IE AntiVirus

This webpage was created to help users safely remove IE AntiVirus infections from their computers. Please note we are not affiliated with IE AntiVirus.

Quick IE AntiVirus Removal

Stop the Scare Tactics of IE AntiVirus

A new tactic in web advertising is using fear and fake error messages to goad computer users into buying bogus anti-spyware programs. One of the culprits in this aggressive advertising scheme is the rogue anti-spyware IE AntiVirus, or IE AntiVirus 3.2. Neither one is legitimate anti-spyware software and it will not protect your computer from other threats. Manual removal of IE AntiVirus is one of the most involved for rogue anti-spyware. This article will help distinguish IE AntiVirus from other instances of rogue anti-spyware, describe methods for manual removal, and recommend the use of a professional anti-spyware program like ParetoLogic's XoftSpySE to completely remove the threat and prevent future installations.

Example IE AntiVirus Fake Alert:

The Background of IE AntiVirus

IE AntiVirus is not a new rogue anti-spyware, but really a reincarnation of older programs. It's past includes IE Defender, Malware Bell, and Files Secure. Due to its age in the digital world, IE AntiVirus is frequently packaged with more dangerous threats such as viruses and malware, or left installed makes it easier for other malicious programs to infect the host computer. Leaving IE AntiVirus running is like leaving the gate open in a fence, just anyone can stop on by!

Another problem with IE AntiVirus is the perceived legitimacy of the fake error message and system updates it showers upon the desktop. Even if a user learns to just ignore these message, and overcome the annoyance, it is a risk. How will the user know when the computer system legitimately does have a problem? Failure to recognize serious system problems will put all the information contained on the computer is jeopardy of corruption and loss.

Do not be deceived by the highly graphical look of the IE AntiVirus Security Center. This rogue spyware has been around for a very long time, and is simply updated to mimic the look of newer anti-virus and anti-spyware programs. Clicking on any of the areas, such as to “register” the software and learning more information about the “threats found” may install them onto your computer or take you to a website aimed at capturing your personal information.

Manual Removal of IE AntiVirus

In comparison to the manual removal of other rogue spyware, IE AntiVirus is about as tough as they come. Complete removal is a tall task for even experts of the Windows operating system, and should not be attempted by beginners. There are just too many registry files to delete and manipulate; the probability of damage to the operating system is very high. The majority of users should follow the recommended method of using a program for specific anti-spyware removal such as ParetoLogic Anti-Spyware.

If you are intent upon attempting a manual removal, be prepared to “fix” any of your mistakes with a reformat of the hard drive and reinstalling Windows. Make sure your personal documents and files are backed up. If you do need to reinstall the backup files on a freshly wiped hard drive, double check their health with a virus and spyware scan.

First step in a manual removal is to delete the files associated with IE AntiVirus from your computer. Use the Search function to look for the following file names in Windows Explorer and delete them:

Next, you must stop the processes to prevent continual re-installation of the program. Press CTL-Alt-Delete to access the Task Manager, and click on the tab Processes. Look for ieav.exe and ANTIVIRUS.exe and stop the processes. Don't worry about the error message warning you receive about the potential harm of ceasing processes. This is a blanket warning message.

Finally, the Windows registry keys must be deleted or modified to remove traces of IE AntiVirus. From the Run command line, type “regedit” to access the Registry Editor. If you do not know how to use the Registry Editor, stop now and use a professional anti-spyware program! This step is very dangerous to the operating system and not for the inexperienced.

The following registry files may need deleting or modification:
Microsoft\Windows\CurrentVersion\Run\antispy

IEAntiVirus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F856BB9E-855B-498D-883E-3509C550A031}
AppID\ksol.dll
AppID\{E4DA88ED-E01E-4D88-ADC4-A3E1ED557C6A}
{29BF1B1F-0106-4881-A7C7-A71035C54825}
MS.VideoStream
{99E591B6-A5AD-4A2D-B349-334020760EF2}
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4DA88ED-E01E-4D88-ADC4-A3E1ED557C6A}
HKEY_CLASSES_ROOT\video.BHO
HKEY_CLASSES_ROOT\AppID\{CF9146DB-16F1-4B79-8DA1-EE14C55D5B06}
HKEY_CLASSES_ROOT\AppID\vidas32.dll
HKEY_CLASSES_ROOT\CLSID\{CF9146DB-16F1-4B79-8DA1-EE14C55D5B06}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF9146DB-16F1-4B79-8DA1- EE14C55D5B06}

IEAntiVirus3.2
HKEY_CLASSES_ROOT\AppID\{597AED5A-2DEA-431D-BE7E-F03BAB2AFB15}
HKEY_CLASSES_ROOT\AppID\fop32.dll
HKEY_CLASSES_ROOT\CLSID\{597AED5A-2DEA-431D-BE7E-F03BAB2AFB15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597AED5A-2DEA-431D-BE7E-F03BAB2AFB15}
HKEY_CLASSES_ROOT\iebho.BHO
HKEY_CLASSES_ROOT\AppID\{21BC9DFA-3E14-4753-9CBD-16A009AE1144}
HKEY_CLASSES_ROOT\AppID\iebho.dll
HKEY_CLASSES_ROOT\CLSID\{21BC9DFA-3E14-4753-9CBD-16A009AE1144}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21BC9DFA-3E14-4753-9CBD-16A009AE1144}
iebho.BHO
iebho.dll
{DD556A76-A85E-4606-9239-40A8B9FC4ECB}
{09A26406-041E-4FF5-9A88-0574721445B4}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{09A26406-041E-4FF5-9A88-0574721445B4}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD556A76-A85E-4606-9239-40A8B9FC4ECB}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{7445DC17-44B7-4818-A9CB-2BC24E67E8D7}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{45245B53-72FB-46CA-B5F5-ABA01D9B8E51}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{616D534C-3CA8-43AB-B439-618F850F1D2B}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4}
Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD36BBE5-1AF4-47D3-8681-2214DD85E152}

Recommended Method of Removal: Professional Anti-Spyware Programs

Using a manual removal method is a huge risk and complete waste of time. ParetoLogic's XoftSpySE, a professional spyware removal program, can completely remove IE AntiVirus in a few minutes and protect against future installations. Even if the manual removal is completed perfectly, rogue spyware programs are changed so often, it is highly likely a file associated with the spyware software will remain on the computer. In the worst case scenario, the manual removal goes wrong, and the user must reformat the hard drive and reinstall Windows-- a procedure that can take hours!

Professional anti-spyware programs are not one trick ponies. ParetoLogic XoftSpySE uses a continually updated database to remove and prevent against a myriad of threats. Manual removal procedures are only valid for one specific rogue spyware program. Users relying on only manual removal guides must find one for each instance of spyware that installs itself on the computer.

The expense associated with most anti-spyware programs are minimal. While many users actively use anti-virus software, this alone is not sufficient protection. Viruses and spyware are different in their makeup and behavior on a host's computer. Anti-virus software may recognize an unauthorized installation of programs and files, but is not designed to remove the spyware completely. Smart users will have both anti-virus protection, and anti-spyware removal tools.

ParetoLogic Inc, is a member of the the Better Business Bureau (BBB) and Software and Information Industry Association (SIIA), so you can be sure you're using a reputable program. Follow these steps to remove IE AntiVirus using XoftSpySE:

Do you need professional help removing IE AntiVirus?

If you are having problems removing IE AntiVirus even after using XoftSpySE then the ParetoLogic support team can provide you with personal assistance. To properly assist you the technical support agent will need to view your most recent XoftSpySE log file. To contact the support team please follow these steps:

1. Ensure you are connected to the Internet
2. Open XoftSpySE program
3. Click Backup List on the XoftSpySE Menu
4. Click Email Log File
5. Click on the latest XoftSpySE log (eg. XoftSpyLog 02-07-09 20-18-10)
6. If you see a scripts log (eg. scripts-02-07-2009.log) select that also.
7. Type in all the details of your issue eg IE AntiVirus Infection
8. Send the email

To prevent future attacks by malicious programs such as IE AntiVirus make sure you always install Windows security updates and use only a reputable anti-spyware program such as XoftSpySE.

If you need any further assistance please contact us.

P.S. XoftSpySE was updated on 19th June 2008 (DB v298) to remove the latest variants of IE AntiVirus.