Antivirus System

Also Known As: Antivirus System Rogue
Damage level: High

What is Antivirus System?

Antivirus System is a rogue antivirus program, which reports non-existent security infections in the hope that unsuspecting PC users will purchase a useless 'full version'. This program is created by cyber criminals in order to extort money and credit card information - it is a scam and should not be trusted.

Antivirus System originates from a family of fake antivirus programs called FakeRean and infiltrates users' operating systems (Windows XP, Windows Vista, Windows 7, and Windows 8) using any detected security vulnerabilities. Commonly, this rogue antivirus program is proliferated using 'exploit kits' via infected email messages, malicious websites, and drive-by downloads.

Antivirus System rogue program

After successful infiltration, Antivirus System blocks execution of all installed software (including legitimate antivirus and anti-spyware programs), blocks Internet access (users are unable to launch Internet Explorer, Google Chrome, or Mozilla Firefox), and disables the Task Manager.

To scare computer users into purchasing the 'full version', this bogus software imitates a security check and simulates the detection of various high-risk security infections. Furthermore, Antivirus System generates security warning pop-ups, which indicate malware and viruses that are supposedly attacking the user's system.

If you observe this program 'scanning' your computer for security infections, you are dealing with fake antivirus software - do not trust it. The correct way to deal with it, is by removal from your computer.

Antivirus System is just one of many rogue antivirus programs, which attempt to sell useless license keys. Before purchasing security software to protect your computer, ensure that you read reviews and perform online research to avoid being tricked into buying a fake antivirus program.

If your computer is already infected with this rogue security scanner, ignore all 'security scans' and security warning pop-up messages, since this information is false. The only security threat you should worry about is Antivirus System itself. If your computer is already infected with this fake antivirus program, use the removal guide provided to eliminate this scam.

A fake security warning message generated by Antivirus System:

Antivirus System fake security warning messages

Antivirus System Firewall Alert.
iexplore.exe is infected with not-a-virus:AdWare.Win32.WhiteSmoke.a. Private data can be stolen by third parties, including credit card details and passwords.
Windows recommends activate Antivirus System.
Click Activate to register your copy of Antivirus System and perform threat removal on your system.

Antivirus System Security Alert - Vulnerabilities found, Background scan for security breaches has been finished. Serious problems have been detected. Safeguard you system against exploits, malware and viruses right now by activating Proactive Defence.

Upgrade to full version of Antivirus System software package now! Clean your system and ward off new attacks against your system integrity and sensitive data. FREE daily updates and online protection from web-based intrusions are already in the bundle.

Antivirus System - Your system is left vulnerable to all types of online infections and instructions. Copies of malware already planted in your system contact their originating servers for further spreading and taking control over your system. Enable Internet Security to prevent identity theft and system damage.

Antivirus System - Your system is left vulnerable for spyware attacks. All your personal information, including credit card numbers and password can be stolen. Enable Personal Security to prevent thefts.

Antivirus System - No PS activity is analysed for possible spyware traces. Harmful programs of known and new types can damage your system and cause data loss and identity theft. No real-time detection and protection is used.

Antivirus System - No web traffic, activity and content is monitored. Spyware and malware can use your web browsers as a gateway to sensitive areas of your system. No malicious code in web pages is detected and blocked.

ATTENTION: DANGER! System scan for spyware, adware, trojans and viruses has been finished. Antivirus System detected 105 critical system objects. These security breaches may be exploited and lead to the following:
Your system becomes a target for spam and bulky, intruding Ads
Browser crashes frequently and web access speed decreases
Your personal files, photos, documents and passwords get stolen
Your computer is used for criminal activity behind your back
Bank details and credit card information get disclosed

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Antivirus System removal:

IMPORTANT! Before downloading: Click the "Registration" button, which is located at the top right corner of the Antivirus System main window.

Antivirus System registration

In the opened registration window, click on the "Enter Activation Code" button:

Antivirus System enter activation code

Enter this key: 1O2Z3L4W5I6T7F8Q9C1N2Y3K4V5H6S7E, and the click the "Activate" button.

Antivirus System activation key

Antivirus System will thank you for activation (this step will trick the rogue antivirus software into behaving as though you have paid for the 'full version' - making the removal process of Antivirus System less complicated, since you will be able to regain control of your Internet browsers and download legitimate antivirus and anti-spyware programs).

Note that you should never pay for the 'full version' of any fake antivirus programs - you will lose your money and your banking information will be at risk. If you believe you may have have paid for a rogue program, contact your credit card company and dispute the charges.

Antivirus System successful registration

After entering the registration key and activating Antivirus System, restart your computer and download recommended malware removal software to completely remove this rogue antivirus from your system.

Note that entering the retrieved activation code does not remove Antivirus System - fake registration simply makes the removal process less complicated. If you fail to remove this bogus software from your system, you may encounter further security infections, privacy issues, and identity thefts.

NOTE: If you cannot run anti-spyware software, try right-clicking on it and selecting "Run as administrator". If the installation of spyware remover fails, or you cannot execute .exe files, try running our Customized installer.

If, after or before, the removal of this fake antivirus program, you cannot run any installed software, download the registry fix (link below). Save it to your computer, double click, click "Yes" and then click "OK". After rebooting your PC, file associations should be fixed.

If you cannot open your Internet browsers (Internet Explorer, Google Chrome or Mozilla FireFox):

In the Search field, enter this link:  www.pcrisk.com/installer.com and then press ENTER.


File download dialogue will appear stating that you are downloading file installer.com. Click "Run", wait for the download process to finish, then follow the on-screen instructions.

If your Internet browsers are functional, use this button to download anti-spyware software.

If the automatic removal method fails, use these instructions:

Please follow these steps if your Internet browsers are blocked:

Step 1

When Antivirus System completes its fake security scan, click the "Registration" button on the top-right corner of this program, and when the registration window is opened, click  "Enter Activation Code"

Step 2

When Antivirus System opens the Activation window, enter this registry key: 1O2Z3L4W5I6T7F8Q9C1N2Y3K4V5H6S7E into the "Registry key:" field and click the "Activate" button. After this, Antivirus System will thank you for the registration and commence removing all 'infections' previously detected.  Do not worry - these 'infections' (malware, viruses, and Trojans) are fake.

Step 3

Restart your computer and your Internet browsers should function normally and you will be able to download and install anti-spyware software to remove this infection (download button below). Note that activation does not remove Antivirus System - this rogue will run in the background and it is recommended that you remove it as soon as possible.

If installation or downloading of anti-spyware software fails:

If you are still unable to run or download the anti-spyware software, download this registry fix file. It enables execution of applications and fixes web browser errors. Click on the link below, after downloading, click "Run", click "Yes" and then "OK".

If the installation of anti-spyware software fails, try downloading and running our Customized installer.

Antivirus System removal using Safe-Mode with Networking:

1. Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Video showing how to start Windows 8 in "Safe Mode with Networking":

2. Download the registry fix for Antivirus System. This fix removes registry entries, which disallow execution of programs. Download it, click the link below. After downloading, double click win7_av_fix.reg file, click "Yes" when asked and then click "OK".

3. Download recommended malware removal software, install it and run a full system scan.

Alternative Antivirus System removal guide:

Some malicious programs may disallow downloading anti-spyware software. If you cannot download it using the default location, try one of the alternative download locations:

  • Location 1 (the file is renamed to "iexplore.exe", since most spyware does not block this file)
  • Location 2

If you still cannot download or run anti-spyware software, please follow these steps:

Step 1
Download the registry fix for Antivirus System fake antivirus. This fix removes registry entries that disallow execution of programs. After downloading, double click the win7_av_fix.reg file, click "Yes" when asked, and then click "OK".

Step 2
Some variants of this rogue antivirus modify system proxy settings to disable Internet access. To reset the proxy settings to default, download and run this tool:

Step 3
Antivirus System modifies the system Hosts file. The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious sites, despite seeing legitimate URLs in address bar. It is difficult to determine sites are genuine when the Hosts file is modified.

To fix this, please download the Microsoft Fix It tool, that restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:

Step 4
Download Spyware remover or install and run it if already downloaded.


The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.

A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:

Fake pop-up used in rogue antivirus distribution example 1

Fake pop-up used in rogue antivirus distribution example 2

Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of antivirus system rogue and other rogue antivirus programs:

example of a webpage used to collect payments for fake antivirus programs

To protect your computer from antivirus system rogue and other rogue antivirus programs users should:

  • Keep their operating system and all of the installed programs up-to-date.
  • Use legitimate antivirus and anti-spyware programs.
  • Use caution when clicking on links in social networking websites and email messages.
  • Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.

Symptoms indicating that your operating system is infected with a fake antivirus program:

  • Intrusive security warning pop-up messages.
  • Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
  • Slow computer performance.
  • Disabled Windows updates.
  • Blocked Task Manager.
  • Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.

If you have additional information on antivirus system rogue or it's removal please share your knowledge in the comments section below.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Antivirus System Rogue QR code
Scan this QR code to have an easy access removal guide of Antivirus System Rogue on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.