IE AntiVirus Removal
Stop the Scare Tactics of IE AntiVirus
A new tactic in web advertising is using fear and fake error messages to goad computer users into buying bogus anti-spyware programs. One of the culprits in this aggressive advertising scheme is the rogue anti-spyware IE AntiVirus, or IE AntiVirus 3.2. Neither one is legitimate anti-spyware software and it will not protect your computer from other threats. Manual removal of IE AntiVirus is one of the most involved for rogue anti-spyware. This article will help distinguish IE AntiVirus from other instances of rogue anti-spyware, describe methods for manual removal, and recommend the use of a professional anti-spyware program like ParetoLogic’s XoftSpySE to completely remove the threat and prevent future installations.
Example IE AntiVirus Fake Alert:
The Background of IE AntiVirus
IE AntiVirus is not a new rogue anti-spyware, but really a reincarnation of older programs. It’s past includes IE Defender, Malware Bell, and Files Secure. Due to its age in the digital world, IE AntiVirus is frequently packaged with more dangerous threats such as viruses and malware, or left installed makes it easier for other malicious programs to infect the host computer. Leaving IE AntiVirus running is like leaving the gate open in a fence, just anyone can stop on by!
Another problem with IE AntiVirus is the perceived legitimacy of the fake error message and system updates it showers upon the desktop. Even if a user learns to just ignore these message, and overcome the annoyance, it is a risk. How will the user know when the computer system legitimately does have a problem? Failure to recognize serious system problems will put all the information contained on the computer is jeopardy of corruption and loss.
Do not be deceived by the highly graphical look of the IE AntiVirus Security Center. This rogue spyware has been around for a very long time, and is simply updated to mimic the look of newer anti-virus and anti-spyware programs. Clicking on any of the areas, such as to “register” the software and learning more information about the “threats found” may install them onto your computer or take you to a website aimed at capturing your personal information.
Manual Removal of IE AntiVirus
In comparison to the manual removal of other rogue spyware, IE AntiVirus is about as tough as they come. Complete removal is a tall task for even experts of the Windows operating system, and should not be attempted by beginners. There are just too many registry files to delete and manipulate; the probability of damage to the operating system is very high. The majority of users should follow the recommended method of using a program for specific anti-spyware removal such as ParetoLogic Anti-Spyware.
If you are intent upon attempting a manual removal, be prepared to “fix” any of your mistakes with a reformat of the hard drive and reinstalling Windows. Make sure your personal documents and files are backed up. If you do need to reinstall the backup files on a freshly wiped hard drive, double check their health with a virus and spyware scan.
First step in a manual removal is to delete the files associated with IE AntiVirus from your computer. Use the Search function to look for the following file names in Windows Explorer and delete them:
ieav.exe
ieav.db2
ieav.db3
unopus.dll
vidk32.dll
IE AntiVirus 3.2.lnk
ksol.dll
zorad.dll
vidas32.dll
iebho.dll
ANTIVIRUS.exe
pnas16.dll
iksaps.dll
apunbeps.dll
apsagy.dll
apsaxu.dll
apsaps.dll
iksagy.dll
konsal.dll
odsaxu.dll
odunbegy.dll
Next, you must stop the processes to prevent continual re-installation of the program. Press CTL-Alt-Delete to access the Task Manager, and click on the tab Processes. Look for ieav.exe and ANTIVIRUS.exe and stop the processes. Don’t worry about the error message warning you receive about the potential harm of ceasing processes. This is a blanket warning message.
Finally, the Windows registry keys must be deleted or modified to remove traces of IE AntiVirus. From the Run command line, type “regedit” to access the Registry Editor. If you do not know how to use the Registry Editor, stop now and use a professional anti-spyware program! This step is very dangerous to the operating system and not for the inexperienced.
The following registry files may need deleting or modification:
Microsoft\Windows\CurrentVersion\Run\antispy
IEAntiVirus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F856BB9E-855B-498D-883E-3509C550A031}
AppID\ksol.dll
AppID\{E4DA88ED-E01E-4D88-ADC4-A3E1ED557C6A}
{29BF1B1F-0106-4881-A7C7-A71035C54825}
MS.VideoStream
{99E591B6-A5AD-4A2D-B349-334020760EF2}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4DA88ED-E01E-4D88-ADC4-A3E1ED557C6A}
HKEY_CLASSES_ROOT\video.BHO
HKEY_CLASSES_ROOT\AppID\{CF9146DB-16F1-4B79-8DA1-EE14C55D5B06}
HKEY_CLASSES_ROOT\AppID\vidas32.dll
HKEY_CLASSES_ROOT\CLSID\{CF9146DB-16F1-4B79-8DA1-EE14C55D5B06}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF9146DB-16F1-4B79-8DA1- EE14C55D5B06}
IEAntiVirus3.2
HKEY_CLASSES_ROOT\AppID\{597AED5A-2DEA-431D-BE7E-F03BAB2AFB15}
HKEY_CLASSES_ROOT\AppID\fop32.dll
HKEY_CLASSES_ROOT\CLSID\{597AED5A-2DEA-431D-BE7E-F03BAB2AFB15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597AED5A-2DEA-431D-BE7E-F03BAB2AFB15}
HKEY_CLASSES_ROOT\iebho.BHO
HKEY_CLASSES_ROOT\AppID\{21BC9DFA-3E14-4753-9CBD-16A009AE1144}
HKEY_CLASSES_ROOT\AppID\iebho.dll
HKEY_CLASSES_ROOT\CLSID\{21BC9DFA-3E14-4753-9CBD-16A009AE1144}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21BC9DFA-3E14-4753-9CBD-16A009AE1144}
iebho.BHO
iebho.dll
{DD556A76-A85E-4606-9239-40A8B9FC4ECB}
{09A26406-041E-4FF5-9A88-0574721445B4}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{09A26406-041E-4FF5-9A88-0574721445B4}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD556A76-A85E-4606-9239-40A8B9FC4ECB}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{7445DC17-44B7-4818-A9CB-2BC24E67E8D7}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{45245B53-72FB-46CA-B5F5-ABA01D9B8E51}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{616D534C-3CA8-43AB-B439-618F850F1D2B}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD36BBE5-1AF4-47D3-8681-2214DD85E152}
Recommended Method of Removal: Professional Anti-Spyware Programs
Using a manual removal method is a huge risk and complete waste of time. ParetoLogic’s XoftSpySE, a professional spyware removal program, can completely remove IE AntiVirus in a few minutes and protect against future installations. Even if the manual removal is completed perfectly, rogue spyware programs are changed so often, it is highly likely a file associated with the spyware software will remain on the computer. In the worst case scenario, the manual removal goes wrong, and the user must reformat the hard drive and reinstall Windows– a procedure that can take hours!
Professional anti-spyware programs are not one trick ponies. ParetoLogic XoftSpySE uses a continually updated database to remove and prevent against a myriad of threats. Manual removal procedures are only valid for one specific rogue spyware program. Users relying on only manual removal guides must find one for each instance of spyware that installs itself on the computer.
The expense associated with most anti-spyware programs are minimal. While many users actively use anti-virus software, this alone is not sufficient protection. Viruses and spyware are different in their makeup and behavior on a host’s computer. Anti-virus software may recognize an unauthorized installation of programs and files, but is not designed to remove the spyware completely. Smart users will have both anti-virus protection, and anti-spyware removal tools.
