Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Best AV for Anti-virus viruses?

Posted on 2011-02-17
Medium Priority
Last Modified: 2013-11-22
In your experiences what's the best AV program to fight variants of the 2011 Anti-Virus Virus.

No online reviews please. I need feedback from experienced computer repair professionals who have had success with repairing Windows XP & Windows 7 and keeping PCs free from current versions of the Anti-Virus Virus.
Question by:tpgriffin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 34921692
F-secure or Trend Office

Expert Comment

by:Sean Scissors
ID: 34921716
The AV2011 is a vicious sucker. I have seen probably around 20 different variations of names, some of which cause different issues. As far as what to use to stop it and if you have it how to get rid of it...well that is very situational based. A lot of consumers get that virus by pressing on some download link of some sort. And truth of the matter is most AVs won't stop a virus from getting in if you say "yes" to the download as it bypasses the AV software.

If you do in fact get it I have used Malwarebytes to remove a lot of it, HitmanPro is good too. HiJackThis is almost always necessary as some pieces of the more vicious versions just will not go away. TDSSkiller and GMER as a lot of times it creates a rootkit to re-implement itself and definitely Rkill.exe because usually when AV2011 is executed it disables everything else and you cant run really anything, not even task manager.

Keep in mind a lot of times it likes to break the .exe file extension within the registry. In the exe folder within the registry it changes the data to a direct link to the virus itself. Fortunately there are easy fixes for that as long as you just keep a RegFix which is a small one line script to replace the exact key with the correct/default data.

After doing all of the above (if exe is broken then fix that first to do the rest) you should be good to go. AV2011 really is a nasty one.
LVL 96

Accepted Solution

Lee W, MVP earned 1332 total points
ID: 34921774
I've had VERY good luck with VIPRE Antivirus.  I had a client get infected with it while being "protected" by ESET's NOD32 and I replaced NOD32 with VIPRE and it cleaned it nicely, a reboot and things were back to normal (after the cleaning).

(I do not recommend trend unless you like problems with Windows... I hope to blog about my experiences with it soon).

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 34921863
leew: How does VIPRE® "3 or more PC" license works? How about VIPRE® Premium?
LVL 96

Expert Comment

by:Lee W, MVP
ID: 34921937
Actually, I have only one home user client on it (I don't work with home users much and when I do, they've usually purchased something awful like Norton).  The one client is using a 3 year home license on 4 machines.  Seems to work great (it's the premium edition).

Most of my clients are using the business class VIPRE Enterprise and only one (though a large one) is on Enterprise Premium.  So far, I rarely (if ever) hear anything negative about it.

GFI/Sunbelt offers a 30 day moneyback guarantee - which I used once for another client that had trouble installing the 3.x client (they are on 4.0 now which doesn't seem to have any install problems).  

If you buy the 3 or more license, you get one license key you can use with all your installs.
LVL 96

Expert Comment

by:Lee W, MVP
ID: 34921946
Just keep in mind, for as good as it is, the product, like all antivirus products, generally needs to have seen the malicious software first before it can clean it (meaning Sunbelt would have to have seen that variant before you can expect them to clean it - it's POSSIBLE it gets it anyway, but MOST things are cleaned by virus definition, not heuristics.
LVL 23

Expert Comment

ID: 34922096
"...keeping PCs free from current versions of the Anti-Virus Virus. ..!

Once you are infected, there are a number of tools you can use.
To prevent infection, user education is the most powerful defence. If users are downloading from random pop-ups, or clicking on links haphazardly then the pc will get infected no matter WHAT av is being run.

I try to tell users to treat the internet like a city at night: there are areas which you wouldn't wander around in looking lost; you would pay attention and be careful.  A lot of rogue av programs originate from a pop-up which says something like "Warning!!! Virus detected.  Scan now?" .  Close the window by pressing alt+f4 and you don't click on anything inside the window.  Users like the idea of using a keyboard shortcut and will be keen to try it out.

Expert Comment

ID: 34922164
I used the Vipre Enterprise it did work good for most part.  But lately the issues we had with Outlook 2007 it would lock up on numerous workstations and some trojans would infect some workstations.  Even with numerous deep scans could not get rid of them.  So I had to re-image those workstations.

I have done research and am going to try Kaspersky Enterprise Space Security.  This is a total suite package that will cover File Servers, Email Servers and workstations.  No need to get separate licenses for email and workstations like other vendors.  Kaspersky will give you 1.5x the amount of mailboxes to help cover email aliases too.  The auto delpoy will perform a network discovery and automatically determine which OS the workstation / server has and remove the previous vendor software and installs the new one.
LVL 38

Assisted Solution

younghv earned 668 total points
ID: 34922483
"In-depth, Layered Defense"

Lots of discussions around here about preferred AV solutions and they can get pretty...exciting.

As the owner of a small computer repair shop (home users only), I have had great success with the combination of MS MSE and Malwarebytes-Pro. With that combination PLUS no regular user with 'Admin' privileges, I haven't had an infected computer in about a year.

You don't describe your topography, but MSE is free for up to 10 licenses - after that you need to use the paid product. MBAM-Pro is a one-time charge of US$17-25 - and the license is for the life-time of the registered user (NOT the life of the computer as I have mistakenly posted before.

In addition to the above, I've been posting the following recommendations for years, and they work:

I have never been a fan of any software FW product. Use the native Windows FW on your computers and add a small Linksys FW/Router (hardware) at your incoming internet connection.

Use a pre-built "HOSTS" protection ( and sign up for their auto-mailer to notify you of updates.

Cookies - "First Party" set to 'Prompt' (Allow Session) and "Third Party" set to 'Block'.
LVL 38

Expert Comment

ID: 34922503
Forgot the links:

@phototropic - love that analogy:
"...treat the internet like a city at night...

Expert Comment

ID: 34927342
Sopho Endpoint Security works quite well.  We've had great results with it.  If you want to test it against your current AV vendor, they have an option to download their scanner to compare results.  They also have some great additional options..... acceptable use policy (i.e. controlling USB media, privacy data), web content scanner, heuristics, host firewall).  With an infection from a rogue AV like 2011 Antivirus, you need something that can monitor the any hijacked API calls, Sophos has shown to alert on suspicious activity of known .exes like svchost.exe which is a favorite of malware to inject code into.  Good luck!
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 1332 total points
ID: 34929138
Sorry, I usually start my responses off with "what is the best flavor of Ice Cream?"  because just like ice cream, everyone has their favorite antivirus.

I've not heard of any verifiable problems with VIPRE failing to clean a virus, but as i stated, products usually have to have seen a virus (Trojan) before they can clean them.  And i'll add that in general - THEY ALL STINK.  12 years ago, an AV program caught 99% of what was out there.  Today, I'd estimate 80%.  The virus writers are winning.  PERIOD.

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question