How to Remove AntiAid | AntiAid Removal Guide
AntiAid is a rogue antivirus/security program that is from the Wini family of Rogues. This is a bit of a departure from much of the long recent history of these rogues due to a new user interface. This rogue (and it’s family) is usually advertised (pushed would be a better term) through codec downloads. They will present content and say that in order to view it you must download this codec which turns out to be the rogue. Once installed, AntiAid will scan your computer and claim there are numerous problems with your system with regards to viral infected files. To remove these it will require that you purchase the software which…. you really shouldn’t do. Read on for how to remove AntiAid.
Like most of these rogue applications the program will also popup numerous warnings and complaints about the security of your system. Just like the infected files that it claims to find, all of these warnings are fabricated and should be ignored.
First, in order to remove AntiAid you should download and install mawarebytes antimalware. (You can find a link to it on my virus removal toolkit page.) While you’re there you may optionally go ahead and download process explorer as well. You may need it further along in the removal process.
If you are unable to install and run malwarebytes initially you may try the following tricks to get it to run. 1) rename the installer mbam-setup.exe to something that will likely be allowed to run such as firefox.exe. Then retry the installer 2) reboot into safe mode and then retry the install. (You will need safe mode with networking for it to update.) 3) continue through the next step of killing off the running processes associated with antiaid and then retry the install.
The following processes are associated with AntiAid and should be killed off via the task manager to continue with your AntiAid removal. If you are unable to launch task manager you may try the following tricks to continue. 1) reboot into safe mode and then retry launching the task manager (most rogues will not run during safe mode – so just verify they’re not running and then continue. 2) copy, paste and rename the taskmgr.exe executable. Copy it to the desktop and then rename it to a program that is likely to be allowed to run such as firefox.exe 3) use process explorer instead to kill off the following programs:
AntiAid.exe
Uninstall.exe
8enyqcv1.exe
There may be some randomization involved in the creation of the filename 8enyqcv1.exe – use the information below plus what you see on your system to determine if that is the correct filename to look for or to determine the appropriate filename on your system.
The following files and folders are related to AntiAid and should be deleted for complete removal of AntiAid:
%docs%\All Users\Desktop\AntiAID.lnk
%docs%\All Users\Start Menu\Programs\AntiAID
%docs%\All Users\Start Menu\Programs\AntiAID\1 AntiAID.lnk
%docs%\All Users\Start Menu\Programs\AntiAID\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\AntiAID\3 Uninstall.lnk
%progfiles%\AntiAID Software
%progfiles%\AntiAID Software\AntiAID
%progfiles%\AntiAID Software\AntiAID\AntiAID.exe
%progfiles%\AntiAID Software\AntiAID\uninstall.exe
%win%\100849pambotz85.bin
%win%\1019wo5m65bz.dll
%win%\10568hack9o5l5z5.dll
%win%\system32\2901sp55za.bin
%win%\system32\29290wozm6795.cpl
%win%\system32\29418tro5ez.ocx
%tmp%\8enyqcv1.exe
After you have removed the above files (or their equivalents) on your system you should now have completed a manual removal of antiaid. Even after a successful removal I would still install and update malwarebytes antimalware and let it run a full scan as well as scanning the system with a trusted antivirus product such as AVG/Avira/etc.