Friday
2008-12-01, 10:25
The following instructions have been created to help you to get rid of "AntiverminsPro" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
pups
Description:
Antivermins claims to be a antivirus solution. It is spread by aggressive advertisement and if the user starts a scan it only pretends to be scanning.
Removal Instructions:
Desktop:
Important: There are more desktop links that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Start Menu:
Important: There are more start menu items that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Quicklaunch area:
Important: There are more quicklaunch items that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Autorun:
Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "Anti-Vermeans".
Products that have a key or property named "AntiVermeans".
Products that have a key or property named "Anti-Vermiens".
Products that have a key or property named "AntiVermiens".
Products that have a key or property named "Anti-Vermeanser".
Products that have a key or property named "AntiVermeanser".
Products that have a key or property named "Anti-Vermincer".
Products that have a key or property named "AntiVermincer".
Products that have a key or property named "Anti Vermincer".
Products that have a key or property named "Anti-Vermince".
Products that have a key or property named "AntiVermince".
Products that have a key or property named "Anti-Vermeencer".
Products that have a key or property named "AntiVermeencer".
Products that have a key or property named "AntiVermeence".
Products that have a key or property named "Anti-Vermeence".
Products that have a key or property named "AntiVermins".
Products that have a key or property named "AntiVerminsPro".
Products that have a key or property named "Anti Verminser".
Products that have a key or property named "Anti-Verminser".
Products that have a key or property named "Anti Vermins".
Products that have a key or property named "Anti-Vermins".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$PROGRAMFILES>\<$REGMATCH0>\uninst.exe".
The file at "<$PROGRAMFILES>\<$REGMATCH0>\av.dat".
The file at "<$PROGRAMFILES>\<$REGMATCH0>\blacklist.txt".
The file at "<$PROGRAMFILES>\<$REGMATCH0>\AntiVermins.url".
The file at "<$PROGRAMFILES>\<$REGMATCH0>\Lang\English.ini".
A file with an unknown location named "av_setup.exe".
A file with an unknown location named "AntiVermins.url".
The file at "<$LOCALSETTINGS>\Temp\AVerminsLang.ini".
Make sure you set your file manager to display hidden and system files. If AntiverminsPro uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$PROGRAMFILES>\<$REGMATCH0>".
The directory at "<$PROGRAMS>\<$REGMATCH0>".
The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Lang".
The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Logs".
The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Quarantine".
Make sure you set your file manager to display hidden and system files. If AntiverminsPro uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{0E109276-830E-4543-980D-660F305D052C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{21E5890D-B0C0-43FC-9FFA-971E53757CEC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2A7C0BB3-BAB7-4203-BF09-AE0F7187A76B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{349FB887-0A21-47FF-95AD-F311B68E1B0C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{73F1B1C8-D0FF-466A-91C0-2995ECE1D7E7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{796854B1-D0B2-471A-9047-9FAABA829DDD}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{7B519915-0E5C-429B-AF50-2B1FD12A80C7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{82B8F5FA-8541-4E3E-BB71-9237B638E51C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{91251C12-212A-4847-AB34-6C0DE694F83D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{92F553B0-3499-4E89-A25D-AB0865DD8A69}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A0305F7E-4BEF-49AB-9FC1-3CD0964FEE9E}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A426E333-4E91-4995-9662-E709BBDAA549}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A6CA4EAC-3168-4F1B-B8CF-84765E1781C8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C24E6ABD-2409-478E-91C2-9AFF9817C10A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E20C255D-E938-49DB-89BA-1A1B27ABDCF3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E3A2FFC7-5B66-4150-AA51-5D4CED1E73EB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9A4EC679-4D9A-4165-8562-9584E13A9CEA}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{0BE87CAF-1C8E-43C7-A476-5AF1A2F5A43F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{0CD726EC-F1F5-4210-9011-EE6B5332A279}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1EFD4366-6676-4AF7-A88A-872A49E2601D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3B3FA480-138E-47E6-B79A-9A0F7B2846D5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3E186CE2-1ABB-45D6-A4B9-4FCD11FBB014}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4AF8E04F-0D5E-4C3F-BA67-81B685584C12}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6C80C5B2-4748-411C-8120-09426F8ED212}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{748C9204-6C92-485B-8BF8-3AF7ECF03CDE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B6A0AA8A-7CB1-44F0-ACE7-7A69739C8674}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C27D97E9-004B-4F4F-A5B0-B7188DDAE024}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C3176A2C-3119-4F7F-B847-62B5EE6763E5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CAC16E1A-D86B-428A-BB7B-65F2D2BFC160}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{DD369501-EDE4-4E99-8728-7C9E4BBE6BE8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EAC1ACCD-7790-4991-A9D2-550806D6D9C3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EF2AA606-B72E-4A1B-B076-8B148661F3B7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F9476885-40EB-4405-878A-193BAF18CE9B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{13693777-5B9D-4AFC-99F1-650F569A0EB0}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{D5663560-E1D3-3A49-7DA3-BFB0BAC6B74E}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{406C7BCA-87D0-4CC7-A64E-FF9E589EAD5E}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{82C9202F-07E7-C95D-0A61-7FCBB3DC4E2A}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{13762B54-BFD8-4D68-A39F-CCEF593B9B5D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{275410BC-0DDE-4133-9527-D664A9AB599D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3DE330A5-5DBE-4095-8E63-EAF11B6CA473}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4F77BCDE-E543-4620-871E-38211A55EFCF}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{558AE476-71E7-4A7C-A4DD-9FD8B857A335}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6ACE7578-EBD5-4269-8C87-1022AF7282E0}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6FF12C5C-F38C-442F-B969-E5B803F8862D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{75B6FB4D-2322-4D8F-9E64-BBF88560BCC1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A31CF42F-925F-48C0-82C5-E788A583A6CD}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{BF243A19-731D-4EBA-866C-0EC2ABCADE9C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CC12604C-1E17-40AE-BACD-F036D80507BD}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D045440F-E0B7-40E4-8A1D-0172CC39CE50}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D5AD588C-49C1-43D4-B3E1-5CB93F2E41DC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F489E870-4C31-4166-97A1-3FE91E38F620}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F6DF6430-6245-4D18-AE9C-26AF09E424CB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FD5A202F-8CAF-4B53-9886-4AA1087955D8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B150BA0F-FB33-42E4-82BC-BA3ADB006D3A}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{01775F16-B10C-B483-63E3-AFCED5DCDEF2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{118601E4-0BC8-4B98-AAEC-723EBA43ED33}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{15548C74-5C8B-4911-AE88-739DD473E2BA}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{468164CC-476E-47D5-9269-278D0DB22A13}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{478B7D17-F00A-4AB3-B802-46972CAB1AE9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{698664FF-F50E-4BDC-B9C0-C00F96A64B84}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{93362B42-9631-4BAE-92EF-7726E5DD747D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{999E9507-216C-4A7A-B103-57D3FF617E49}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C20782A3-B65D-41AB-8D04-BBE3122363C2}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D108017B-1769-4BFB-8A4C-0E6202FDBD08}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{823B335C-00DE-4886-BE7A-FBDC0F69294E}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{663DE629-4FFD-A944-6F0A-64F98E925B62}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{0A1949AB-8B12-4A6F-9B5D-12D4115CCCEA}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1724E437-1FCE-4D21-95E2-6E2452C25628}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1ECABCEE-5F00-449B-BBE3-9C35E160E832}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2D652EC7-AF61-487A-B82A-0C4A6A9FF3C8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{500B879D-86C3-4C45-943F-3FC3BF793B38}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{50FE5318-DC2A-440A-AC94-B9041819EE48}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{59DAA331-B3F9-408E-81DF-ADE79D129600}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5B768BE7-942B-4838-89BF-40AB729A62AB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5C0B132E-86CB-4B3B-9CAF-CB7F57A60C81}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{78E2412E-3C9A-4EE8-AD97-3ABD95EC49D3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{85524659-53E5-40AF-835B-2F0B8745DF0B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9A9D1422-D311-4673-8579-61FCDB76BD0D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B6CDDF17-9F1A-47CA-8E3D-FF6BD1B05D3F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D6BD48FC-DD6F-4242-90B0-6CBE4AD43362}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D7D22218-EBF0-454C-B948-11BB8FC3118B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{ECA8F1E3-C03F-47E6-842D-7B2BCF0445CA}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6B112EBD-0C90-4AC4-A969-F36797F00006}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{008C4356-B8AE-4367-AB38-5229F4E0A4D6}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{0F398E47-7E65-4CB4-929B-8C3F95538128}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1B440006-CB54-4C59-A911-3CEE5D48CA93}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2588410F-1561-44A9-BA46-A4DB2D90F500}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2840DCC2-1259-45EC-AA66-77A7F76CEAB1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{34BF1FC8-F27C-4CB8-8BB4-FDFD0CCF0A8A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{353D9498-01E7-45FC-AF6C-3676EB7B9AA8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4FD7FEEB-1270-4553-AAB8-BE4841D20A77}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{534C8C7F-0ED2-4625-83DA-07E711FCFA11}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{87D47CBC-F732-4494-BE98-52522BA06112}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8824D6FD-5944-4450-9C11-331CEF99B197}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{971B56C0-6A75-488D-A4D5-DFFAF923B14B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B53C4EDB-BFDA-4577-9B13-4FB47D3CCC6F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C2C28DFD-6BDC-43B9-A7D8-C26EB1DB1694}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EC1BB10A-8753-48CA-A823-4C62C66EE42B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FC9BE04D-7A36-4CCD-B189-423209BD536B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2A5F8E31-9460-4987-8B48-C059786D28F0}" at "HKEY_CLASSES_ROOT\TypeLib\".
If AntiverminsPro uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
There are more files or system entries belonging to this product that <$SPYBOTSD> can remove, but that cannot be easily described in text. Please use <$SPYBOTSD> to make sure <$PRODUCTNAME> gets completely removed.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
pups
Description:
Antivermins claims to be a antivirus solution. It is spread by aggressive advertisement and if the user starts a scan it only pretends to be scanning.
Removal Instructions:
Desktop:
Important: There are more desktop links that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Start Menu:
Important: There are more start menu items that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Quicklaunch area:
Important: There are more quicklaunch items that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Autorun:
Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "Anti-Vermeans".
Products that have a key or property named "AntiVermeans".
Products that have a key or property named "Anti-Vermiens".
Products that have a key or property named "AntiVermiens".
Products that have a key or property named "Anti-Vermeanser".
Products that have a key or property named "AntiVermeanser".
Products that have a key or property named "Anti-Vermincer".
Products that have a key or property named "AntiVermincer".
Products that have a key or property named "Anti Vermincer".
Products that have a key or property named "Anti-Vermince".
Products that have a key or property named "AntiVermince".
Products that have a key or property named "Anti-Vermeencer".
Products that have a key or property named "AntiVermeencer".
Products that have a key or property named "AntiVermeence".
Products that have a key or property named "Anti-Vermeence".
Products that have a key or property named "AntiVermins".
Products that have a key or property named "AntiVerminsPro".
Products that have a key or property named "Anti Verminser".
Products that have a key or property named "Anti-Verminser".
Products that have a key or property named "Anti Vermins".
Products that have a key or property named "Anti-Vermins".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$PROGRAMFILES>\<$REGMATCH0>\uninst.exe".
The file at "<$PROGRAMFILES>\<$REGMATCH0>\av.dat".
The file at "<$PROGRAMFILES>\<$REGMATCH0>\blacklist.txt".
The file at "<$PROGRAMFILES>\<$REGMATCH0>\AntiVermins.url".
The file at "<$PROGRAMFILES>\<$REGMATCH0>\Lang\English.ini".
A file with an unknown location named "av_setup.exe".
A file with an unknown location named "AntiVermins.url".
The file at "<$LOCALSETTINGS>\Temp\AVerminsLang.ini".
Make sure you set your file manager to display hidden and system files. If AntiverminsPro uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$PROGRAMFILES>\<$REGMATCH0>".
The directory at "<$PROGRAMS>\<$REGMATCH0>".
The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Lang".
The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Logs".
The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Quarantine".
Make sure you set your file manager to display hidden and system files. If AntiverminsPro uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{0E109276-830E-4543-980D-660F305D052C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{21E5890D-B0C0-43FC-9FFA-971E53757CEC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2A7C0BB3-BAB7-4203-BF09-AE0F7187A76B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{349FB887-0A21-47FF-95AD-F311B68E1B0C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{73F1B1C8-D0FF-466A-91C0-2995ECE1D7E7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{796854B1-D0B2-471A-9047-9FAABA829DDD}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{7B519915-0E5C-429B-AF50-2B1FD12A80C7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{82B8F5FA-8541-4E3E-BB71-9237B638E51C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{91251C12-212A-4847-AB34-6C0DE694F83D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{92F553B0-3499-4E89-A25D-AB0865DD8A69}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A0305F7E-4BEF-49AB-9FC1-3CD0964FEE9E}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A426E333-4E91-4995-9662-E709BBDAA549}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A6CA4EAC-3168-4F1B-B8CF-84765E1781C8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C24E6ABD-2409-478E-91C2-9AFF9817C10A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E20C255D-E938-49DB-89BA-1A1B27ABDCF3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E3A2FFC7-5B66-4150-AA51-5D4CED1E73EB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9A4EC679-4D9A-4165-8562-9584E13A9CEA}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{0BE87CAF-1C8E-43C7-A476-5AF1A2F5A43F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{0CD726EC-F1F5-4210-9011-EE6B5332A279}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1EFD4366-6676-4AF7-A88A-872A49E2601D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3B3FA480-138E-47E6-B79A-9A0F7B2846D5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3E186CE2-1ABB-45D6-A4B9-4FCD11FBB014}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4AF8E04F-0D5E-4C3F-BA67-81B685584C12}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6C80C5B2-4748-411C-8120-09426F8ED212}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{748C9204-6C92-485B-8BF8-3AF7ECF03CDE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B6A0AA8A-7CB1-44F0-ACE7-7A69739C8674}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C27D97E9-004B-4F4F-A5B0-B7188DDAE024}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C3176A2C-3119-4F7F-B847-62B5EE6763E5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CAC16E1A-D86B-428A-BB7B-65F2D2BFC160}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{DD369501-EDE4-4E99-8728-7C9E4BBE6BE8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EAC1ACCD-7790-4991-A9D2-550806D6D9C3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EF2AA606-B72E-4A1B-B076-8B148661F3B7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F9476885-40EB-4405-878A-193BAF18CE9B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{13693777-5B9D-4AFC-99F1-650F569A0EB0}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{D5663560-E1D3-3A49-7DA3-BFB0BAC6B74E}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{406C7BCA-87D0-4CC7-A64E-FF9E589EAD5E}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{82C9202F-07E7-C95D-0A61-7FCBB3DC4E2A}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{13762B54-BFD8-4D68-A39F-CCEF593B9B5D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{275410BC-0DDE-4133-9527-D664A9AB599D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3DE330A5-5DBE-4095-8E63-EAF11B6CA473}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4F77BCDE-E543-4620-871E-38211A55EFCF}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{558AE476-71E7-4A7C-A4DD-9FD8B857A335}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6ACE7578-EBD5-4269-8C87-1022AF7282E0}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6FF12C5C-F38C-442F-B969-E5B803F8862D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{75B6FB4D-2322-4D8F-9E64-BBF88560BCC1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A31CF42F-925F-48C0-82C5-E788A583A6CD}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{BF243A19-731D-4EBA-866C-0EC2ABCADE9C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CC12604C-1E17-40AE-BACD-F036D80507BD}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D045440F-E0B7-40E4-8A1D-0172CC39CE50}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D5AD588C-49C1-43D4-B3E1-5CB93F2E41DC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F489E870-4C31-4166-97A1-3FE91E38F620}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F6DF6430-6245-4D18-AE9C-26AF09E424CB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FD5A202F-8CAF-4B53-9886-4AA1087955D8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B150BA0F-FB33-42E4-82BC-BA3ADB006D3A}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{01775F16-B10C-B483-63E3-AFCED5DCDEF2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{118601E4-0BC8-4B98-AAEC-723EBA43ED33}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{15548C74-5C8B-4911-AE88-739DD473E2BA}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{468164CC-476E-47D5-9269-278D0DB22A13}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{478B7D17-F00A-4AB3-B802-46972CAB1AE9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{698664FF-F50E-4BDC-B9C0-C00F96A64B84}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{93362B42-9631-4BAE-92EF-7726E5DD747D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{999E9507-216C-4A7A-B103-57D3FF617E49}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C20782A3-B65D-41AB-8D04-BBE3122363C2}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D108017B-1769-4BFB-8A4C-0E6202FDBD08}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{823B335C-00DE-4886-BE7A-FBDC0F69294E}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{663DE629-4FFD-A944-6F0A-64F98E925B62}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{0A1949AB-8B12-4A6F-9B5D-12D4115CCCEA}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1724E437-1FCE-4D21-95E2-6E2452C25628}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1ECABCEE-5F00-449B-BBE3-9C35E160E832}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2D652EC7-AF61-487A-B82A-0C4A6A9FF3C8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{500B879D-86C3-4C45-943F-3FC3BF793B38}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{50FE5318-DC2A-440A-AC94-B9041819EE48}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{59DAA331-B3F9-408E-81DF-ADE79D129600}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5B768BE7-942B-4838-89BF-40AB729A62AB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5C0B132E-86CB-4B3B-9CAF-CB7F57A60C81}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{78E2412E-3C9A-4EE8-AD97-3ABD95EC49D3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{85524659-53E5-40AF-835B-2F0B8745DF0B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9A9D1422-D311-4673-8579-61FCDB76BD0D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B6CDDF17-9F1A-47CA-8E3D-FF6BD1B05D3F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D6BD48FC-DD6F-4242-90B0-6CBE4AD43362}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D7D22218-EBF0-454C-B948-11BB8FC3118B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{ECA8F1E3-C03F-47E6-842D-7B2BCF0445CA}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6B112EBD-0C90-4AC4-A969-F36797F00006}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{008C4356-B8AE-4367-AB38-5229F4E0A4D6}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{0F398E47-7E65-4CB4-929B-8C3F95538128}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1B440006-CB54-4C59-A911-3CEE5D48CA93}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2588410F-1561-44A9-BA46-A4DB2D90F500}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2840DCC2-1259-45EC-AA66-77A7F76CEAB1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{34BF1FC8-F27C-4CB8-8BB4-FDFD0CCF0A8A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{353D9498-01E7-45FC-AF6C-3676EB7B9AA8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4FD7FEEB-1270-4553-AAB8-BE4841D20A77}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{534C8C7F-0ED2-4625-83DA-07E711FCFA11}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{87D47CBC-F732-4494-BE98-52522BA06112}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8824D6FD-5944-4450-9C11-331CEF99B197}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{971B56C0-6A75-488D-A4D5-DFFAF923B14B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B53C4EDB-BFDA-4577-9B13-4FB47D3CCC6F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C2C28DFD-6BDC-43B9-A7D8-C26EB1DB1694}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EC1BB10A-8753-48CA-A823-4C62C66EE42B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FC9BE04D-7A36-4CCD-B189-423209BD536B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2A5F8E31-9460-4987-8B48-C059786D28F0}" at "HKEY_CLASSES_ROOT\TypeLib\".
If AntiverminsPro uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
There are more files or system entries belonging to this product that <$SPYBOTSD> can remove, but that cannot be easily described in text. Please use <$SPYBOTSD> to make sure <$PRODUCTNAME> gets completely removed.