Guide Version 1.2

1.0 What is antivermins (http://www.antivermins.com/) ? <-- Link removed by keyz
1st thing 1st! ANTIVERMINS is not a antivirus software!
It is a non-spyware nor virus. I tried to scan it with NAV2006 and nothing.
When you go googling and yahoo search, you will know the effects.

1.1 What does antivermins does to my computer?
- Antivermins security alerts will popup from at your taskbar, be titled "Security Alert!":
"System detected virus activities. These may impact the performance of your computer. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software."
- AntiVermins may also startup with your Windows system, and may launch excessive popup ads. AntiVermins may download and install other malware onto your computer.

1.2 Why my anti-virus program cannot detect any virus nor spyware although antivermins software said so?
Because there is no virus or spyware at your pc. It is just a false message!

1.3 What it does to my registry?
autoruns when the computer restarts.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run antivermins

HKEY_CLASSES_ROOT\clsid\{663de629-4ffd-a944-6f0a-64f98e925b62}
HKEY_CLASSES_ROOT\interface\{0be87caf-1c8e-43c7-a476-5af1a2f5a43f}
HKEY_CLASSES_ROOT\interface\{0cd726ec-f1f5-4210-9011-ee6b5332a279}
HKEY_CLASSES_ROOT\interface\{1efd4366-6676-4af7-a88a-872a49e2601d}
HKEY_CLASSES_ROOT\interface\{3b3fa480-138e-47e6-b79a-9a0f7b2846d5}
HKEY_CLASSES_ROOT\interface\{3e186ce2-1abb-45d6-a4b9-4fcd11fbb014}
HKEY_CLASSES_ROOT\interface\{4af8e04f-0d5e-4c3f-ba67-81b685584c12}
HKEY_CLASSES_ROOT\interface\{6c80c5b2-4748-411c-8120-09426f8ed212}
HKEY_CLASSES_ROOT\interface\{748c9204-6c92-485b-8bf8-3af7ecf03cde}
HKEY_CLASSES_ROOT\interface\{b6a0aa8a-7cb1-44f0-ace7-7a69739c8674}
HKEY_CLASSES_ROOT\interface\{c27d97e9-004b-4f4f-a5b0-b7188ddae024}
HKEY_CLASSES_ROOT\interface\{c3176a2c-3119-4f7f-b847-62b5ee6763e5}
HKEY_CLASSES_ROOT\interface\{cac16e1a-d86b-428a-bb7b-65f2d2bfc160}
HKEY_CLASSES_ROOT\interface\{dd369501-ede4-4e99-8728-7c9e4bbe6be8}
HKEY_CLASSES_ROOT\interface\{eac1accd-7790-4991-a9d2-550806d6d9c3}
HKEY_CLASSES_ROOT\interface\{ef2aa606-b72e-4a1b-b076-8b148661f3b7}
HKEY_CLASSES_ROOT\interface\{f9476885-40eb-4405-878a-193baf18ce9b}
HKEY_CLASSES_ROOT\typelib\{13693777-5b9d-4afc-99f1-650f569a0eb0}
HKEY_LOCAL_MACHINE\software\antivermins
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antivermins.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run antivermins
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antivermins

1.4 How do I remove it?
Get an anti-spyware program.

1.5 Any alternatives?
Guides copied from other websites and credit goes to them.
1. Download the SmitFraudFix tool and unpack its files to a chosen folder.

2. Download KillBox utility.

3. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the AntiVermins / AntiVerminser program and uninstall it.

4. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O4 - HKLM\..\Run: [AntiVermins] C:\Program Files\AntiVermins\antivermins.exe
O4 - HKLM\..\Run: [AntiVerminser] C:\Program Files\AntiVerminser\antiverminser.exe
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - %System%\gwquvw.dll
O22 - SharedTaskScheduler: (discriminable) - {4fbbdfd6-2ca9-4bba-93e4-aadf75321bca} - %System%\kuhmk.dll
O22 - SharedTaskScheduler: (gutturalness) - {fe288882-f661-4522-88f3-20cfb7866fa4} - %System%\cvnzie.dll
O22 - SharedTaskScheduler: (haematobia) - {3c767c6b-602d-4b9b-829d-a3dc5b2d89dd} - %System%\hjpprpu.dll

%System% is your default system directory, which usually is C:\WINDOWS\System (Windows 98 and Windows Me), C:\WINDOWS\System32 (Windows XP) and C:\WINNT\System32 (Windows 2000).

5. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator's privileges.

6. Once in Safe Mode, run the SmitFraudFix tool by executing the smitfraudfix.cmd file.
The official SmitFraudFix tutorial can be found here.

7. Use either Pocket KillBox or KillBox to delete the following file (if present):
C:\Windows\System32\axlet.dll
C:\Windows\System32\cthkpcv.dll
C:\Windows\System32\gwquvw.dll
C:\Windows\System32\nbbrhbd.dll
C:\Windows\System32\oksrqqu.dll
C:\Windows\System32\ownyhr.dll
C:\Windows\System32\vwfps.dll

Windows 2000 users should replace WINDOWS with WINNT here.

8. Delete the following directories (if present):
C:\Program Files\AntiVermins
C:\Program Files\AntiVerminser

1.6 Why would you create this guide?
I am one of the victims.

1.7 Who should I thanks to?
The guide especially on the registry was copied, thus credit goes to them.
I just add some more resources.

Version Update:
Version 1.1
Guide set up.
Version 1.2
Updated registry details.

Regards,
HeHeHunter

This post has been edited by HeHeHunter: Jan 29 2007, 10:49 PM

Can anyone shift this post to there?

I just hope no one falls for that stupid software!

Well, it was one of the hell anti-virus that is a spyware.
Scanned with Norton Anti-Virus and found nothing.

When I ask Symantec, they said Norton internet security would detect it.
But till now. there is nothing.

guys and gals, just be careful.
This is quite dangerous.
it will nag you just like how WGA nag.

This post has been edited by HeHeHunter: Jan 23 2007, 12:40 PM

Thanks.

If I found any stupid software i will post it out.

Wow...

Nice info.

Thanks eXPeri3nc3

Checked... It is not a phishing website.

Thanks for the info.

I have zero idea how anti-virus works.

So, I always use the manual way to clean up spyware and virus.

Thou I am using NAV myself, but I doubt the capability.