Antivirus Live is a rogue antivirus application, fake spyware removal tool that enters a computer with the help or Trojans and other malicious software. It is from the same family as Antivirus System PRO and Spyware Protect 2009. Once installed, AntivirusLive will display fake security alerts and notifications about serious computer security threats or infections. The rogue application will also block almost all programs, especially anti-virus, to protect itself from being deleted. You will see the “Application can not be executed” warning when you launch applications. To make things even more complicated, it will hijack Internet Explorer and change LAN Settings. Antivirus Live enables proxy server for LAN and blocks security related and antivirus software websites.
[Figure 1. Antivirus Live graphical user interface]
Antivirus Live is promoted through the use of Trojans that come from fake online scanners and other misleading websites. It is also distributed using social engineering. The main goal of AntivirusLive is to trick you into purchasing the program. In order to achieve its goals, the misleading application will simulate a system scan and report false scan results. Antivirus Live will state that your computer is badly infected with Trojans, worms, spyware and other malware. Then it will ask you to pay for a full version of the program to remove the infections which do not even exist. In other words, this is nothing more but a scam. Do not purchase it!
What is more, Antivirus Live will impersonate Windows Security Center and state that Windows did not find any anti-virus software on your computer and that Windows are not updated. Obviously, the rogue program will suggest you to active Antivirus Live in order to protect your computer. And that’s by the way, the main difference between the legitimate Security and the fake one. The legitimate one does not promote any particular anti-virus software. When this fake anti-spyware application is running, you will also see many fake security alerts. Some of them will state:
As you can see, Antivirus Live is totally useless and even dangerous application. Before you can remove this infection you have to end all processes associated with Antivirus Live malware. Otherwise you won’t be able to run any anti-spyware/virus software. First of all, you have to disable proxy server for LAN in Internet Explorer or use another browser, for example Firefox or Opera.
How to disable Proxy server for LAN in Internet Explorer:
1. Open Internet Explorer. Click on the Tools menu and then select Internet Options.
2. In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.
3. Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.
4. Now download renamed Process Explorer (explorer.com) and terminate Antivirus Live processes. Should be [random]sysguard.exe, for example: wmcqsysguard.exe.
NOTE: Do not reboot your computer after using Process Explorer and terminating Antivirus Live processes.
Now you should be able to download an automatic Antivirus Live removal tool or another anti-spyware application. Most importantly, do not purchase it. If you have already done that, please contact your credit card company and dispute the charges.
Antivirus Live manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ""
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = "1"
%UserProfile%Local SettingsApplication Data[RANDOM CHARACTERS]
%UserProfile%Local SettingsApplication Data[RANDOM CHARACTERS][random]sysguard.exe