Windows Protection

Malware Analysis:

Antivirmars.com is a site you don’t want to go to. What is more, it is known to hijack browsers on computers infected with Security Suite rogueware. In other words, you will be constantly witnessing browser divert activity taking you to Antivirmars.com. At first sight, this domain may look normal and hardly any different from web resources advertising security software. Antivirmars.com would be Ok but for one ‘little’ aspect. It pushes rogue anti-spyware, jacks up web browsers, contains malicious scripts and makes people buy the license for a malicious application. Security Suite scareware would be worthless if sites like Antivirmars.com didn’t assist it in attaining its bad objectives. The determinative symptom that testifies to Antivirmars.com hijacker’s presence on your computer is the repeated browser rerouting that takes place when you are trying to visit a web page. Also, Antivirmars.com will be hit if you happen to click an ad triggered by Security Suite. You should clearly understand that Antivirmars.com is not just some site that pops up on you and needs closing each time. It will persist and not let you use your computer and browser until you take specific measures to remove the corresponding hijacker. Here are some tips for you to follow in order to get rid of Antivirmars.com malware. Do not hesitate to provide your feedback on this issue – we will be there to help.

Determine if your PC is infected with Antivirmars.com hijacker and affiliated malware (Security Suite scareware):

Download Antivirmars.com Hijacker Free Scanner with Remover

Antivirmars.com Screenshot:

Security Suite Counterfeit Warning Page Screenshot:

How to remove Antivirmars.com hijacker manually:

To perform manual removal of Antivirmars.com hijacker and related rogue trialware, you should do the following:

Delete the following corrupt files:

• %UserProfile%\Local Settings\Application Data\[random]
• %UserProfile%\Local Settings\Application Data\\[random]shdw.exe

Remove Antivirmars.com related registry entries:

• HKEY_CURRENT_USER\Software\wnxmal
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
• HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]“
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″

Please, note that manual removal of Antivirmars.com hijacker is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may lead to irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:

Download Antivirmars.com Hijacker Removal Tool