Internet Antivirus 2011

Also Known As: Internet Antivirus 2011 Rogue
Distribution: Low
Damage level: High

How to remove Internet Antivirus 2011?

What is Internet Antivirus 2011?

When your computer is infected with Internet Antivirus 2011, it will perform various fake security scans, state that your computer is at risk, and encourage you to purchase the full version of this fake antivirus program in order to eliminate those threats. Do not purchase this program, it is a scam. If you have already purchased the software, contact your credit card company and report that you have been tricked into purchasing a fake antivirus program. Do not trust anything that this program states; it is scare-ware designed to empty your pockets. You should remove this infection immediately to prevent it downloading more spyware to your computer.

Internet Antivirus 2011 fake antivirus program

Internet Antivirus 2011 is mostly distributed via spam emails and various Trojans. After infection of your computer, your web searches (Google, Yahoo!, etc.) could be redirected to numerous infected websites. The fake program is also known to modify the Windows Hosts file. When your computer is infected with Internet Antivirus 2011, you may observe the following fake security warnings:

“System alert. Internet Antivirus 2011 has detected potentially harmful software on your system. It is strongly recommended that you register Internet Antivirus 2011 to remove all found threats immediately.”
“System warning. No real-time malware, spyware, or virus protection was found. Click here to activate.”
“Warning! Identity theft attempt detected Hidden connection IP: 128.154.26.11 Target: Microsoft Corporation keys.”
“Warning! Warning! Virus detected.”

These security warnings are fake. Internet Antivirus 2011 should be removed from your computer as soon as possible. You should not believe any information provided by Internet Antivirus 2011 as this program bears no relation to legitimate security software. This malicious program is designed to scare you into believing that your computer is infected, and then encourages you to purchase a license to remove the supposed security problems. Internet Antivirus 2011 simply mimics antivirus software and displays fake virus detections when in fact there is nothing wrong with your computer. You should ignore all of the information that this rogue program displays, as this software is a cleverly designed scam. The best way to deal with this rogue software is to remove it from your PC. You can use the removal guide provided to make this process as simple as possible.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Malwarebytes is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Malwarebytes By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.

Quick menu:

Automatic Internet Antivirus 2011 removal:

Before Downloading and installing Spyware remover, enter code U2FD-S2LA-H4KA-UEPB in the activation window. This will not remove the infection, but will enable some Windows functions that the spyware has disabled.

Next step is to reset your proxy settings. Use the remove_proxy tool (download link below). Double click it; the command line will show and then close automatically. Your proxy settings will be reset.

You now have to reset your Hosts file. Use the Microsoft FixIt tool to do this. (link below) Follow the on-screen instructions.

Internet Antivirus 2011 manual removal instructions:

1. Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

2. Open Internet Explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if 'Use a proxy server for your LAN' is checked, uncheck it and press OK.

internet-explorer-options internet explorer internet connections

internet options lan settings internet explorer proxy settings

4. Download and install Malwarebytes to completely remove the infection.

5. After you have cleaned your computer, check your Hosts file.

Locate your Hosts file. You should find it at %systemroot% \system32\drivers\etc (commonly, it will be c:\windows\system32\drivers\etc) Open the Hosts file with Notepad and check that no unusual values have been added.

These are the default values. Yours should be the same.

For Windows XP

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

127.0.0.1 localhost

For Windows Vista

# Copyright (c) 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

127.0.0.1 localhost

::1 localhost

For Windows 7

# Copyright (c) 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# localhost name resolution is handle within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

If you are unable to remove Internet Antivirus 2011, you can use these manual removal instructions. Use them at your own risk, since if you do not have strong computer knowledge, you could harm your operating system. Use them only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Internet Antivirus 2011 processes:

pal.exe
exec.exe
energy.exe
CLSV.exe
Internet Antivirus 2011.exe

Unregister these Internet Antivirus 2011 DLL files:

PE.dll
kernel32.dll
ANTIGEN.dll

Delete these Internet Antivirus 2011 registry entries:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\MSSSys.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Antivirus 2011”

Delete these Internet Antivirus 2011 files:

%Documents and Settings%\All Users\Application Data\[random_symbols]\
%Documents and Settings%\All Users\Application Data\[random_symbols]\[random].mof
%Documents and Settings%\All Users\Application Data\[random_symbols]\Internet Antivirus 2011.exe
%Documents and Settings%\All Users\Application Data\[random_symbols]\[random].exe
%Documents and Settings%\All Users\Application Data\[random_symbols]\Quarantine Items
%Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk
%Documents and Settings%\[UserName]\Application Data\Internet Antivirus 2011\
%Documents and Settings%\[UserName]\Application Data\Internet Antivirus 2011\Instructions.ini
%Documents and Settings%\[UserName]\Desktop\Internet Antivirus 2011.lnk
%Documents and Settings%\Recent\ANTIGEN.dll
%Documents and Settings%\Recent\ANTIGEN.drv
%Documents and Settings%\Recent\cid.tmp
%Documents and Settings%\Recent\CLSV.exe
%Documents and Settings%\Recent\CLSV.sys
%Documents and Settings%\Recent\DBOLE.drv
%Documents and Settings%\Recent\delfile.sys
%Documents and Settings%\Recent\eb.sys
%Documents and Settings%\Recent\energy.exe
%Documents and Settings%\Recent\exec.exe
%Documents and Settings%\Recent\fan.drv
%Documents and Settings%\Recent\kernel32.dll
%Documents and Settings%\Recent\pal.exe
%Documents and Settings%\Recent\PE.dll
%Documents and Settings%\Recent\ppal.drv
%Documents and Settings%\Recent\tempdoc.tmp
%Documents and Settings%\[UserName]\StartMenu\Internet Antivirus 2011.lnk
%Documents and Settings%\[UserName]\StartMenu\Programs\Internet Antivirus 2011.lnk

Summary:

The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.

A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:

Fake pop-up used in rogue antivirus distribution example 1

Fake pop-up used in rogue antivirus distribution example 2

Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of internet antivirus 2011 rogue and other rogue antivirus programs:

example of a webpage used to collect payments for fake antivirus programs

To protect your computer from internet antivirus 2011 rogue and other rogue antivirus programs users should:

  • Keep their operating system and all of the installed programs up-to-date.
  • Use legitimate antivirus and anti-spyware programs.
  • Use caution when clicking on links in social networking websites and email messages.
  • Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.

Symptoms indicating that your operating system is infected with a fake antivirus program:

  • Intrusive security warning pop-up messages.
  • Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
  • Slow computer performance.
  • Disabled Windows updates.
  • Blocked Task Manager.
  • Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.

If you are experiencing problems while trying to remove internet antivirus 2011 rogue from your computer, please ask for assistance in our malware removal forum.

If you have additional information on internet antivirus 2011 rogue or it's removal please share your knowledge in the comments section below.

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Internet Antivirus 2011 Rogue QR code
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of Internet Antivirus 2011 Rogue on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Malwarebytes

Platform: Windows

Editors' Rating for Malwarebytes:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.