Antivirus Live is a rogue antivirus application, fake spyware removal tool that enters a computer with the help or Trojans and other malicious software. It is from the same family as Antivirus System PRO
and Spyware Protect 2009
. Once installed, AntivirusLive will display fake security alerts and notifications about serious computer security threats or infections. The rogue application will also block almost all programs, especially anti-virus, to protect itself from being deleted. You will see the "Application can not be executed"
warning when you launch applications. To make things even more complicated, it will hijack Internet Explorer and change LAN Settings. Antivirus Live enables proxy server for LAN and blocks security related and antivirus software websites.
[Figure 1. Antivirus Live graphical user interface]
Antivirus Live is promoted through the use of Trojans that come from fake online scanners and other misleading websites. It is also distributed using social engineering. The main goal of AntivirusLive is to trick you into purchasing the program. In order to achieve its goals, the misleading application will simulate a system scan and report false scan results. Antivirus Live will state that your computer is badly infected with Trojans, worms, spyware and other malware. Then it will ask you to pay for a full version of the program to remove the infections which do not even exist. In other words, this is nothing more but a scam. Do not purchase it!
What is more, Antivirus Live will impersonate Windows Security Center and state that Windows did not find any anti-virus software on your computer and that Windows are not updated. Obviously, the rogue program will suggest you to active Antivirus Live in order to protect your computer. And that's by the way, the main difference between the legitimate Security and the fake one. The legitimate one does not promote any particular anti-virus software. When this fake anti-spyware application is running, you will also see many fake security alerts. Some of them will state:
Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropper or similar. Threat: Wind32/Nuqel.E
As you can see, Antivirus Live is totally useless and even dangerous application. Before you can remove this infection you have to end all processes associated with Antivirus Live malware. Otherwise you won't be able to run any anti-spyware/virus software. First of all, you have to disable proxy server for LAN in Internet Explorer or use another browser, for example Firefox
How to disable Proxy server for LAN in Internet Explorer:
1. Open Internet Explorer. Click on the Tools
menu and then select Internet Options
2. In the the Internet Options window click on the Connections
tab. Then click on the LAN settings
3. Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN
under the Proxy Server section and press OK
4. Now download renamed Process Explorer (explorer.com)
and terminate Antivirus Live processes. Should be [random]sysguard.exe
, for example: wmcqsysguard.exe
NOTE: Do not reboot your computer after using Process Explorer and terminating Antivirus Live processes.
Now you should be able to download an automatic Antivirus Live removal tool or another anti-spyware application. Most importantly, do not purchase it. If you have already done that, please contact your credit card company and dispute the charges.
Antivirus Live properties
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
and agreement of use
Antivirus Live manual removal:
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[random]sysguard.exe