E-Set Antivirus 2011

Also Known As: Fake E-Set Antivirus 2011
Damage level: High

What is E-Set Antivirus 2011?

E-Set Antivirus 2011 is a rogue program that imitates a legitimate antivirus product. Internet criminals who created this bogus program hope that you will fall for their trickery and purchase a license for their fake security scanner.

You should closely look at the screenshot of this fake program - it uses a logo of AVG Antivirus and the name of a real security program, E-Set Antivirus 2011. In this way, creators of this rogue program attempt to fool people into purchasing a 'full version' of this program.

This program is derived from the same family as Fake AVG Antivirus 2011.

E-set Antivirus 2011 rogue program

This program is distributed via Trojans. When your computer becomes infected with this fake program, it will block your desktop and legitimate Windows programs from running.

This rogue software is designed only to steal money from your credit card. Do not buy this program, it is a scam. This malicious program is propagated using spam campaigns, misleading websites, and infected P2P file downloads.

When installed, E-Set Antivirus 2011 imitates a security scan. This process 'detects' multiple high risk malware purportedly found on your computer.

To further scare you into believing that your computer is at risk, E-Set Antivirus 2011 generates various security warning pop-ups, reporting that your computer is infected with viruses and that you should activate E-set Antivirus 2011 to clean the infections. PCrisk have analyzed this software and no legitimate virus definition database was found.

This fact confirms that E-Set Antivirus 2011 is fake and has no capability to detect security threats. Do not trust this program; it is an imitation of a legitimate security program and is designed to trick you into buying a fake license key.

Use the removal guide provided to eliminate E-Set Antivirus 2011 from your computer.

Such fake security messages will be displayed:

"Warning! Active Virus Detected! Threat Detected: Email-Worm.Zhelatin Infected file: Action taken: Application Blocked Description: Worm Email-Worm.Zhelatin.vy is virus-like malware with destructive code, and is able to mutate, replacing its own code. This makes Email-Worm.Zhelatin.vy very dangerous, hard to find, and difficult to delete. Like most viruses, worm Email-Worm-Zhelatin.vy may spread to other computers by secretly emailing their own code to Internet users in your address book.

"Warning! Virtumonde is an adware program that monitors your Internet browsing habits and may display targeted advertisements onto your computer screen. Virtumonde may also create a malicious DLL file in order to log your keystrokes and send the recorded information to a third party website. Virtumonde is an unwanted application and recommended to be removed."

"Warning! Identity theft attempt detected! Attacker IP: Attack Target: Microsoft Corp. Keys Description: Remote host is trying to gain access to your personal information."

"Warning! New virus detected! Threat Detected: Keylogger.iSnake.Pro Infected File: C:WINDOWSsystem32asr_ldm.exe"

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

E-Set Antivirus 2011 removal

1. Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK.

During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.{jcomments on}


Video showing how to start Windows in "Safe Mode with Networking":

Windows XP:

Windows 7:

Windows 8:

2. Open Internet Explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if 'Use a proxy server for your LAN' is checked, uncheck it and press OK.

3. Download HijackThis and save it to your desktop. Some malicious programs are able to block HijackThis, so when you click the download link, in the Save dialog, rename HijackThis.exe to iexplore.exe and only then click the Save button.

After saving the file to your desktop, double click it. In the main HijackThis window click the “Do a system scan only” button. Select the following entry (place a tick at the left of the entry):

O4 - HKCU\..\Run: [E-Set 2011] %ProgramFiles%\E-Set 2011\e-set.exe

After selecting the required entries, click "Fix Checked". After this procedure you can close HijackThis and proceed to the next removal step.

4. After this procedure, you should be able to access your desktop. You should now download legitimate anti-spyware software to fully remove E-Set Antivirus 2011 from your computer.

Other tools known to remove E-Set Antivirus 2011:

5. After downloading anti-spyware software. Install, don't forget to update, and run a full system scan. Remove all infections that it finds.

If you are unable to remove E-Set Antivirus 2011, you can use these manual removal instructions. Use them at your own risk, since if you do not have strong computer knowledge, you could harm your operating system.

Use them only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these  E-Set Antivirus 2011 processes:


Remove these E-Set Antivirus 2011 registry entries:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "E-Set 2011" = '%ProgramFiles%E-Set 2011e-set.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost Platform "WinNT-A8I 16.03.2011"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionschrome.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsfirefox.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiexplore.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsopera.exe "Debugger" = 'msiexecs.exe -sb'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssafari.exe "Debugger" = 'msiex

Delete these E-Set Antivirus 2011 files:

%ProgramFiles%E-Set 2011
%ProgramFiles%E-Set 2011e-set.exe
Antivirus 2011.lnk
c:Documents and SettingsAll UsersStart MenuE-Set 2011
c:Documents and SettingsAll UsersStart MenuE-Set 2011E-Set Antivirus 2011.lnk
c:Documents and SettingsAll UsersStart MenuE-Set 2011Uninstall.lnk


The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.

A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:

Fake pop-up used in rogue antivirus distribution example 1

Fake pop-up used in rogue antivirus distribution example 2

Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of fake e-set antivirus 2011 and other rogue antivirus programs:

example of a webpage used to collect payments for fake antivirus programs

To protect your computer from fake e-set antivirus 2011 and other rogue antivirus programs users should:

  • Keep their operating system and all of the installed programs up-to-date.
  • Use legitimate antivirus and anti-spyware programs.
  • Use caution when clicking on links in social networking websites and email messages.
  • Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.

Symptoms indicating that your operating system is infected with a fake antivirus program:

  • Intrusive security warning pop-up messages.
  • Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
  • Slow computer performance.
  • Disabled Windows updates.
  • Blocked Task Manager.
  • Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.

If you have additional information on fake e-set antivirus 2011 or it's removal please share your knowledge in the comments section below.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Fake E-Set Antivirus 2011 QR code
Scan this QR code to have an easy access removal guide of Fake E-Set Antivirus 2011 on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.