Remove Security Antivirus. Description and removal instructions
 [Figure 1. Security Antivirus graphical user interface] Once installed, SecurityAntivirus will drop numerous files on your computer and later detect these files as serious computer threats. The fake files are: ANTIGEN.drv, ANTIGEN.exe, cid.dll, DBOLE.sys, ddv.dll, ddv.sys, energy.tmp, FS.drv, PE.exe, PE.sys, runddlkey.dll, std.exe, tjd.drv. The rogue program just imitates a system scan and reports false infections. Don't worry about that and ignore false scan results. Furthermore, Security Antivirus will display many fake security alerts stating that your computer is infected or that there are otentially harmful programs on your PC. Some of the fake alerts displayed by this virus: Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Security Antivirus. Your PC may still be infected with dangerous viruses. Security Antivirus protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection. Malicious applications, which may contain Trojans, were found on your computer and are to be removed immediately. Click here to remove these potentially harmful items using Security Antivirus. No real-time malware, spyware and virus protection was found. Click here to activate. Just like the false scan results these fake warnings were made to scare you. Last, but not least, Security Antivirus will hijack Internet Explorer and redirect search results to findgala.com. It may also block security related websites. Finally, it will modify Windows Hosts file and add the following lines in Hosts file: 74.125.45.100 4-open-davinci.com 74.125.45.100 securitysoftwarepayments.com 74.125.45.100 privatesecuredpayments.com 74.125.45.100 secure.privatesecuredpayments.com 74.125.45.100 getantivirusplusnow.com 74.125.45.100 secure-plus-payments.com 74.125.45.100 www.getantivirusplusnow.com 74.125.45.100 www.secure-plus-payments.com 74.125.45.100 www.getavplusnow.com 74.125.45.100 safebrowsing-cache.google.com 74.125.45.100 urs.microsoft.com 74.125.45.100 www.securesoftwarebill.com 74.125.45.100 secure.paysecuresystem.com 74.125.45.100 paysoftbillsolution.com 74.125.45.100 protected.maxisoftwaremart.com 95.211.99.110 www.google.com 95.211.99.110 google.com 95.211.99.110 www.google-analytics.com 95.211.99.110 www.bing.com 95.211.99.110 search.yahoo.com 95.211.99.110 www.search.yahoo.com As you can see, Security Antivirus is a total scam. Please use the removal guide below to get rid of this infections as soon as possible. Also note that removal delay will probably make the situation more complicated because it is able to download and install additional malware onto your computer. Related files: 72.mof, mozcrt19.dll, SA345d.exe, SAV.ico, sqlite3.dll, Adobe Reader Speed Launch.lnk, Adobe Reader Synchronizer.lnk, vd952342.bd, SAAKDUPV.cfg, Security Antivirus.lnk, cookies.sqlite, ANTIGEN.drv, antigen.exe, cid.dll, CLSV.drv, DBOLE.sys, ddv.dll, ddv.sys, energy.tmp, FS.drv, gid.drv, PE.drv, PE.exe, PE.sys, PE.tmp, runddlkey.dll, std.exe, tjd.drv, tjd.sys, c:\Program Files\Mozilla Firefox\searchplugins\search.xml Security Antivirus properties: • Changes browser settings • Shows commercial adverts • Connects itself to the internet • Stays resident in background Automatic Security Antivirus removal:remover for Security Antivirus
Security Antivirus manual removal:Kill processes:SA345d.exe Delete registry values: HKEY_CURRENT_USER\Software\3 HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}" HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}" HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%" HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus" Delete files: 72.mof mozcrt19.dll SA345d.exe SAV.ico sqlite3.dll Adobe Reader Speed Launch.lnk Adobe Reader Synchronizer.lnk vd952342.bd SAAKDUPV.cfg Security Antivirus.lnk cookies.sqlite ANTIGEN.drv ANTIGEN.exe cid.dll CLSV.drv DBOLE.sys ddv.dll ddv.sys energy.tmp FS.drv gid.drv PE.drv PE.exe PE.sys PE.tmp runddlkey.dll std.exe tjd.drv tjd.sys c:\\Program Files\\Mozilla Firefox\\searchplugins\\search.xml Delete directories: C:\Documents and Settings\All Users\Application Data\345d567\ C:\Documents and Settings\All Users\Application Data\345d567\BackUp C:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\ C:\Documents and Settings\All Users\Application Data\345d567\SAVSys\ %UserProfile%\Application Data\Security Antivirus Other programs to remove Security Antivirus:• Malwarebytes Anti Malware - Review - Download• Malwarebytes Anti Malware - Review - Download • Windows Defender - Review - Download Information added: 10/02/10 Information updated: 21/03/10 Additional resources related to Security Antivirus:Attention: If you know or you have a website or page about Security Antivirus removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Security Antivirus parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 Eliminate annoying "Open with..." dialog box Attention! Norton Update Center is announced to be vulnerable for cross-site scripting, redirects and html injections! Attention! Nonexistent video on Facebook! A New Type of Phishing Attack - Tabnapping McAfee False Detection causes significant Window XP performance issues Three men responsible for the largest Spanish “botnet” Mariposa have been arrested How to Keep Your Credentials Save StopBadware is Fighting Against Cyber Criminals as a Non-Profit Organization The Most Successful Period for Cyber Criminals Don't Make Online Donations to ScammersSubscribe to news 
Similar parasites:
|
FORUM:
HELP:
Comments from visitors:
1. by karchamberlin@comcast.net. 2010-03-21 21:03:05
thank u
thank u
thank u
I am in a similar boat; I managed to download Spyware Doc but the virus won't let me open and run it...Don't know what to do...It keeps shutting the explorer but luckily I am ok with Safari.
Anyone got any suggestions how to run Spyware Doc and override Security Antivirus?
Thanks!