Tuesday, 12 January 2010

How to remove Antivirus Live? Help with getting rid of this virus

Antivirus Live is a fake anti-virus application, a clone of another scareware called Antivirus System PRO. This malicious software comes with Trojan viruses and displays fake security alerts or false scan results to make the user of the compromised computer think that his computer is infected with viruses. Antivirus Live then prompts the user to pay for a full version of the program to remove supposedly found infections. Don't purchase it and remove this malware from your computer immediately. Contact your bank/credit card company as soon as possible and dispute the charges if you have purchased it.

The biggest problem about Antivirus Live is that it protects itself quite effectively and blocks almost all programs. I'm not even talking about anti-virus software. The virus blocks anti-virus/spyware software in the first place. It also hijacks Internet Explorer and changes Proxy Settings so that the only working website is Antivirus Live home page and purchase page. The rogue program displays an error message when you try to removal tool. That warning reads:

"Application cannot be executed. The file [program].exe is infected.
Do you want to activate your antivirus software now."

AntivirusLive will also impersonate Windows Security Center and will "push" you into paying for the bogus software. Rememeber, this is a scam. Let me show you how to remove Antivirus Live manually for free.

Removal instructions (Print out these instructions if you can because you may have to close this window)
1. Start your computer is "Safe Mode with Networking". To get into the Windows Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm

2. Delete Antivirus Live process:
1) Download  HijackThis (NOTE: rename HijackThis.exe to explorer.exe before saving it to desktop). Launch the explorer.exe and click "Do a system scan only" button.

2) Search for similar entries in the scan results:
O4 – HKCU\..\Run: [warsazlf] C:\Documents and Settings\user\Local Settings\Application Data\asoksd\saqpsysguard.exe  
The process name will be different in your case. But it has the same structure: [RANDOM]sysguard.exe 

Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

3. Download SUPERAntispyware or MalwareBytes Anti-malware and run a system scan.

Additional step: How to fix Internet Explorer proxy settings (for those you don't have any other browser and can't download removal tools).
In Internet Explorer go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.

Other useful removal tips:
- Start Windows in "Safe mode"
- Search your PC for (sysgaurd.exe) and make sure you check on "Search hidden files and folders" from the "Advanced options"
- Delete all files contain [RANDOM]sysguard.exe, for example: saqpsysguard.exe
- Download and scan your PC with Malwarebytes Anti-malware

More useful info:

Antivirus Live removal video (other method than stated in this page):

No comments:

Post a Comment