Posted on

Avira AntiVir Enhanced Protection = Virus!

 

I use several different computers, and yes, one of them is a PC.  And we all know that PCs tend to get the most malware and spyware.  They’re like the kid who’s always getting sick at school.

sick-computer-graphic

On that particular PC, I couldn’t shell out the cash to buy one of the best antivirus programs (like Kaspersky or Bitdefender), so I went with Avira, since its basic version was free.  It seems to get the job done most of the time (although on every gift-giving holiday, I swear it says, “Get your wife the gift of protection!” – which sounds wrong in so many ways).

Not long ago, I had some kind of “update” window pop up that appeared to be from Avira, and it looked very similar to the one above (but not identical).

Unfortunately, when I clicked on it, it redirected me to a clone Avira site that also looked similar to the real one.

Now, it would be easy to mistake this for the genuine Avira site , but there was another clue that tipped me off.  I would click links on harmless sites like WordPress Stats, and every link would lead me back to the so-called “Avira” site.  The fake site kept badgering me to download their “Pro” version, and did so in such an intrusive way that it didn’t seem real.

I wish I had a screenshot of the fake site just as a warning, but I don’t at the moment.  On the upside, I came across this screenshot of the fake database update window, which is quite similar to the one I saw:

avira-antivir-enhanced-protection-mode-virus-fake-database-update-screenshot

If you click on that, a red window will pop up that looks like this (or similar to it):

avira-antivir-enhanced-protection-mode-virus-window

At first, I admit I had been fooled.  Thus, I attempted to uninstall the real Avira program, thinking that it was just hounding me to do updates, but when I tried to do that, it wouldn’t even let me finish the uninstall process!

The program would get a few seconds into it, and then a window kept popping up that said, “Are you sure you want to uninstall?”  If you clicked yes, that would trigger the same redirect as above.  (That was the final straw, of course!)

Apparently, the malware my computer had “contracted” was called Avira AntiVir Enhanced Protection Mode, which mimics the Avira Antivirus program in quite a few ways, but is quite malicious.  On the bright side, it’s certainly not the worst malware in existence.

Get Rid of It…Please!!

So there are several steps to removing this particular type of malware, which can sometimes get a bit complicated.

If you want to remove it manually, here are two helpful guides: How to Remove Avira AntiVir Enhanced Protection Mode and How To Remove Avira AntiVir Enhanced Protection Mode Virus – Virus Removal.

According to the former:

a. Boot your PC into Safe Mode with Networking first, which prevents AntiVir from running at startup.  It will also make it much easier to delete all of the infected files.

XP: Avira AntiVir Enhanced Protection Mode executable path:

C:DocumentsandSettings%UserName%DownloadOTS.exe

C:Windows1rezerv.exe

C:Windowssystemup.exe

C:Windowssysdriver32.exe

 

Win 7 / Vista: Avira AntiVir Enhanced Protection Mode executable path:

C:Users%User Name%DownloadsOTS.exe

C:Windows1rezerv.exe

C:Windowssystemup.exe

C:Windowssysdriver32.exe

 

b. Browse to the file path locations mentioned above, and rename the files listed. After renaming them, you’ll need to reboot your PC so that you can stop the files from executing. Because they’ll no longer run at startup, it will be much easier to delete them all from your hard drive.

c. When searching for the file paths listed above, sort them by “last date modified,” so that you can easily find the ones that have been infected (and rename them).

d. Using the Windows Task Manager, locate and stop the running processes of the files connected to the Avira Antivir malware.  Select each one and hit “End Task” so that you can delete them easily.

e. Delete all the infected files from your hard drive.  Because you’ve stopped the processes from running, it should now be easy to delete them.

f. Run an antivirus scan to make sure that you’ve removed all the forms of malware that have infected you.  Chances are, other types of malware were included with the AntiVir virus (this is what happened to me!).  Pctechguide.com recommends Spyware Doctor with Antivirus, StopZilla, or Malwarebytes.  Make sure it’s a full system scan, and not the “quick scan” option!

And the Result Is??

I can vouch for the solutions these guys provided, because they worked on my computer – it seems to be running smoothly again!

One question is – where did this virus come from?  I don’t know, but I recall a site that I visited forced me to download a file of some kind, and the malware may have been embedded in that file.  I don’t know this for sure, but it’s reason enough to be more careful.

Sometimes you have to learn the hard way, right?  Well, thanks guys!

And for a bit of nostalgia, here’s the blue screen of death from Windows XP!!

Windows_XP_BSOD

 

 

 

 

Advertisements

About secretsofthedark

Have you heard of the dark web? Simply put, it's the "hidden internet" built on networks like Tor. "Secrets of the Dark" chronicles my dark web experiences, but is also aimed at demythologizing it and teaching about it. Want to reproduce one of the "horror stories"? Contact me at ciphas@protonmail.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s