Recommended Spyware Blocker Download
« Remove PC Defender  
  Remove Win 7 Antispyware 2010 »

Remove Antivirus Soft

Antivirus Soft is a fake antivirus program promoted through fake online anti-virus scanner websites. It is a variant of Antivirus Live that infected thousands of computers in December 2009. When Antivirus Soft installs itself onto your computer, it will disable your firewall and anti-virus software in order to prevent you from disabling it. In addition, it will automatically scan your computer and report it has found numerous virus infections. The purpose of this fake scan is to scare you into purchasing a full license; do not fall for this scam.

Besides the fake scan reports and popups, Antivirus Soft will also impersonate Windows Security Center and tell you your computer is under attack. Antivirus Soft will hijack Internet Explorer and change your proxy settings. It does this so you will always be redirected to its website and make it difficult for you to download a spyware remover program. Here is a screenshot of this rogue spyware:

Antivirus Soft Screenshot
Automatic Antivirus Soft removal:

1.) To remove this rogue, you need to boot into Windows Safe Mode with Networking
(Learn how to boot into Safe Mode with Networking)
2.) Login to Windows and fix your Internet Explorer Proxy settings.
(Learn how to fix proxy settings)
3.) Stop the Antivirus Soft process: (random)sysguard.exe by downloading Process Explorer and ending the (random)sysguard.exe process. It has been renamed to explorer.com in order to trick Antivirus Soft to let it work. You can learn more about Process Explorer here

Download Antivirus Soft Remover

Antivirus Soft Remover

Manual Antivirus Soft removal:

Kill processes: (random)sftav.exe, (random)sysguard.exe
(Learn how to kill processes)

Delete registry keys:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "(random)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(random)"
(Learn how to delete registry keys)

Delete files:
Windows XP Files
%UserProfile%\Local Settings\Application Data\(random)\(random)sftav.exe
%UserProfile%\Local Settings\Application Data\(random)\(random)sysguard.exe

Windows Vista and 7 Files
%UserProfile%\AppData\Local\(random)\(random)sftav.exe
%UserProfile%\AppData\Local\(random)\(random)sysguard.exe

(Learn how to delete files)

Delete folders:
Windows XP Files
%UserProfile%\Local Settings\Application Data\(random)\

Windows Vista and 7 Files
%UserProfile%\AppData\Local\(random)\

Fix proxy settings
(Learn how to fix proxy settings)

Once you have removed Antivirus Soft from your computer using either the automatic or manual method, make sure to block it and other malicious software using a HOSTS file. We recommend downloading the HOSTS file from here, which contains a complete, up-to-date list of malicious websites.

Recommended Spyware Blocker Download
February 3rd, 2010 | Tags: , , , | Category: Threats

What's your opinion?

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>