written by: Berry van der Linden•edited by: Jean Scheid•updated: 10/25/2010
Once again a new ransom ware product rears its head. This guide explains how to remove Antivir Solution Pro. Finding Antivir on my client's computers more than once, I decided to write this article so people can learn how to remove Antivir Solution Pro themselves.
slide 1 of 6
In a previous article I wrote about how to remove AV Security Suite. The steps to remove Antivir Solution Pro are slightly different, as you will read in this article. Please follow all steps closely.
Antivir's symptoms are very similar to the AV Security Suite infection. Antivir Solution Pro will prompt the user of the infected computer that there is a "virus infection." But, Antivir Solution Pro "IS" the problem so the steps below are the only way I have found that will remove Antivir Solution Pro.
Note:Bright Hub and the author of this guide are not responsible for any damage to any computer you apply this fix to. Which is a common occurrence when removing viruses off a Windows computer.
slide 2 of 6
To fix this problem you have to remove the hard drive from the infected computer. If you don't feel comfortable doing this then please find a professional who can teach you how to remove Antivir Solution Pro.
USB enclosure - I use the Blacx by thermaltake for SATA drives (picture on the left below) or USB 2.0 to SATA / IDE cable (Picture on the right below). These cables can be found in any Frys or on eBay for almost next to nothing.
slide 3 of 6
USB 2.0 Hardrive Devices
slide 4 of 6
Step 1: Remove the hard drive from the infected computer.
Step 2: Hook the drive up to the clean computer with MBAM installed using the above mentioned USB solutions.
Step 3: Run MBAM (Malwarebites Anti-Malware) : Select full scan, then select the drive you just connected. After the scan completes, click OK and show results; select all packages then click remove selected.
Step 4: Place the hard drive back in the infected computer. Restart the computer in safe mode with networking. Repeat Step 3; this is important because the infection is not completely removed yet.
The pictures below are from a similar infection that I removed.
slide 5 of 6
Images of a MBAM Session
slide 6 of 6
How to Prevent Future Infections
It is hard to figure out how you got the infection in the first place, but I can say with 97% certainty that it came from Facebook, an email, an IM message or an illegal download. The best way to prevent future infections is to not click links in emails or on Facebook or in instant messages or download illegal software. If a trusted person sends you a file and you are not expecting a file ask them what they sent. Don't click on the file and do not install anything. Often when a friend's computer gets infected, the software starts sending out email and IM messages to every contact it can find on the infected computer. I haven't found a reliable way to permanently protect against ransom ware. In some cases, credit card companies are very fast to block payments to the scammers in question.
The biggest problem here is that people actually pay the scammers. These scams will continue as long as the scammers have people who will pay.
Screenshots courtesy of author, USB devices courtesy of Frys and eBay.