Antimalware Removal Guide

This is a rogue software. It is a very bad program from the WiniSoft family. It is also a clone of System Veteran. AntiAid is one of the latest release from this malware family.This time, AntiAid has a different Graphical User Interface (GUI).

Anti Malware
Anti Malware

» Download Anti Malware Removal Software

This is the second time people behind the WiniSoft family will do that. For AntiAid, they are using the GUI from TRE Antivirus. The one being used for the others malware in the WiniSoft family is like System Warrior or Trust Fighter.

Be aware AntiAid has its own website, named AntiaidDOTcom . From that site, you can get a fake software toolkit called “Virus Protector”. This is simply AntiAid disguised. There are also lots of false information on the website.

The two main goals of AntiAid are: to compromise your computer system a lot and to try to get your money. AntiAid wants you to buy a fake online solution (the registered version). Programs like AntiAid usually stays resident in the background.

AntiAid uses Trojans to infect computers. They can be disguised as almost anything down-loadable: flash downloads, codecs, online scanner, fake softwares being pushed onto your computers by drive by download and more. All they want is to find a way to get installed unto your system.

The first thing any Trojan will do is to download AntiAid unto your system and install it.

AntiAid will then create many fake files in your main Windows directories, e.g. : C:\Windows and C:\Windows\System32 . Remember those files are harmless and fake. They will be used later by AntiAid to claim they are infections and security threats.

This malware will change your System Registry so it will boot itself on each logon .

The next step would be for AntiAid to do a fake system scan. You will get false reports of threats and such on your system. The files reported are those created before. An example of such a file can be “newfeat3.chm”.

AntiAid will also impersonate the Windows Security Center.

You will get lots of pop-ups, fake system notifications to tell you of some infection or many ones on your computer. You can also get them even if not online. Those pop-ups can try to trick you to download more malware and Trojans. You will also get reports your system is being attacked and your personal data can be stolen.

What you will read is that your computer has no protection. That you should register AntiAid to get a full system protection.
We have the Protection System removal instructions at the bottom of this guide.

Some symptoms of Anti Malware:

  • It will block security programs, either from running them or updating them
  • It will block you from acceding security related websites ; you might then be redirected to compromised ones
  • Your browser will be hijacked
  • It will disable applications like System Restore, Safe Mode, Task Manager, Registry Editor
  • You will get new desktop shortcuts. Clicking on them will redirect you to more compromised websites.
  • Your browser homepage might be switched for a compromised website
  • Your system will perform a lot slower than usual. The reboot time and the Internet connection might appear slower.
  • You might get frequent and automatic reboot. AntiAid might auto-reboot your system.

All of that is to scare you so you will eventually accept the solution AntiAid is showing you: to make an online purchase of a fake full version. This is a fake program as well. The full version is a scam and you will compromise your personal information.

Manual removal instructions for Anti Malware ( Please read our disclaimer below )

Kill Anti Malware processes: ( Learn How to Kill a Process Here. Opens in new Window )

  • AntiAID.exe
  • 2gbk87zj.exe  ( this process may be unique to your computer )
  • 8enyqcv1.exe ( this process may be unique to your computer )
  • m6axycx9.exe  ( this process may be unique to your computer )
  • uninstall.exe

We do recommend you run a full scan using SpyHunter. Even if you do not intend on registering the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. You may need this if it mutates.

Delete Anti Malware registry values: ( Learn How to Edit Registry Here. Opens in new Window )

  • HKEY_LOCAL_MACHINE\SOFTWARE\AntiAID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiAID
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “%System%\8enyqcv1.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “m6axycx9.exe “
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “%ProgramFiles%\AntiAID Software\AntiAID\AntiAID.exe -min”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AntiAID”

Delete files: ( Hint ) Most of these files will be in the %Program Files\Protection System\ directory.

  • %Documents and Settings%\All Users\Start Menu\Programs\AntiAID
  • %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\1 AntiAID.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\2 Homepage.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\3 Uninstall.lnk
  • %Documents and Settings%\All Users\Desktop\AntiAID.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\AntiAID
  • %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\1 AntiAID.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\2 Homepage.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\AntiAID\3 Uninstall.lnk
  • %Documents and Settings%\All Users\Desktop\AntiAID.lnk
  • %Program Files%\AntiAID Software
  • %Program Files%\AntiAID Software\AntiAID
  • %Program Files%\AntiAID Software\AntiAID\AntiAID.exe
  • %Program Files%\AntiAID Software\AntiAID\uninstall.exe
  • %Temp%\nss8.tmp
  • %Temp%\nsj3.tmp
  • %Temp%\nsn6.tmp
  • %Temp%\2gbk87zj.exe
  • %Temp%\8enyqcv1.exe
  • %Temp%\m6axycx9.exe
  • c:\WINDOWS\100849pambotz85.bin
  • c:\WINDOWS\1019wo5m65bz.dll
  • c:\WINDOWS\10568hack9o5l5z5.dll
  • c:\WINDOWS\system32\2901sp55za.bin
  • c:\WINDOWS\system32\29290wozm6795.cpl
  • c:\WINDOWS\system32\29418tro5ez.ocx

Delete directories: ( Please note that in most cases everything in this folder can be deleted. Just be sure it’s the correct folder)

  • c:\Documents and Settings\All Users\Start Menu\Programs\AntiAID
  • c:\Program Files\AntiAID Software
  • c:\Program Files\AntiAID Software\AntiAID
  • %Temp%\

Outside Resources:

http://www.2-spyware.com/remove-antimalware.html

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.