Antivirus8 or Antivirus 8 is a rogue anti-spyware program from the same family as Antivirus 7. This rogue is promoted through web sites that pretend to be online anti-malware scanners, but are instead advertisements that when finished state your computer is infected. This fake scanner will then prompt you to download and install Antivirus8 on to your computer in order to protect it. It should be noted that these fake online scanners are just an advertisement that have absolutely no way of knowing what is running on your computer. In fact they will show the same infection results to anyone who visits the page. Therefore, do not be concerned by what these online scanners show you.
When Antivirus8 is installed it will be configured to start automatically when Windows starts. Once started it will perform a scan on your computer and when finished state that it is infected with a variety of malware. If you attempt to use the program to remove any of the malware it finds, though, it will state that you first need to purchase the program before it will remove anything. This is a complete scam as the scan results are all fake and many of the listed files are actually legitimate files that if removed could cause problems for your computer. Therefore, do not manually remove any of the items it displays in its scan results.
While Antivirus8 is running it will also display alerts and warnings that attempt to scare you into thinking your computer has a serious computer security problem. These alerts will state that personal information is being stolen, active malware has been found, or that you are using unlicensed software. The text of some of these alerts are:
This copy of AV is not genuine
Your may be a victim of software counterfeiting. This copy of Antivirus8 is not genuine and is not eligible to receive the full range of upgrades and product support from Microsoft.
Warning! Identity theft attampt detected!
Attacker IP: <random IP address>
Attack Target: Microsoft Corp. Keys
Description: Remote host tries to get access to your personal information.
Warning! New Virus Detected!
Threat Detected: Email-Worm.Zhelatin
Infected file: <random file name>
Description: Worm Email-Worm.Zhelatin.vy is virus-like malware with destructive code, and is able to mutate, replacing its own code by itself. This makes Email-Worm.Zhelatin.vy very dangerous, hard to find, and difficult to delete. Like most viruses, worm Email-Worm-Zhelatin.vy may spread to other computers by secretly emailing themselves to Internet users in your address book.
Antivirus 8 will also attempt to protect itself by not allowing you to run various programs that may assist in removing it. When you attempt to run these types of programs, Antivirus8 will terminate it and then state that the file is infected. The text of the infection alert is:
Warning! Active virus detected!
Threat detected: Keylogger.iSnake.PRO
Infected file: C:\Windows\System32\cmd.exe
Just like the fake scan results, all of the above security alerts are fake and only being shown to scare you into purchasing the program.
Without a doubt, Antivirus 8 was created for one reason; to scare you into thinking your computer has a security problem so that you will then purchase the program. It goes without saying that you should not purchase this program, and if you already have, please contact your credit card company to dispute the charge because the program is a scam and a computer infection. Finally, to remove Antivirus8 and any related malware, please you use the removal guide below.
Self Help Guide
If you are uncomfortable making changes to your computer or following these steps, do not worry! Instead you can get free one-on-one help by asking in the forums.
- Print out these instructions as we may need to close every window that is
open later in the fix.
- It is possible that the infection you are trying to remove will not allow
you to download files on the infected computer. If this is the case, then
you will need to download the files requested in this guide on another computer
and then transfer them to the infected computer. You can transfer the files
via a CD/DVD, external drive, or USB flash drive.
- Now you should download Malwarebytes Anti-Malware, or MBAM, from the following
location and save it to your desktop:
Malwarebytes Anti-Malware Download Link (Download page will open in a new window)
- When the file has finished downloading, look on your desktop for mb3-setup-1878.1878-188.8.131.529.exe
and right-click on it and select Rename. The title of the
program will now have a blinking cursor where you can edit the name. Please
change the name of the program to iexplore.exe.
- After you rename the mb3-setup-1878.1878-184.108.40.2069.exe to iexplorer.exe, close all your programs
and Windows on your computer, including this one.
- Now double-click on the file you renamed, which is now called iexplore.exe,
and the installation of MBAM will start on your computer.
- When the installation begins, keep following the prompts in order to continue
with the installation process. Do not make any changes to default settings
and when the program has finished installing and is at the last screen, make
sure you uncheck both of the Update Malwarebytes Anti-Malware
and Launch Malwarebytes Anti-Malware check
boxes. Then click on the Finish button. If Malwarebytes'
prompts you to reboot, please do not do so.
- As this infection will not allow you run executables unless they have certain
filenames, we need to rename the core MalwareBytes' Anti-Malware executable
so that it can run. To do this open the C:\program files\Malwarebytes'
Anti-Malware\ folder. To open this folder, click on the Start
button and type in the search field:
C:\program files\Malwarebytes Anti-Malware\
Then press the enter button on your keyboard.
- The MalwareBytes' Anti-Malware folder should now be open and you should
see numerous files within it. Look for a file named mbam.exe
and right-click on i. When the menu appears select Rename and
change the name of the file to iexplore.exe. Once the file
has been renamed to iexplore.exe, double-click on it to start the program.
MBAM will now start and you will be at the main program screen as shown below.
Please click on the Scan Now button to start the scan. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan.
- MBAM will now start scanning your computer for malware. This process can
take quite a while, so we suggest you do something else and periodically
check on the status of the scan to see when it is finished.
- When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different
than what is shown in the image below due to the guide being updated for newer versions of MBAM.
You should now click on the Remove Selected button to remove all the seleted malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
- You can now exit the MBAM program. If you wish to use MalwareBytes' in the
future, I suggest you now uninstall and reinstall it again so that all the
files are using the correct names.
- As many rogues and other malware are installed through vulnerabilities found
in out-dated and insecure programs, it is strongly suggested that you use
Secunia PSI to scan for vulnerable programs on your computer. A tutorial on
how to use Secunia PSI to scan for vulnerable programs can be found here:
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Your computer should now be free of the Antivirus 8 program. You may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, as if you had the real-time protection component, that comes with the paid for version, activated it would not have allowed this infection to install.