Removing Best AntiVirus 2011 from Windows 7 machine

Posted on 2011-05-03
Last Modified: 2013-12-09
One of my family members accidentally downloaded the spyware/rougeware Best AntiVirus 2011.  I'm trying to make sure that I've gotten rid of it.

The things that I've done
1. Removed the BestAntiVirus2011.exe files from the Downloads directory (downloaded by someone in my family).
2. Running a full scan of my McAfee anti-virus product
3. Downloaded the free version of SUPERAntiSpyware and I'm running a complete scan at the moment.

I've viewed the registry with regedit and didn't see anything related to BestAntiVirus2011.

Is there anything else I should be doing?

Nothing noted by either of the two programs running, yet.

Question by:freshcontent
    LVL 3

    Expert Comment

    rogueware/fake antivirus is easy to see whether it's still active or not, since their purpose is to scare people with fake warning, you should see the warning always appears,  complete with window scanning your computer, find some malware and encourage you to buy their product. if you don't see it, then i assume your computer is safe from rogueware.
    LVL 82

    Expert Comment

    by:Dave Baldwin
    I usually download and run MalwareBytes MBAM.exe free version and run a scan with that also.
    LVL 7

    Expert Comment

    I would run hitmanpro first to see if it picks it up.  Hitmanpro only takes a few minutes to run and it is very effective.  You can find it here:

    I would then run Malwarebytes, as suggested above.
    LVL 38

    Accepted Solution

    I would hold off on trying "HitmanPro" for now. Some other forums are reporting some kind of glitch that is rendering systems unbootable after using it.

    Searching your registry for "BestAntiVirus2011" is unlikely to yield any usable information. Many malware variants use random name generators for the files/processes/registry entries they create.

    To effectively fight this, you have to use a rogue process stopper before starting your scans.

    I prefer "RogueKiller" as not only being effective, but having some additional menu options for repairing typical modifications that get made (DNS, Proxy, etc.)

    Please review the information in these two Articles and walk through the recommendations step-by-step. (Rogue-Killer-What-a-great-name) (Basic Malware Troubleshooting)
    LVL 12

    Author Comment

    I went through scans with SuperAntiSpyWare, and with my McAfee anti-virus, and I haven't had any further issues.
    LVL 38

    Expert Comment

    I can't understand what your response has to do with the suggestions posted for you.

    Your McAfee allowed the infection to take hold, so I'm not sure why you would trust it to FIND the problem...much less repair it.

    SuperAntiSpyware was not suggested, I have not seen that seriously recommended on any significant anti-malware forum in recent memory, and I personally quit using it years ago (when Malwarebytes came out).

    Please follow the advice posted here and report back with the results (post the logs generated by RogueKiller and Malwarebytes).
    LVL 2

    Assisted Solution


        I use a little utility called RKILL to stop malicious services prior to using Malwarebytes.  Rarely does it not work, but it does take some proper timing when the fake AV load has been on the machine and released some worms after a period of a few days.  here's what I would do:

    1) Download RKILL from, I have needed all of the version when removing AntiVirus2010, so, will not hurt to get them all now from here:

    2) Make sure the definitions for Malwarebytes are updated, and try to start it without first running RKILL, if it will not start, or starts, and stops, you'll need to keep running rkill over and over until you are able to get MBAMt o run, and continuously do a "quick scan", show results, this until you have no results to show after a successful quick scan.

    3) Run rkil a few more times in a row, screen may blink, etc, etc...start malwarebytes again, and check for updates, again...sometimes updates hang....after this, do a full system scan, repeat until no results to show.

    Remember, the folks here on the forum are typically experienced in the questions for which they are responding, and they meanonly to help, not harm...The first three responders gave you valueable information - they should get the kudos, and I'm sure if you were only using MCAffee, it stuck the parts it could find in Quarantine, and you'll get it all abck when the worms find a way out, or new one's come in and release the quarantine...
    LVL 38

    Expert Comment

    As noted in my EE Articles, using one of the free tools to stop the "rogue processes" before doing the Malwarebytes scan is a 'must do' task.

    These three are all effective - even though I prefer "Rogue Killer" for the additional tasks it will perform.



    Download TheKiller to your Desktop

    Note that TheKiller is renamed as explorer.exe
    Run it by double click
    Press OK button after program finish

    Do not restart your system after this step, but immediately run the next scan: MalwareBytes, TDSSKiller, ComboFix
    LVL 2

    Expert Comment

    Didn't read your Articles Young...but, yes, I agree!
    LVL 27

    Expert Comment

    I am not after the points in this particular question, but for what its worth i agree with virtually everything recommended by the Experts above, particularly the later comments by nmacfall.
    The very fact that McAfee (and probably Symantec, had you been running it!) failed to completely resolve the problem, indicates that the more recent, advanced Malware, can slip through the net, and that using RKill, or RogueKiller, then Malwarebytes as described above, can really resolve a problem.   Anyway, good luck.
    ...and please post back with results.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Suggested Solutions

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now