AllThis may not be the correct forum, if so I apologise.Yesterday my PC was infected with a virus called Antivirus IS. It's a anti-spyware application which has effectively disabled my internet, and will not allow me to run or open any application. It says all files are infected and takes me to a site where I have to pay for the obviously false antivirus software. I tried installing new AVG antivirus software from a disk, but it won't allow any .exe to be run off the disk either. I did some research and found a method to remove the registry entries for this particular malware manually, but it won't allow me to run the regedit facility. It has obviously become more sophisticated. Am a bit at my wits end with this, as my last backup was a month ago. Really do not want to do a clean wipe without exhauting all possibilities.Wondering whether anyone is familiar with Antivirus IS, and has any experience with its removal?Appreciated.Erich

While the virus is running, it is blocking all attempts to remove it. You'll have to start windows in Safe mode.You can do that by pressing F8 just when windows is starting. You should get a text screen where you can select several windows boot modes. It is sometimes a bit tricky to press F8 at the right time.See Windows 7 boot menuIn that menu, select "safe mode with networking". In Safe Mode, only the most basic things are started and hopefully the virus is not among these. Since networking is also enabled, you can now download and install antivirus tools to get rid of the virus. I recommend Malware Bytes or Hitman Pro. The free versions should be sufficient.If all goes well, you can download and run these tools. You may have to restart in order to remove everything. It may be prudent to run these programs a second time in order to get rid of everything.If this doesn't work, you may have to erase and reinstall Windows.Good luck and hope all goes well,Allard.

While the virus is running, it is blocking all attempts to remove it. You'll have to start windows in Safe mode.You can do that by pressing F8 just when windows is starting. You should get a text screen where you can select several windows boot modes. It is sometimes a bit tricky to press F8 at the right time.See Windows 7 boot menuIn that menu, select "safe mode with networking". In Safe Mode, only the most basic things are started and hopefully the virus is not among these. Since networking is also enabled, you can now download and install antivirus tools to get rid of the virus. I recommend Malware Bytes or Hitman Pro. The free versions should be sufficient.If all goes well, you can download and run these tools. You may have to restart in order to remove everything. It may be prudent to run these programs a second time in order to get rid of everything.If this doesn't work, you may have to erase and reinstall Windows.Good luck and hope all goes well,Allard.

Allard Thanks so much! I will try this tonight. I am running Windows Vista 64bit. Will this make any difference to anything ?Erich

Allard Thanks so much! I will try this tonight. I am running Windows Vista 64bit. Will this make any difference to anything ?Erich

The procedure is the same for Vista, and even XP. The tricky part is pressing F8 at the right time. If you press it too soon you may invoke the "Bios Boot Selector". When that happens, just select your normal hard drive, and press F8 again after that. If you press F8 too late, Windows will start as usual.Good luck!

Are you using Windows Defender??(Enabled by default on Vista/7, need to turn-off real-time proteccion) but should still give you a safe boot)Cheers,- jahman.

See if you can boot in Safe mode and then do System Restore to a week back. That often fixes it. Only one time, a virus had erased all my restore points and I couldn't restore. Thats when I invested $45 and got Acronis True Image Home for backing up my C: (Primary drive image).

Guys thanks for your comments.Allard. I followed your advice which successfully removed the malware. Lucky enough to have only attempted F8 once.All back to normalThanks so much. Incidently it was the REX2 installer which was identified as the offending file! I need to let Tim know.Thankserich

Glad it worked out. Manny's suggestion sometimes also works, but restore points can be infected as well. Besides, on my flightsim PC I have disabled system restore to save a few CPU-cycles.

Incidently it was the REX2 installer which was identified as the offending file!

Which file/version?Thanks,Cheers,- jahman.