Hi Friends,
My wife's computer is infected with "Advanced Virus Remover". I have followed directions to get rid of it and none has worked.
This is a fake program that runs a fake scan. It looks like AVG. It locks you out of regedit, taskmanager, and prevents a boot to safe mode. It replaces your desktop background image with a blue screen that sais "your computer is infected....". It also disables your desktop settings.
It disables exe files and a few other types.
The offending file is named "PAVRM.exe". The desktop background image is named "critical_warning.html".
I used mscofig to disable startup and security task manager to kill the process PAVRM.exe. I gained access to regdit by copying know good file to this computer and renaming it with a "cmd" extension.
I managed to delete all the registry changes, delete the exe file and reset the back ground. I updated windows as well. I thought I had it beat but when I turned back on the start up programs it came back. There is a file I am missing not listed in my removal instructions
Windows genuine advantage tries to run each boot up. The only think I enabled was a program called "winupdate". I think this is infected but I cant seem to get it deleted.
Here is a link to the removal instructions I am using.
http://www.2-spyware.com/remove-advanced-virus-remover.htmlI must have a new variant because it can defeat the known manual methods of gaining access to the task manager.
Has anyone heard of this or run into it? I AM NOT going to re install the system.
There has to be a way to get rid of it.