How to Remove Security Antivirus, Security Antivirus Removal Instructions
By Bryan on February 10, 2010 | Rogue Antispyware
Security Antivirus is not a regular security software. In fact, it's not a security software at all – Security Antivirus is a counterfeit application pretending to be a computer protection tool. What Security Antivirus really does is create security flaws in your system which then allow other parasites to enter and infect your computer. Security Antivirus is a malicious application disguised as a security program in order to make the user believe that it actually is an antivirus.
The purpose of Security Antivirus is to sell itself to those who fall for it and get convinced that it is a real security tool. In order to achieve this Security Antivirus performs false system scans and displays pop-up security warnings. They urge the user to purchase Security Antivirus which promises to solve the problems that were found. However, it does not remove any parasites as Security Antivirus is one itself. You should remove this fraud upon detection if you want to prevent any computer problems that it might cause.
Security Antivirus websites
securityantivirus.com Learn how to block rogue websitesNew processes created
std.exePE.exe
ANTIGEN.exe
SA345d.exe Learn how to remove malicious processes
New Security Antivirus registry entries created
HKEY_CURRENT_USER\Software\3HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Application Data\345d567\c:\Documents and Settings\All Users\Application Data\345d567\72.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\SA345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\SAV.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\
c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
%UserProfile%\Application Data\Security Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
%UserProfile%\Application Data\Security Antivirus\cookies.sqlite
%UserProfile%\Desktop\Security Antivirus.lnk
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\gid.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\tjd.drv
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\Security Antivirus.lnk
%UserProfile%\Start Menu\Programs\Security Antivirus.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml Learn how to unregister malicious DLL files
Symptoms in a Hijackthis log
O1 - Hosts: 74.125.45.100 4-open-davinci.comO1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 95.211.99.110 www.google.com
O1 - Hosts: 95.211.99.110 google.com
O1 - Hosts: 95.211.99.110 www.google-analytics.com
O1 - Hosts: 95.211.99.110 www.bing.com
O1 - Hosts: 95.211.99.110 search.yahoo.com
O1 - Hosts: 95.211.99.110 www.search.yahoo.com
O4 - HKCU\..\Run: [Security Antivirus] "C:\Documents and Settings\All Users\Application Data\345d567\SA345d.exe" /s /d
How to remove Security Antivirus
To remove Security Antivirus manually you must block rogue Security Antivirus related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Security Antivirus files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.
Scan your computer
More Rogue Antispyware news
Remove AV Pipeline, AV Pipeline removal
AV Pipeline is a fake anti-spyware application which enters the system via trojan horse. Trojan comes to your computer via its vulnerabilities and makes a perfect background for parasites to sneak. It downloads and installs automatically without user’s knowledge and consent. Once active it imitates computer scans and shows numerous security alerts and fake warning messages that state about computer infections. Read more.- Remove Malware Destructor 2011, Malware Destructor 2011 removal
- Remove Windows Defence, Windows Defence removal
- Remove SP Center, SP Center removal
- Remove Defence Center, Defence Center removal tutorial
- Remove MegaVaccine, MegaVaccine removal
- Remove White Shark Virus, White Shark Virus removal
- Remove Win7 AV, Win7 AV removal
- Remove AV Defender 2011 Platinum, AV Defender 2011 Platinum removal
- Remove VideoCop, VideoCop removal
- Remove My Security Suite, My Security Suite removal
