Posts Comments

AntiSpy Safeguard Virus Removal

By admin on September 14, 2010 Leave a Comment

Update: 10-13-2010 :  After installing this virus about 10 times we found that in most cases this threat is coming with some NASTY worms that are VERY HARD to remove.  The below guide will work for those of you who do not have all the extra BS.  However if your Task Manager is disabled, System Restore Disabled, Regedit disable and the like you may want to consider hiring an expert to remove this threat for you.  http://www.pcninja.com has our vote for a very affordable repair service.  However if it's just the fake security client you can attempt the removal folowing this guide.

Description: AntiSpy Safeguard is a notorious rogue anti-malware program cloned from a set of malicious software: Red Cross Antivirus, Pest Detector, Peak Protection and Major Defense Kit. This rogue product attempts to trick users into purchasing a software license that is completely fake. AntiSpy Safeguard gets installed on a user’s system via Trojan viruses that get downloaded through bogus websites which claim to have security scanners and along with fake video codec packs. Once installed, AntiSpy Safeguard proceeds to load at startup. It then performs fake security scans on the system, returning false results that claim that the computer is severely infected with malicious software. It also displays a large number of fake pop-ups from the Windows taskbar, which warn the user of potential ‘threats’ to the computer. Meanwhile, AntiSpy Safeguard constantly request the user to purchase the ‘full’ version of the software, claiming that the currently installed ‘trial’ version of AntiSpy Safeguard is insufficient to completely clean the system. However, it is important to note that AntiSpy Safeguard is a fake application and therefore its so-called ‘full’ version is just as incapable of scanning or cleaning any system as the ‘trial’ version.

AntiSpy Safeguard

AntiSpy Safeguard

» Download AntiSpy Safeguard Removal Software

If you happen across a copy of this dangerous malware on your system, you should immediately take steps to remove AntiSpy Safeguard. In order to delete AntiSpy Safeguard in a professional way you should stop its processes, delete files and folders and remove its registry entries.

Remove Proxy Setting so You Can Connect to the Internet Again.

Proxy Settings

AntiSpy Safeguard Manual Removal Procedures

The first step you need to take in order to remove AntiSpy Safeguard is to stop the following processes from functioning:

  • antispy.exe
  • defender.exe
  • tmp.exe

Delete AntiSpy Safeguard Files

The next step in the process of AntiSpy Safeguard removal is the deletion of the following files and folders:

  • %UserProfile%\Application Data\PAV\
  • %UserProfile%\Application Data\antispy.exe
  • %UserProfile%\Application Data\defender.exe
  • %UserProfile%\Application Data\tmp.exe
  • %UserProfile%\Local Settings\Temp\kjkkklklj.bat

Now there will be no instances of AntiSpy Safeguard installed on your computer any longer.

AntiSpy Safeguard Registry Removal Procedures

File deletion alone is not sufficient to ensure complete AntiSpy Safeguard removal. In order to remove AntiSpy Safeguard completely, you should remove the following keys and settings from the Windows Registry as well:

  • HKEY_CURRENT_USER\Software\PAV
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "tmp"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "SelfdelNT"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"

At this point it is safe to say that you have completely removed AntiSpy Safeguard from your computer. However, in order to make sure that no additional threads reside in the PC’s file or registry system it is recommended to run a full scan of all data using a genuine antivirus product such as Spyware Doctor with Antivirus.

AntiSpy Safeguard Directories:

  • %UserProfile%\Application Data\PAV\

We see this threat in the above folder and trace files in the Application Data folder. AKA Appdata folder for Windows 7 and Vista users.

Outside Resources:

http://answers.yahoo.com/question/index?qid=20100913210004AAIZ8Fq

http://www.im-infected.com/rogue/antispy-safeguard.html

Filed Under: Virus Removal Tagged With: , , , ,

Comments

  1. Melissa says
    October 17, 2010 at 8:31 pm

    The EXE file is now disguised as hotfix.exe

    Reply

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.