Threat Information: Antivirus Live is rogue security application which is related to the notorious rogue programs Antivirus System PRO and Spyware Protect 2009. It uses scare tactics to try and induce users into paying for its license. Antivirus Live reaches the user’s system via Trojans that get downloaded along with other malicious software as well as fake video codecs. Once installed, Antivirus Live blocks Windows utilities such as Task Manager and Registry Editor to prevent the user from attempting to remove it. It also performs a large number of fake security scans on the system and comes up with a lot of fake infections which it claims are plaguing the user’s computer. Antivirus Live also displays fake warning pop-ups from the Windows taskbar. By installing a Browser Helper Object, Antivirus Live hijacks the user’s web browser and then gives the user fake warnings that their privacy is about to be invaded while blocking access to legitimate antivirus websites. The aim of all this activity is to try and get the user to purchase a license to the ‘full’ version of Antivirus Live by claiming that the currently installed ‘trial’ version is insufficient to remove all the detected ‘threats’. However, the so-called ‘full’ version of Antivirus Live is just as incapable of cleaning out any computer system as the ‘trial’ version is.
Antivirus Live
» Download Antivirus Live Removal Software
As soon as you find a copy of this malicious software on your computer, you should take steps to remove Antivirus Live. Antivirus Live removal is a process which involves the stopping of processes, deletion of files and folders and the removal of registry entries.
Antivirus Live Manual Removal Procedures
The first step you need to take in order to delete Antivirus Live is to stop the following process:
- [random]sysguard.exe, for example mscqsysguard.exe
The next step in Antivirus Live removal is to delete the following files and folders:
- %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\
- %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[random]sysguard.exe
- %UserProfile%\Local Settings\Application Data\
- %UserProfile%\Local Settings\Application Data\sysguard.exe
Antivirus Live Registry Removal Proedures
Removing files and folders alone is not sufficient to completely remove Antivirus Live. The following keys and settings should also be removed from the Windows registry to complete Antivirus Live removal:
- HKEY_CURRENT_USER\Software\AvScan
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
Once all these steps have been completed, your system is safe from Antivirus Live.
Antivirus Live Directories:
- %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\
- Vist and Windows 7 Users: C:\Users\%UserName%\AppData\[RANDOM CHARACTERS]\
Outside Resources:
Speak Your Mind