Home Blog

Antivirus Live Removal Guide – How to Remove Antivirus Live by yourself

Posted by in Blog Rogue Program
on November 28th, 2012 | Leave a comment

Antivirus Live is a fake antivirus program similar to Windows Antivirus Release which pretends to be a professional virus removal program with fake security warnings and fake scans. Such rogue programs are very common on the internet. They are promoted in many malicious sites or distributed by downloader Trojans. If you have the program on your computer, you should know more about it. Once installed, Antivirus Live modifies windows registry and can run without users’ approval. It will display scaring security alerts and run fake scan automatically. To make users believe the computer is infected severely, the rogue program will identify legitimate files as malicious or detect non-exist pc threats. Are you going to use the program to remove the detected file? You will find you need to purchase the registered version of Antivirus Live first. It is a trick. The malware will disable task manager, registry editor or security programs to prevent itself from being removed.

If you are one of the victims of Antivirus Live, you just find the right instruction here to get rid of the infection quickly and easily.

Method one: remove Antivirus Live manually
To manually remove the rogue program, you need to have some basic pc skills or you should at least know which processes should not be ended, which files are necessary and which registry entries are legitimate.

1. Open task manager and kill related processes
[random]sysguard.exe
2. Delete following files belonging to Antivirus Live

%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[random]sysguard.exe

3. Open registry editor and remove associated registry entries

HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]“

Notes: when you find task manager or registry editor can not open, try again in safe mode.

Method two: Remove Antivirus Live with a virus removal program
This method is easier than manual way. The key is to find an effective virus removal program. Some security programs are blocked from running or updating by the malware. An effective virus removal program can scan the computer without problems and pick up Antivirus Live files and registry entries completely. The whole removal processes will be simplified to a couple of buttons. For example, Spyware Cease is an advanced antispyware program that can wipe off the rogue program instantly. If you are looking for a quick solution, Spyware Cease is one of the best choices for you.

If Antivirus Live disables access to internet, you need to reset web browser settings or download the antispyware program by a normal pc.

Leave a Reply