Advanced Virus Remover is reported to be a rogue application. This malware has several different installers, the files on your computer will depend upon which installer has infected it. 

{slide=Ok Tell me more about it! }

1) You may have downloaded it knowingly or unknowingly mistaking it to be something else.
2) It may have automatically downloaded while you were visiting some harmful website
3) Your computer may have a trojan virus which in turn downloads such an application.

Recently I have noticed that the malware authors are also keeping track of the removal instructions published on the internet. As soon as they think that the malware is exposed, they change the file/folder names and the locations where they are saved on the hard disk. So keeping this in mind you will require the latest information of the malware in order to be able to remove it.

You can find latest ThreatExpert analysis reports of this rogue on this link

If you happen to have the rogue installer, you can submit it to threatexpert site and get it analyzed. That will help you to get the precise information about the virus.  

 Files Associated

 These are the identifiable EXE file names that are used in different installations of this malware. 

The installers of this rogue applications are around 24KB, 241KB and 1.94 MB,  The smaller installers are more dangerous, and probably enter your computer as driveby downloads. Whereas the larger installer is identifiably known as setupadvancedvirusremover.exe  and does little than creating the folders of its name and an exe file. This is probably the strategy of the malware author to fool the security sites into believing that they know what this installer does, where as the other installers install substantially different files and infect the computer heavily.  

 {/slide}{slide=Can I get rid of it by just doing a system restore ?}

The website

 The websites associated with this malware are [downloadavr6.com, testavrdown.com]

Trying system restore

If you know the duration since your computer is infected, you can try to restore your computer at a prior date, that will work like a miracle in removing the infection

Using system restore in windows XP

Using system restore in windows Vista

 Most of the malware/rogue removal sites recommend using Malwarebytes Antimalware. I am not sure if it can remove all the components of these malware. You could try any antivirus program, installed on your computer or try scanning online , that could be equally helpful. I have listed some free software and services here for your convenience.  Special tools to remove a single virus or a family of virus, Free Online virus scanners and Fully functioning freeware antivirus/ antispyware programs. I do not know which one of them is effective for the current threat.

•  Free tools for windows XP
  
  
  • Free tools for windows Vista

These are the steps to be taken, if you want to remove the infected files manually. You may not find all the files that are mentioned here on an infected computer.  Don't be worried. Do as much as you can. 

Boot in safe mode

Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them.

How to boot in safe in windows XP

How to boot in safe mode in windows Vista

 Remove Processes from Task Manager 

Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for PAVRM.exe, AVR09.exe, winupdate.exe, 41.exe, FastNetSrv.exe, wmdtc.exe
Select and press End Process button, Confirm to terminate the process and Close Task Manager.

Alternately you can use Windows Defender to see the path of a currently running program/ process and its publisher, so as to differentiate malware processes from processes belonging to legitimate publishers. You may find such processes listed under Unknown Publisher in windows defender.

How to use Windows Defender in windows XP

How to use Windows Defender in windows Vista

• How to use Sysinternal's Process Explorer 

Removing entry from windows startup

The system configuration can be started in xp and in vista by typing msconfig in the run box/ start menu search box. In xp by clicking on Start > run . The windows startup is reversible, therefore you can check / uncheck any entry from windows startup any number of times.

After the system configuration window is open, Click on the Startup tab, that will list all the programs that are scheduled to start with windows. Expand the middle column using your mouse pointer so that you can see the full path of the program. Locate and uncheck  "Advanced Virus Remover" or PAVRM.exe, AVR09.exe, winupdate.exe, 41.exe, FastNetSrv.exe, wmdtc.exe
in it (look for any other suspicious names)  Press Apply , Press Close/Ok , Select  "restart" at the next prompt.

View Hidden Files

Before you could delete Advanced Virus Remover and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders

How to Enable to View Hidden Files and Folders in Windows XP

How to Enable to View Hidden Files and Folders in Windows Vista

Deleting files

This malware creates different files and folders depending on the installer.

Installer 4 see report

C:\Documents and Settings\[UserName]\Desktop\Advanced Virus Remover.lnk
C:\Documents and Settings\[UserName]\Start Menu\Advanced Virus Remover.lnk
C:\Program Files\AdvancedVirusRemover\AVR.exe 

Installer 3 see report 

%Temp%\rundll32.dll
C:\Documents and Settings\[UserName]\ntuser.dll
C:\Documents and Settings\[UserName]\Start Menu\Programs\Startup\scandisk.dll
C:\Windows\System32\calc.dll
%ProgramFiles%\AdvancedVirusRemover\PAVRM.exe
%Windir%\Install.txt
C:\Windows\System32\Install.txt
C:\Windows\System32\A.tmp
C:\Windows\System32\B.tmp
C:\Windows\System32\BtwSrv.dll
C:\Windows\System32\critical_warning.html
C:\Windows\System32\FastNetSrv.exe
C:\Windows\System32\FInstall.sys
C:\Windows\System32\lsm32.sys
C:\Windows\System32\winhelper.dll
C:\Windows\System32\winupdate.exe
C:\Windows\System32\wmdtc.exe
C:\Windows\Temp\mta13187.dll
C:\Windows\Temp\x1c122182.dll 

Installer 2 see report 

 C:\Program Files\AdvancedVirusRemover\
C:\Program Files\AdvancedVirusRemover\PAVRM.exe

C:\Windows\System32\41.exe
C:\Windows\System32\AVR09.exe
C:\Windows\System32\critical_warning.html
C:\Windows\System32\winupdate.exe
C:\Windows\System32\winhelper.dll

Installer 1  see report

This installer is reported by most of the security related sites. 

C:\Program Files\AdvancedVirusRemover\
C:\Program Files\AdvancedVirusRemover\PAVRM.exe

 This third installer further tries to alter or modify several Internet Explorer, Outlook Express, MSN, Netmeeting, Windows Media Player and Microsoft.Net files , the details of which you can see in the link above. It further creates two windows services named BtwSrv and fastnetsrv / fastnetsrv Service. It then deletes or tries to delete the system files so that the computer is unable to boot into safe mode. Further it downloads more files from its associated sites. Effectively this malware makes the computer irrepairable. in this case the best option is to format the hard disk and reinstall windows and other software. 

Run CCleaner

After deleting Advanced Virus Remover and its associated files , as there will be leftover entries in the windows registry. CCleaner is a free temp files/registry cleaner, that will automatically clean the registry as well as remove the temp files . Click here to read more

Edit Registry

This malware heavily modifies windows registry. You need to clean it by manually editing the windows registry. You can see the registry modifications in any of the threatexpert reports listed above.

How to edit registry in windows XP

How to edit registry in windows Vista 

Unable to delete a file/folder

If you are unable to search and delete its files as mentioned in this article, try to do a memory scan using your antivirus application, Also do a scheduled boot time scan in order to find and delete the virus infected files during the boot time. Usually most of the antivirus applications can do a memory scan as well as a scheduled boot scan. 

If you are unable to open Task Manager, registry editor, system restore, Folder Options etc

If the virus has disabled them. There are free tools and techniques to solve this problem.  They are listed here.

Tools for Windows XP

Tools for Windows Vista

Use the system file checker

If you want to make sure that the windows system files are not altered by the virus, and in case if they are altered then to repair them.

How to run System File checker utility in windows XP

How to run System File checker utility in windows Vista

Unable to access security related sites

Using Firewall

Check your firewall for any suspicious communication from your computer to the internet and block it using firewall.

Communincates with the following sites

Sometimes the virus infects your computer so badly , that it becomes nearly impossible to practically clean the computer. In that case you sholud reinstall windows on your computer. There is no batter alternative. You need to copy or backup whatever is of any importance to you either using a CD/DVD writer, or an external hard disk, or an pen drive. If your computer is not responding at all, then you can take out the hard disk and connect it as an external hard disk/ or as a slave disk to another computer and then get the data copied. Of course you need to get help from someone to do all that if yo can't do it yourself. But I am explaining all the options you have. It is better to copy all the data from the hard disk, and then delete all the partitions and then repartition the hard disk, so that there are no chances of any trace of the virus. 

{/slide}{slide= Does this malware harm me in any way? }

Yes it can. Most of the malware are equipped with keyloggers that record your keystrokes, so that they can steal your login information to different sites. If your computer is recently infected, it is in your own interest to change the passwords of all your accounts, by using an uninfected computer.  

{/slide}{slide=Is there anything I can do so that I don't get into this situation again! }
You can take several precautionary measure so that such thing never (hopefully) happens to you ever again. I have found some simple steps that will help you to a great extent.

1) You need to have a functioning antivirus, antispyware and a firewall, free or commercial. Please see the link elsewhere in this article for the list of freeware applications. 

2) Use FireFox browser. It is safer than other browsers. You will require to install some browser plugins for better safety, some of them are WOT - a site advisor plugin from mywot.com. NOSCRIPT - a browser plugin that prevents the javascripts of sites, and allows upon your selection. 

3) Use CCleaner - it is a freeware temp files and registry cleaner. Set it so that it runs everytime you start windows. That will save you the efforts to run it manually. It is your choice, you can either run it at the end of your browsing session, or before closing the computer. 

Reprinted with permission from ThreatExpert.com

{/slide}