How to Remove Security Antivirus, Security Antivirus Removal Instructions
By Bryan on February 10, 2010 | Rogue Antispyware
Security Antivirus is not a regular security software. In fact, it's not a security software at all – Security Antivirus is a counterfeit application pretending to be a computer protection tool. What Security Antivirus really does is create security flaws in your system which then allow other parasites to enter and infect your computer. Security Antivirus is a malicious application disguised as a security program in order to make the user believe that it actually is an antivirus.
The purpose of Security Antivirus is to sell itself to those who fall for it and get convinced that it is a real security tool. In order to achieve this Security Antivirus performs false system scans and displays pop-up security warnings. They urge the user to purchase Security Antivirus which promises to solve the problems that were found. However, it does not remove any parasites as Security Antivirus is one itself. You should remove this fraud upon detection if you want to prevent any computer problems that it might cause.
Security Antivirus websites
securityantivirus.com Learn how to block rogue websitesNew processes created
std.exePE.exe
ANTIGEN.exe
SA345d.exe Learn how to remove malicious processes
New Security Antivirus registry entries created
HKEY_CURRENT_USER\Software\3HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Application Data\345d567\c:\Documents and Settings\All Users\Application Data\345d567\72.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\SA345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\SAV.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\
c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
%UserProfile%\Application Data\Security Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
%UserProfile%\Application Data\Security Antivirus\cookies.sqlite
%UserProfile%\Desktop\Security Antivirus.lnk
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\gid.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\tjd.drv
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\Security Antivirus.lnk
%UserProfile%\Start Menu\Programs\Security Antivirus.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml Learn how to unregister malicious DLL files
Symptoms in a Hijackthis log
O1 - Hosts: 74.125.45.100 4-open-davinci.comO1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 95.211.99.110 www.google.com
O1 - Hosts: 95.211.99.110 google.com
O1 - Hosts: 95.211.99.110 www.google-analytics.com
O1 - Hosts: 95.211.99.110 www.bing.com
O1 - Hosts: 95.211.99.110 search.yahoo.com
O1 - Hosts: 95.211.99.110 www.search.yahoo.com
O4 - HKCU\..\Run: [Security Antivirus] "C:\Documents and Settings\All Users\Application Data\345d567\SA345d.exe" /s /d
How to remove Security Antivirus
To remove Security Antivirus manually you must block rogue Security Antivirus related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Security Antivirus files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.
Scan your computer
More Rogue Antispyware news
Remove Malware Protection Center fraud
Malware Protection Center is designed to look like a decent security program but the looks are deceiving. The tool is actually malicious and fraudulent. If Malware Protection Center reports "infections" on a screen of your PC, it’s Malware Protection Center itself that should be deleted with no hesitation.Malware Protection Center is quite pesky as it loads enormous amounts of counterfeit security alerts. Read more.- Remove Antivirus Smart Protection scam
- Remove Internet Security 2012 fraud
- Remove Smart Internet Protection 2012 malware
- Smart Protection 2012 uninstall guide
- Internet Security Guard removal tutorial
- Remove HomeSecurityEssentials fraud
- WindowsXP Internet Security 2012 removal tutorial
- Remove Windows 7 Internet Security 2012 fraud
- Windows Vista Internet Security 2012 uninstall guide
- System Check removal tutorial
