Sneaky New Virus Removes Your Antivirus Protection

computer viruses

There’s a new breed of malicious malware program spreading across the Web that tricks users into uninstalling the legitimate antivirus software on their computers. Computer experts have long been aware of the existence of such malware programs known as retroviruses that can kill or disarm security products. When activated, they unleash a world of hurt on the user’s computer and finances.

Called "AnVi Antivirus," the latest retrovirus was discovered by the response team at the security software developer Symantec.  The virus is introduced through a software Trojan, which can be picked up by visiting rogue Web sites that show up in search results, through peer-to-peer file transfer or opening an infected email attachment, said Kevin Haley, Symantec’s director of security response.

"It’s introduced a new twist," he told TechNewsDaily. "It uses the software’s own uninstall program. This is what makes this one different."

Disabling defenses

The first sign of infection is the display of a message box on the computer screen that asks you to uninstall your existing legitimate antivirus programs because the software is “uncertified and will degrade the computer’s performance."

The box asks you to click "OK" to begin uninstalling the program. It doesn’t make any difference whether you click on the box or not, or whether you try to stop the process by clicking the "close" button.  The uninstaller of the antivirus product still executes.

To do this, the malware roots around in your Windows registry to find and launch the uninstaller for your software, Symantec said. The AnVi Antivirus is equal-opportunity malware; it goes after many well-known security products by Symantec, Microsoft, AVG, Spyware Doctor and Zone Labs.

The hurt continues after your legitimate antivirus program is uninstalled. "The really bad news is you absolutely have no other anti-virus software," Haley said. "You’re wide open to any other malware out there."

Calling home

The retrovirus will then try to connect your computer to malicious websites to download the AnVi Antivurus, which is the newest member of the malware fraternity that attempts to lure users into opening their wallets to pay for bogus software and surrender sensitive credit card information. Once it downloads to your computer, AnVi Antivirus announces its presence by launching its installer window and a companion window that offers pricing options for the fake antivirus software.

If you fall for this ruse, you’re left without antivirus protection, a slightly lighter wallet and credit card details at risk.

The antidote to this and other malware attacks, said Symantec, is have legitimate antivirus software and keep it up to date.

“The good news is that as long as your antivirus software is up to date you’re OK,” said Haley.