AVDefender 2011 is a rogue anti-virus program that is installed through other malware that is installed on your computer. When AVDefender 2011 is installed it will be configured to start by replacing Window's normal explorer.exe shell with the main infection executable. This allows the program to automatically start, even before the Windows Desktop shows, when you start Windows. Once started it will scan your computer and state that there are numerous infections found. It will state, though, that it cannot remove any of these infections until you purchase the program. The scan results for AVDefender, though, are completely false. In fact the scan results list legitimate Microsoft Windows programs, such as CMD.exe, as infections that if removed could cause your computer to not operate correctly. Therefore, do not manually delete any of the files it states are infections.
While AVDefender 2011 is running it will not allow you to run most programs. It does this to protect itself from legitimate anti-virus programs that may attempt to remove it. When you attempt to run a program it will instead display an alert stating that the program is infected and then terminate the program. The message that you will see is:
Windows Security Alert
Application NOTEPAD.EXE has crashed because of Conficker.Worm.Virus
Infected file: notepad.exe
Potential Risks: Viruses is spreading over your PC and the system status is unsafe. Your service provider may lock you out of internet access, because your PC is potentially harmful.
Viruses' actions: Steal your personal data and send it to the remote host. Spread between your friends quickly (via internet or storage drives). Send spam and malicious codes from your computer.
It is important to remember when you see the above alert that it is completely false and there is nothing wrong with the programs you are attempting to run.
AVDefender 2011 will also display fake security alerts that attempt to make you think that your computer has a severe security problem. These alerts are:
Unknown virus is harming your system at this moment. Click here to stop and remove the virus.
Critical security error!
Malicious software has infected your PC and trying to send private information to remote host 184.108.40.206.
Warning! System health status is critical!
Your computer is infected with viruses. Stability and reliability of your system is damaged. It is strongly recommended to remove threats immediately.
Just like the fake infection messages and scan results, these security alerts are all fake and should be ignored. Last, but not least, when you start Internet Explorer this infection will also display a fake Google alert that states that Google has detected that it has detected a vulnerability in Microsoft software installed on your computer. This message will read:
Google Security Warning!
We have discovered a vulnerability related to Microsoft software that could allow a virus or other malicious program to harm your system or personal files or to steal personal information stored on your computer.
Like all of the other alerts, this one is false as well and should be ignored.
As you can see, AVDefender 2011 uses many tricks to make you think that you are infected with a computer virus. It does this to scare you into purchasing the program, which will not benefit your computer in any way. Therefore do not purchase this program, and if you already have, please contact your credit card company or merchant and dispute the charge stating that it is a scam and a computer virus. To remove AVDefender 2011 for free, please use the removal guide below.
Self Help Guide
If you are uncomfortable making changes to your computer or following these steps, do not worry! Instead you can get free one-on-one help by asking in the forums.
- Print out these instructions as we may need to close every window that is
open later in the fix.
- It is possible that the infection you are trying to remove will not allow
you to download files on the infected computer. If this is the case, then
you will need to download the files requested in this guide on another computer
and then transfer them to the infected computer. You can transfer the files
via a CD/DVD, external drive, or USB flash drive.
- Now you should download Malwarebytes Anti-Malware, or MBAM, from the following
location and save it to your desktop:
Malwarebytes Anti-Malware Download Link (Download page will open in a new window)
- When the file has finished downloading, look on your desktop for mb3-setup-1878.1878-220.127.116.119.exe
and right-click on it and select Rename. The title of the
program will now have a blinking cursor where you can edit the name. Please
change the name of the program to iexplore.exe.
- After you rename the mb3-setup-1878.1878-18.104.22.1689.exe to iexplorer.exe, close all your programs
and Windows on your computer, including this one.
- Now double-click on the file you renamed, which is now called iexplore.exe,
and the installation of MBAM will start on your computer.
- When the installation begins, keep following the prompts in order to continue
with the installation process. Do not make any changes to default settings
and when the program has finished installing and is at the last screen, make
sure you uncheck both of the Update Malwarebytes Anti-Malware
and Launch Malwarebytes Anti-Malware check
boxes. Then click on the Finish button. If Malwarebytes'
prompts you to reboot, please do not do so.
- As this infection will not allow you run executables unless they have certain
filenames, we need to rename the core MalwareBytes' Anti-Malware executable
so that it can run. To do this open the C:\program files\Malwarebytes'
Anti-Malware\ folder. To open this folder, click on the Start
button and type in the search field:
C:\program files\Malwarebytes Anti-Malware\
Then press the enter button on your keyboard.
- The MalwareBytes' Anti-Malware folder should now be open and you should
see numerous files within it. Look for a file named mbam.exe
and right-click on i. When the menu appears select Rename and
change the name of the file to iexplore.exe. Once the file
has been renamed to iexplore.exe, double-click on it to start the program.
MBAM will now start and you will be at the main program screen as shown below.
Please click on the Scan Now button to start the scan. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan.
- MBAM will now start scanning your computer for malware. This process can
take quite a while, so we suggest you do something else and periodically
check on the status of the scan to see when it is finished.
- When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different
than what is shown in the image below due to the guide being updated for newer versions of MBAM.
You should now click on the Remove Selected button to remove all the seleted malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
- You can now exit the MBAM program. If you wish to use MalwareBytes' in the
future, I suggest you now uninstall and reinstall it again so that all the
files are using the correct names.
- As many rogues and other malware are installed through vulnerabilities found
in out-dated and insecure programs, it is strongly suggested that you use
Secunia PSI to scan for vulnerable programs on your computer. A tutorial on
how to use Secunia PSI to scan for vulnerable programs can be found here:
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Your computer should now be free of the AVDefender 2011 program. You may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, as if you had the real-time protection component, that comes with the paid for version, activated it would not have allowed this infection to install.