Guide Version 1.2

1.0 What is antivermins (http://www.antivermins.com/) ? <-- Link removed by keyz
1st thing 1st! ANTIVERMINS is not a antivirus software!
It is a non-spyware nor virus. I tried to scan it with NAV2006 and nothing.
When you go googling and yahoo search, you will know the effects.

1.1 What does antivermins does to my computer?
- Antivermins security alerts will popup from at your taskbar, be titled "Security Alert!":
"System detected virus activities. These may impact the performance of your computer. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software."
- AntiVermins may also startup with your Windows system, and may launch excessive popup ads. AntiVermins may download and install other malware onto your computer.

1.2 Why my anti-virus program cannot detect any virus nor spyware although antivermins software said so?
Because there is no virus or spyware at your pc. It is just a false message!

1.3 What it does to my registry?
autoruns when the computer restarts.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run antivermins

HKEY_CLASSES_ROOT\clsid\{663de629-4ffd-a944-6f0a-64f98e925b62}
HKEY_CLASSES_ROOT\interface\{0be87caf-1c8e-43c7-a476-5af1a2f5a43f}
HKEY_CLASSES_ROOT\interface\{0cd726ec-f1f5-4210-9011-ee6b5332a279}
HKEY_CLASSES_ROOT\interface\{1efd4366-6676-4af7-a88a-872a49e2601d}
HKEY_CLASSES_ROOT\interface\{3b3fa480-138e-47e6-b79a-9a0f7b2846d5}
HKEY_CLASSES_ROOT\interface\{3e186ce2-1abb-45d6-a4b9-4fcd11fbb014}
HKEY_CLASSES_ROOT\interface\{4af8e04f-0d5e-4c3f-ba67-81b685584c12}
HKEY_CLASSES_ROOT\interface\{6c80c5b2-4748-411c-8120-09426f8ed212}
HKEY_CLASSES_ROOT\interface\{748c9204-6c92-485b-8bf8-3af7ecf03cde}
HKEY_CLASSES_ROOT\interface\{b6a0aa8a-7cb1-44f0-ace7-7a69739c8674}
HKEY_CLASSES_ROOT\interface\{c27d97e9-004b-4f4f-a5b0-b7188ddae024}
HKEY_CLASSES_ROOT\interface\{c3176a2c-3119-4f7f-b847-62b5ee6763e5}
HKEY_CLASSES_ROOT\interface\{cac16e1a-d86b-428a-bb7b-65f2d2bfc160}
HKEY_CLASSES_ROOT\interface\{dd369501-ede4-4e99-8728-7c9e4bbe6be8}
HKEY_CLASSES_ROOT\interface\{eac1accd-7790-4991-a9d2-550806d6d9c3}
HKEY_CLASSES_ROOT\interface\{ef2aa606-b72e-4a1b-b076-8b148661f3b7}
HKEY_CLASSES_ROOT\interface\{f9476885-40eb-4405-878a-193baf18ce9b}
HKEY_CLASSES_ROOT\typelib\{13693777-5b9d-4afc-99f1-650f569a0eb0}
HKEY_LOCAL_MACHINE\software\antivermins
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antivermins.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run antivermins
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antivermins

1.4 How do I remove it?
Get an anti-spyware program.

1.5 Any alternatives?
Guides copied from other websites and credit goes to them.
1. Download the SmitFraudFix tool and unpack its files to a chosen folder.

2. Download KillBox utility.

3. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the AntiVermins / AntiVerminser program and uninstall it.

4. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O4 - HKLM\..\Run: [AntiVermins] C:\Program Files\AntiVermins\antivermins.exe
O4 - HKLM\..\Run: [AntiVerminser] C:\Program Files\AntiVerminser\antiverminser.exe
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - %System%\gwquvw.dll
O22 - SharedTaskScheduler: (discriminable) - {4fbbdfd6-2ca9-4bba-93e4-aadf75321bca} - %System%\kuhmk.dll
O22 - SharedTaskScheduler: (gutturalness) - {fe288882-f661-4522-88f3-20cfb7866fa4} - %System%\cvnzie.dll
O22 - SharedTaskScheduler: (haematobia) - {3c767c6b-602d-4b9b-829d-a3dc5b2d89dd} - %System%\hjpprpu.dll

%System% is your default system directory, which usually is C:\WINDOWS\System (Windows 98 and Windows Me), C:\WINDOWS\System32 (Windows XP) and C:\WINNT\System32 (Windows 2000).

5. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator's privileges.

6. Once in Safe Mode, run the SmitFraudFix tool by executing the smitfraudfix.cmd file.
The official SmitFraudFix tutorial can be found here.

7. Use either Pocket KillBox or KillBox to delete the following file (if present):
C:\Windows\System32\axlet.dll
C:\Windows\System32\cthkpcv.dll
C:\Windows\System32\gwquvw.dll
C:\Windows\System32\nbbrhbd.dll
C:\Windows\System32\oksrqqu.dll
C:\Windows\System32\ownyhr.dll
C:\Windows\System32\vwfps.dll

Windows 2000 users should replace WINDOWS with WINNT here.

8. Delete the following directories (if present):
C:\Program Files\AntiVermins
C:\Program Files\AntiVerminser

1.6 Why would you create this guide?
I am one of the victims.

1.7 Who should I thanks to?
The guide especially on the registry was copied, thus credit goes to them.
I just add some more resources.

Version Update:
Version 1.1
Guide set up.
Version 1.2
Updated registry details.

Regards,
HeHeHunter

This post has been edited by HeHeHunter: Jan 29 2007, 10:49 PM

wrong place to post, should be at Software>Security&Piracy Privacy

Can anyone shift this post to there?

I just hope no one falls for that stupid software!

Moved from Technical Support.

TS, thx for the post, b4 this i dunno about this antivermins..Too many virus/spyware in the world until

Well, it was one of the hell anti-virus that is a spyware.
Scanned with Norton Anti-Virus and found nothing.

wow.. just when did u found this?
maybe it is so new that most anti-virus & anti-spyware company didn't realise it yet..

It has been around for while. One of my workmates PC was infected by this. NO AV could detect it. Even the mighty Kaspersky at that time.

When I ask Symantec, they said Norton internet security would detect it.
But till now. there is nothing.

guys and gals, just be careful.
This is quite dangerous.
it will nag you just like how WGA nag.

This post has been edited by HeHeHunter: Jan 23 2007, 12:40 PM

@TS
Nice Work. At least some people get to know about it. Thumbs Up. Cheers!

Thanks.

If I found any stupid software i will post it out.

i did a system restore when i had that. so far so good no problem. ran it with several scanner found no traces....

Lol.

I reckon' each and every member who decides to install anything that seems suspicious check out this link.

http://spywarewarrior.com/rogue_anti-spyware.htm

Even antivermin is listed in.

Wow...

Nice info.

Thanks eXPeri3nc3

Sure, no problem.

wow...so many be listed

i didnt notice about it

your link not fake ya?

Checked... It is not a phishing website.

FYI, it's refered as the most accurate and all of the ASAP forums are refering to this website.

This antivermin is detected by sypybot search & destroy and ad-aware as spyware.

This post has been edited by v i n c: Feb 4 2007, 02:06 AM

Thanks for the info.

I have zero idea how anti-virus works.

So, I always use the manual way to clean up spyware and virus.

Thou I am using NAV myself, but I doubt the capability.