Security Antivirus is a rogue antivirus program from the same family of rogue software as PC Live Guard. Security Antivirus uses the time-tested rogue software tactic of trying to scare the user into buying a license for the software. Security Antivirus gets installed on a user’s system via Trojans and fake online anti-malware scanners. Once installed, Security Antivirus creates a number of harmless files on the hard disk, which it later detects as virus files during a number of fake scans performed on the system. It also generates pop-ups from the Windows taskbar, claiming that the system is under threat from viruses. Security Antivirus also gives fake warnings stating that the computer is about to be hacked by an external host. While performing all of these malicious activities, Security Antivirus repeatedly urges the user to purchase a license to the ‘full’ version of the rouge software, claiming that the currently installed ‘trial’ version is insufficient to remove the detected ‘threats’. However, it is important to remember that Security Antivirus is fake software that cannot scan or clean your computer under any conditions.
Security Antivirus
» Download Security Antivirus Removal Software
In order to remove Security Antivirus, you must stop its processes, unregister its DLL files, delete its files and folders and remove its registry entries.
My Security Antivirus Manual Removal Procedures
The first step you must take in order to remove Security Antivirus is to stop the following processes:
- SA345d.exe
- ANTIGEN.exe
- PE.exe
- std.exe
Next, it is necessary to unregister the following DLLs:
- mozcrt19.dll
- sqlite3.dll
- cid.dll
- ddv.dll
- runddlkey.dll
The final step in file removal is to delete the following files and folders:
- c:\Documents and Settings\All Users\Application Data\345d567\
- c:\Documents and Settings\All Users\Application Data\345d567\72.mof
- c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
- c:\Documents and Settings\All Users\Application Data\345d567\SA345d.exe
- c:\Documents and Settings\All Users\Application Data\345d567\SAV.ico
- %UserProfile%\Application Data\Security Antivirus
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
- %UserProfile%\Application Data\Security Antivirus\cookies.sqlite
- %UserProfile%\Desktop\Security Antivirus.lnk
- %UserProfile%\Recent\ANTIGEN.drv
- %UserProfile%\Recent\ANTIGEN.exe
- %UserProfile%\Recent\cid.dll
- %UserProfile%\Recent\CLSV.drv
- %UserProfile%\Recent\DBOLE.sys
- %UserProfile%\Recent\ddv.dll
- %UserProfile%\Recent\ddv.sys
- %UserProfile%\Recent\energy.tmp
- %UserProfile%\Recent\FS.drv
- %UserProfile%\Recent\gid.drv
- %UserProfile%\Recent\PE.drv
- %UserProfile%\Recent\PE.exe
- %UserProfile%\Recent\PE.sys
- %UserProfile%\Recent\PE.tmp
- %UserProfile%\Recent\runddlkey.dll
- %UserProfile%\Recent\std.exe
- %UserProfile%\Recent\tjd.drv
- %UserProfile%\Recent\tjd.sys
- %UserProfile%\Start Menu\Security Antivirus.lnk
- %UserProfile%\Start Menu\Programs\Security Antivirus.lnk
- c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
- c:\Documents and Settings\All Users\Application Data\345d567\BackUp
- c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
- c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
- c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
- c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\
- c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\vd952342.bd
- c:\Documents and Settings\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
- c:\Program Files\Mozilla Firefox\searchplugins\search.xml
Once these steps have been completed, Security Antivirus no longer resides on your hard disk. In order to make sure of this and that the task to delete Security Antivirus has been properly fulfilled it is recommended to scan the entire PC using genuine antivirus software such as SpywHunter.
My Security Antivirus Registry Removal Proedures
Removing files and folders is not enough to completely remove Security Antivirus. To ensure complete removal, the following keys and settings should also be removed from the registry:
- HKEY_CURRENT_USER\Software\3
- HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =”http://127.0.0.1:27777/?inj=%ORIGINAL%”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Antivirus”
After you have completed the removal of these registry entries, your system is completely safe from Security Antivirus.
Delete Security Antivirus Directories:
%UserProfile%\Application Data\Security Antivirus\
Conclusion
Manual My Security Wall removal is not recommended for inexperienced users, as any mistake made due to inexperience could damage the integrity of the system.
Outside Resources:
http://www.2-spyware.com/remove-security-antivirus.html
http://www.bleepingcomputer.com/virus-removal/remove-security-antivirus
Speak Your Mind