any tips on removing it without removing my pc?

Thanks.

See if these instructions do the trick for you.

Antivir Removal (How to remove Antivir)

The free version of MalwareBytes’s Anti-Malware appear to remove this rogue security software.

1. Use an alternate browser like Firefox or Chrome to download and Install MalwareBytes’s Anti-Malware.
2. Also download CCleaner.
3. Boot in to Safe Mode.
4. Click to scan with MalwareBytes Anti-Malware. Check mark all instances of the rogue security software and delete them.
5. Turn System Restore off and on
6. Install, scan and clean the temporary files with CCleaner.

That seems to have done the trick, thanks! Good I had both softwares already installed. Saved me some time

Cool...

Not sure if this is related to my antivir problem, but a mysterious folder appeared on my F drive that should not be there.

the main folder has the following address for a filename:

9c7c67fd127a29547177c6f00b

contains the two following subfolders :

amd64 and i386.

the amd64 subfolder contains:
filterpipelineprintproc.dll
msxpsdrv (some sort of security catalog)
msxpsdrv (config file)
msxpsinc.gpd
msxpsinc.ppd
mxdwdrv.dll
xpssvcs.dll

i386 subfolder contains the following:

exactly the same files!

Question is: did something in that antivir trojan copy these files from a location on C or move it? Windows won't let me delete them either for writeprotection issues or files already in use.

Any insight ?

Thanks

ikonius, I did some checking and there are lots of questions similar to yours out there. Everything I found said these are files left over after a Microsoft update. They should go away after a reboot, but somethimes they don't. They are not malware.

I know the i386 file is part of your OS installation and I assume the amd64 might have something to do with your processor. Maybe Inland or Jenny will know more.

There is a legitimate AntiVir antivirus made by Avira.
CNet even ***recommended it***.
But there may be malware called antivir as well. Did you ever try to use Avira's AntiVir? If not, you probably had the malware.


I found a little about the folders you listed ***here***.

From what they say, the files are an unintended leftover from a Windows Update. If you have trouble deleting the folder, there are instructions at the bottom of that thread.

If I am reading the solution correctly Jenny, it seems to apply to XP pro. I have Home edition, so I can't and don't really know how modify permissions or either if the feature exists on home edition.

should I try updating my framework 2.0 to with the hotfix as suggested, or does it only apply to xp pro?

Are you not able to delete the files?
If you can delete them normally, just do that.
If you can't delete them, you can use a utility like ***this one*** or try a procedure like this
http://www.theeldergeek.com/delete_undeletable_file.htm

when I try to delete normally, windows tells me other apps are using them or the file is write-protected.

Try booting to Safe Mode and deleting the files.
If that doesn't work, try the Unlocker utility I linked to above.

forgive my ignorance or forgetfulness (at my age , I don't which anymore ), but how do I reboot in safe mode again? Which F-key?

BTW I tried unlocker, but it only offers a free scan. You have to pay for the repair. Will try the alternate solution you provided.

EDIT: No joy. xp gives me same reason: full disk or files write-protected.

EDIT2: Finally found the free unlocker 1.8.8. And it worked folder gone! That'll teach me to troubleshoot something before my first coffee!

Thanks for your help everyone