NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Antivirus Live. Description and removal instructions

 
Title: Antivirus Live
 Also known as: AntivirusLive
Type: Spyware
Severity scale:Antivirus Live severity is 72  (72 / 100)
 
Antivirus Live is a rogue antivirus application, fake spyware removal tool that enters a computer with the help or Trojans and other malicious software. It is from the same family as Antivirus System PRO and Spyware Protect 2009. Once installed, AntivirusLive will display fake security alerts and notifications about serious computer security threats or infections. The rogue application will also block almost all programs, especially anti-virus, to protect itself from being deleted. You will see the "Application can not be executed" warning when you launch applications. To make things even more complicated, it will hijack Internet Explorer and change LAN Settings. Antivirus Live enables proxy server for LAN and blocks security related and antivirus software websites.

Antivirus Live graphical user interface
[Figure 1. Antivirus Live graphical user interface]

Antivirus Live is promoted through the use of Trojans that come from fake online scanners and other misleading websites. It is also distributed using social engineering. The main goal of AntivirusLive is to trick you into purchasing the program. In order to achieve its goals, the misleading application will simulate a system scan and report false scan results. Antivirus Live will state that your computer is badly infected with Trojans, worms, spyware and other malware. Then it will ask you to pay for a full version of the program to remove the infections which do not even exist. In other words, this is nothing more but a scam. Do not purchase it!

What is more, Antivirus Live will impersonate Windows Security Center and state that Windows did not find any anti-virus software on your computer and that Windows are not updated. Obviously, the rogue program will suggest you to active Antivirus Live in order to protect your computer. And that's by the way, the main difference between the legitimate Security and the fake one. The legitimate one does not promote any particular anti-virus software. When this fake anti-spyware application is running, you will also see many fake security alerts. Some of them will state:


Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.


Infiltration alert
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropper or similar. Threat: Wind32/Nuqel.E


As you can see, Antivirus Live is totally useless and even dangerous application. Before you can remove this infection you have to end all processes associated with Antivirus Live malware. Otherwise you won't be able to run any anti-spyware/virus software. First of all, you have to disable proxy server for LAN in Internet Explorer or use another browser, for example Firefox or Opera.

How to disable Proxy server for LAN in Internet Explorer:

1. Open Internet Explorer. Click on the Tools menu and then select Internet Options.


2. In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.


3. Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.


4. Now download renamed Process Explorer (explorer.com) and terminate Antivirus Live processes. Should be [random]sysguard.exe, for example: wmcqsysguard.exe.

NOTE: Do not reboot your computer after using Process Explorer and terminating Antivirus Live processes.

Now you should be able to download an automatic Antivirus Live removal tool or another anti-spyware application. Most importantly, do not purchase it. If you have already done that, please contact your credit card company and dispute the charges.

FORUM:
Discuss Antivirus Live in
spyware removal forum

Related files: [random]sysguard.exe

Antivirus Live properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

Automatic Antivirus Live removal:

remover for Antivirus Live

Antivirus Live manual removal:

Kill processes:
[random]sysguard.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HELP:
how to remove registry entries

Delete files:
[random]sysguard.exe
HELP:
how to remove harmful files

Delete directories:
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[random]sysguard.exe

Other programs to remove Antivirus Live:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 08/12/09
Information updated: 30/04/10

Additional resources related to Antivirus Live:

Attention: If you know or you have a website or page about Antivirus Live removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Antivirus Live parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by . 2010-04-30 20:04:17
remove security tool

2. by . 2010-04-26 19:04:22
I can't seem to find the program on the process explore. what should i do?

3. by . 2010-04-25 03:04:05
Can someone tell me about step. 4 i don't really know what to do...

4. by . 2010-03-13 13:03:54
please if u know how to remove antivirus 7 post a comment hir

5. by . 2010-03-13 13:03:50
why when i download spyware doctor it doent help me it just want me to buy something

6. by . 2010-03-09 14:03:56
The version I ran into turns off the Start Bar and Task Manager. No way to stop it. No way to correct it. Pray you have a good back up and reload...

7. by . 2010-02-26 22:02:44
HI, is anyone there??

8. by lita. 2010-02-26 08:02:12
thank you

9. by . 2010-02-24 00:02:00
all this worked... but now no internet explorer or firefox works. The PC says that the application does not exist.

How do I get online to reload IE orfirefox or anything.

10. by . 2010-02-19 14:02:11
its good

11. by cjg. 2010-02-09 04:02:10
OK... but what do you do if you can't get your computer to boot, even in safe mode or with command prompt? I've tried Trinity, but not good enough with it to edit registry... Any suggestions?

12. by Keke. 2010-02-06 18:02:13
It worked! -3- lawl, I'm 15 and a expert at computers. :) thank you.

13. by . 2010-01-29 19:01:11
Check

14. by EVILx13. 2010-01-29 03:01:52
newer version activeley scans and closes processes in in if alternate windows instalation exists logon to it search for *guard*.exe* rightclick when found take away ntfs perrmisions from "everyone"

15. by . 2010-01-28 14:01:37
Ahh !!
Some of the he joys of running Linux.
NO spyware
NO viruses
NO nasties
And best of all, NO Microsoft
Joy !!!!

16. by . 2010-01-27 13:01:58
The only way I can get rid of this is to boot to safe mode and then search for sysguard and delete the files. After doing this, it worked fine. Thanks for letting me know which file to look for.

17. by . 2010-01-27 07:01:03
I found that after getting rid of this, it would return the next day when I would turn my computer on again. So I simply did a system restore to a couple days before it happened, and all is fine now. (by the way, I use Malwarebytes' Anti-Malware. It works great and is free.)

18. by . 2010-01-26 14:01:35
Used a BartPE Boot Disk...then searched for *sysguard.exe ... then deleted all *sysguard.exe. This then allowed me to boot the OS and comb out the registry entries. Thanks for Identifying the "bad" file.

19. by . 2010-01-26 10:01:52
can i ask what antivirus program you all use.?

20. by . 2010-01-26 08:01:56
When I try to reboot in safe mode with networking, the system restarts and stays in the safe mode option screen.

See more comments about Antivirus Live >>>
Latest spyware news:
Similar parasites:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.