V18 Portable - Avenger Tool

Boot into Safe Mode with Networking, launch Avenger Portable from USB, and script the deletion of the fake AV’s executable and its run keys. Reboot to a clean desktop.

Right-click Avenger.exe → Run as administrator. The tool requires elevated privileges to interact with kernel objects.

The file is likely in use by a system process that loads extremely early (e.g., a boot driver). In this rare case, use a bootable USB like Hiren’s BootCD PE running Avenger v18 Portable from a WinPE environment.

Avenger Tool (also known as Avengers Box or Avengers Tool) is a professional mobile software repair tool widely used by technicians for servicing Android devices, particularly those with MediaTek (MTK) and Qualcomm chipsets. The "v18" refers to a specific legacy version (version 1.8), and "Portable" indicates it runs without a formal installation process. avenger tool v18 portable

Here is a guide on how to set up and use the portable version of this tool.

To delete a stubborn malware driver:

Files:
C:\Windows\System32\drivers\vicious.sys
Registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vicious
 Boot into Safe Mode with Networking, launch Avenger

To force-kill a process before deletion:

Processes:
malware.exe
Files:
C:\Users\Public\malware.exe

Click Execute Script Now. The tool will schedule the deletions with the PendingFileRenameOperations registry key, then prompt for a reboot.

The true power of Avenger lies in its scripting language. You can write plain text scripts to: Boot into Safe Mode with Networking

Warning: Misuse can damage your OS. Always back up critical data before running Avenger.