Recommended Spyware Blocker Download
« How To Change Proxy Settings  
  Remove Personal Security »

Remove Antivirus Live

Antivirus Live is a fake antivirus program promoted through fake online anti-virus scanner websites. When Antivirus Live installs itself onto your computer, it will disable your firewall and anti-virus software in order to prevent you from disabling it. In addition, it will automatically scan your computer and report it has found numerous virus infections. The purpose of this fake scan is to scare you into purchasing a full license; do not fall for this scam.

Besides the fake scan reports and popups, Antivirus Live will also impersonate Windows Security Center and tell you your computer is under attack. What makes Antivirus Live unique compared to other recent spyware infections is that it will hijack Internet Explorer and change your proxy settings. It does this so you will always be redirected to its website. Here is a screenshot of this rogue spyware:

Antivirus Live Screenshot
Automatic Antivirus Live removal:

1.) You first have to fix your Internet Explorer Proxy settings.
(Learn how to fix proxy settings)
2.) Stop the Antivirus Live process: (random)sysguard.exe by downloading Process Explorer and ending the (random)sysguard.exe process. It has been renamed to explorer.com in order to trick Antivirus Live to let it work. You can learn more about Process Explorer here

Download Antivirus Live Remover

Antivirus Live Remover

Manual Antivirus Live removal:

Kill processes: (random)sysguard.exe
(Learn how to kill processes)

Delete registry keys:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "(random)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(random)"
(Learn how to delete registry keys)

Delete files:
%UserProfile%\Local Settings\Application Data\(random)\(random)sysguard.exe
(Learn how to delete files)

Delete folders:
%UserProfile%\Local Settings\Application Data\(random)\

Fix proxy settings
(Learn how to fix proxy settings)

Once you have removed Antivirus Live from your computer using either the automatic or manual method, make sure to block it and other malicious software using a HOSTS file. We recommend downloading the HOSTS file from here, which contains a complete, up-to-date list of malicious websites.


If this article has helped you, please take this time to share it with Digg using the Digg button (see Digg share button to the left) or retweet it using Twitter (see retweet button to the left). You may also want to follow us on Twitter to keep up-to-date with the latest spyware prevention tips and spyware threats. If you'd rather follow us from your Facebook account, please join our Facebook fan page.

Recommended Spyware Blocker Download
December 8th, 2009 | Tags: , , , | Category: Threats

What's your opinion?

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>