. Hit OK and exit Internet Options screen.
5. AV Protection 2011 might be bundled with TDSS rootkit infection, so you will have to run TDSSKiller. If this tool asks you to reboot, make sure you do so. Reboot back in Safe Mode With Networking.
6. The next step in the AV Protection 2011 removal procedure is to terminate all the processes associated with this infection. For this you will need Rkill. Donwload it and save it on your desktop. Double-click on the iExplore.exe icon and let Rkill do its job. AV Protection 2011 might display some fake alerts telling you that Rkill is an infection but it does so to protect itself from being removed. Ignore these warnings and leave them open. This way, you will bypass the malware. If Rkill asks you to reboot, don’t do so.
7. Now it’s time to download MBAM (Malwarebytes’ Anti-Malware). Just like in the case of Rkill, save it to your desktop. When the download completes, close all the windows open and running programs.
8. Double-click the mbam-setup.exe icon and thus install MBAM. Follow the installation process and do not change the default settings. Just check the Launch Malwarebytes’ Anti-Malware and Update Malwarebytes’ Anti-Malware options before hitting the Finish button. Don’t reboot the computer after the installation finishes.
9. Go to the MBAM Scanner tab, check the Perform Full Scan option and then hit Scan. MBAM will scan your PC for all the files that are related to AV Protection 2011.
You will be presented with a message box when the scan fnishes. Hit OK and go to the scan results. Once you get here, select all the items in the scan results list which will look something like to the one in the image below) and then hit the Remove Selected button. These files will be deleted and added to the program’s quarantine.
10. After this, you will see the scan log displayed in Notepad. Make sure you close it after you review it. You can now exit MBAM as well.
If you’ve followed the steps above carefully, then you should have gotten rid of AV Protection 2011. To avoid this kind of infections in the future, you should go for the PRO version of Malwarebytes’ Anti-Malware.