Antivirus Action

From Wiki-Security, the free encyclopedia of computer security

Antivirus Action Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<

SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:

If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

Antivirus Action is a piece of rogue antivirus malware that is widely considered extremely dangerous. First and foremost, it is critically important that anyone whose computer is infected with Antivirus Action understands that it is a scam, and it is unnecessary to buy into the scam.

Antivirus Action is only the newest name for a particular rogue antivirus that has been growing and evolving for a long time. It is also known as Antivirus IS, and it is identical to Antispyware Soft and AV Security Suite, with the exception of the appearance of its interface. All of these are from the Security Suite family, but Antivirus Action is relatively new, as it seems to have started infecting large numbers of computers in October 2010.

Multiple victims of the Antivirus Action/Antispyware Soft scam report that its purported "company" is associated with the address and phone number below:
Great Marbourough Str. 74 London, SE 12 TU, GB
(Note that the address is in the UK, but the phone number is in the United States!)
Other reliable sources argue that specific spelling or grammatical errors in the malware point to an origin in Russia.

What makes Antivirus Action - and its family - unique is that it does not infect your computer directly. Rather, the computer is initially infected with a Trojan Horse, hidden in a fake video codec or free online virus scan. Once the Trojan Horse makes its way in, it initiates a download of Antivirus Action, which then pops up the next time you log in to Windows.

Antivirus Action has a set of symptoms that are designed to scare you into thinking that there is something horribly wrong with your computer and that it only be fixed if you buy the fake software. The first time it runs, it will pop up with a page of "scan" results, which make it appear that your computer is infected with a huge number of viruses. Then it will tell you that you need to purchase the full version of Antivirus Action to remove them. Of course, this scan is completely bogus, and everything it claims to "find" on your computer is fake. The interface looks very polished and realistic, and there is even a "help and support" button, but all of this is an effort to make the malware seem like legitimate software.

Once it has run its bogus "scan" and provided you with the results, it begins a process of holding your computer hostage. With the exception of Internet Explorer, it will prevent you from starting any other program, including actual antivirus software. It does this by terminating the program when you open it and giving you an error message saying that the program you were trying to run was "infected." Although the availability of Internet Explorer might seem like a ray of hope, Antivirus Action hijacks it as well, by configuring itself as a network proxy and blocking access to some websites apparently largely at random. Each time a site is blocked, Antivirus Action will give an error message saying that the site presents a security risk. This is just another scare tactic.

Antivirus Action will continue to block other programs and interfere with Internet Explorer until you "activate" the program and pay $49.95 for it. It does not appear that Antivirus Action performs any useful function once paid for.

To check your computer for Antivirus Action, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Antivirus Action and other threats. If you detect the presence of Antivirus Action on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Antivirus Action.


Detection of Antivirus Action (Recommended)

Antivirus Action is difficult to detect and remove. Antivirus Action is not likely to be removed through a convenient "uninstall" feature. Antivirus Action, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Antivirus Action and other spyware, adware, trojans and viruses on your computer.

Run a Antivirus Action scan/check to successfully detect all Antivirus Action files with the SpyHunter Spyware Detection Tool. If you wish to remove Antivirus Action, you can either purchase the SpyHunter spyware removal tool to remove Antivirus Action or follow the Antivirus Action manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Antivirus Action. Antivirus Action can come bundled with shareware or other downloadable software.

Another method of distributing Antivirus Action involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Antivirus Action on your system. Antivirus Action installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Antivirus Action, use this SpyHunter Spyware dectection tool to detect Antivirus Action and other common Spyware infections. After detection of Antivirus Action, the next advised step is to remove Antivirus Action with the purchase of the SpyHunter Spyware removal tool.


Antivirus Action may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Antivirus Action from your computer.

Remedies and Prevention

Antivirus Action, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Antivirus Action along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Antivirus Action, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Antivirus Action and other types of spyware.

Remove Antivirus Action manually

Another method to remove Antivirus Action is to manually delete Antivirus Action files in your system. Detect and remove the following Antivirus Action files:


  • %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS][RANDOM CHARACTERS]agnz.exe

Other Files

  • %Documents and Settings%\All Users\Start Menu\Programs\Antivirus Action
  • %Documents and Settings%\All Users\Desktop\Antivirus Action.lnk
  • %Documents and Settings%\All Users\Application Data\Antivirus Action

Registry Keys

  • HKEY_CURRENT_USER\Software\Antivirus Action
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus Action"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Action
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Phishing\Filter "Enabled" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Run "[RANDOM CHARACTERS]agnz.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current\Version\Run "[RANDOM CHARACTERS] gnz.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current\Version\Internet Settings "ProxyEnable" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current\Version\Internet Settings "ProxyServer" = "http="

External links

RECOMMENDED by Wiki-Security
To detect and remove the latest spyware threats, run SpyHunter's spyware detection tool on your PC.

Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Antivirus Action or its creators in any way. This website does not advocate the actions or behavior of Antivirus Action and its creators. Our objective is to provide Internet users with the know-how to detect and remove Antivirus Action and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Antivirus Action in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.