How to remove Antivirus Live rogue anti-spyware

Malware Description:
The unsafe program called Antivirus Live (alias AntivirusLive) originates from the same rogue anti-spyware family as the infamous Antivirus System PRO utility which is known to have been playing havoc with computers all over the planet for quite a while by now. Antivirus Live implements its malicious tactics through the involvement of bogus online virus scanners and sneaky trojans that challenge your system defense without letting you know. Having infiltrated your computer in the shape of Antivirus Live freeware, the rogue interferes with the functioning of the critical system processes thus making your PC unbearably slow and redirecting your web browser to insecure websites like Pc-safe2009.com, Pcdoctor2010.com, Spydetect2009.com and many others. In addition to the above symptoms, Antivirus Live issues a great quantity of super-annoying phony alerts and even more obsessive fake scanners. These ads are pre-defined to report certain infections inside your machine in order to scare you into buying Antivirus Live license. In fact, Antivirus Live scanners are just static scripts hence are definitely untrustworthy. It’s highly recommended to take care of Antivirus Live virus before it ‘takes care’ of your computer in its own way and disrupts your Operating System.

Malware Type: Rogue Anti-Spyware

Malware Author: Unknown

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

Antivirus Live Free Scanner and Remover: Download Now

Antivirus Live Screenshot:

Antivirus Live

How to remove Antivirus Live manually:
Manual removal of Antivirus Live is a feasible objective if you have sufficient expertise in dealing with program files, processes, .dll files and registry entries.

The files to be deleted are listed below:

  • %UserProfile%\Local Settings\Application Data\[random symbols]\
  • %UserProfile%\Local Settings\Application Data\[random symbols]\[random symbols]sysguard.exe

The registry entries that need to be removed are as follows:

  • HKEY_CURRENT_USER\Software\AvScan
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random symbols]“
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random symbols]“

Please, be aware that manual removal of Antivirus Live is a cumbersome process and does not always ensure complete deletion of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal Antivirus Live, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Download Antivirus Live Remover

Like This Article? Let Others Know!

Reader's Comments:

  1. Duluem |

    Can you pls forward steps to do, to be able to remove? Cos this Rogue isn’t allowing ne to download the removal software through the Internet.

    Thank you.

  2. admin |

    Duluem,
    There are a few alternative ways you can try.
    1. Enter Safe Mode with Networking (hit F8 key at startup) and download the removal tool in Safe Mode.
    2. Download the remover on a computer that is not infected. Save it to a memory stick or some other device. Move the tool’s installer to your infected PC and run it. If Antivirus Live tells you the file is infected, you should rename the removal tool before moving it to your contaminated PC.
    3. Go to ‘Start’ then choose ‘Run’. Type in ‘msconfig’ and click the ‘Startup’ tab in the Window that opens up. Find a suspicious process that normally shouldn’t be running at startup – we believe it could be one that ends in sysguard.exe. Untick that suspicious process and restart your machine. Try to install the remover now.

    We do hope this works for you!
    Admin

  3. jesus |

    i knew antivirus live was some type of malware from the beginning which is why i havent purchased anything or believed anything it was telling me but the question i have is how do i get it to stop popping up? because it wont let me use my anti-virus programs or nothing. also it keeps bringing up windows that promote adult websites..how would i get all this to stop?

  4. admin |

    Jesus,
    Have you tried Antivirus Live removal instructions above?
    BTW, in case Antivirus Live is not letting you download the removal tool and you try transfer it from a PC that is not contaminted, you might want to rename the remover the moment you start downloading it on the safe computer, not when it’s all saved. This might be of help additionally.
    Besides, the latest version of our remover (Spyware Doctor) should detect this virus and be able to terminate it.

  5. StupidCPU |

    Just got done dealing with this stupid bug. If you are having trouble running your removal tool try either safe mode, which I was unable to do because I’m stupid when it comes to computers or you can beat this program upon startup.
    As soon as your OS starts hit ctrl alt del and start task manager, if you do this before antivirus gets up an d running you can select the bad exe. file be selecting it and end process. The process was named sandbox on my cpu but other people have found it under other names.
    Once this process is stopped you should be able to run your removal tool. It worked for me.
    Again I know zero about these things but this worked for me.

  6. Walt |

    antivirus live will allow the download of spyware doctor but no programs can open even after the download. When I click on spyware doctor to run the scan, the error message always pops up stating: application can not be executed. file is infected.

  7. konwad |

    ok i followed ur instructions…and i went to run and typed in msconfig and the antivirus live stopped me from opening it what do i do now?

  8. conquerer of antiviruslive! |

    My computer was extremely bad! I was not able to open any programs or files. I tried to copy the file onto a disc and open it on to my computer – it would not let me – I could not open any websites, the regedit, or even the task manager. I tried to delete programs to manually delete virus – again, I failed… I was at the point of tears and thought it better to just smash my computer when I remembered “Safe Mode”.
    If the virus is not allowing you to open/run any programs or files, or if too many pop-ups are getting in your way, restart your computer in safe mode. You can find instructions on-line, or, for most microsoft windows programs, restart your computer and before it loads (when it is in the MSDOS opening black/white screen) Push the F8 key, choose to run the computer in safe mode. Then you can delete the main file “sysguard”. You can then restart your computer regularly and follow the removal tips above.

    I apologize if this seems like amateur hour for some but I thought this might be helpful for others so they do not reach the point of frustration I did with this horrible virus.

  9. admin |

    Walt,
    Being able to download the removal tool despite Antivirus Live interference is already some good news considering how aggressive this rogue anti-spyware is.
    When you are starting Spyware Doctor download procedure, please try to rename it to something other than is being downloaded by default, e.g. ‘software.exe’ etc. You see, Antivirus Live tends to encounter any known antivirus tools when they are being attempted to launch, and the virus won’t allow it to open.
    Be sure to try the renaming method.
    Admin

  10. admin |

    Konwad,
    Be quick now and use the removal tool above. Install it and let it take care of the malware.

  11. Some dude |

    The first thing i did when antiviruslive attacked my computer was restart, then as soon as it booted i loaded up task manager and removed the proceses of all suspicious sounding programs, like i dunno. But there was about 5 of them. Once that was done, I researched the program and downloaded some automatic removal program that seemed to work.

  12. Tim |

    Nothing works now. The latest version that an employee of my company (unwittingly) downloaded no longer allows boot in safe mode, no longer allows execution of anything no matter how it is renamed, including explorer, spreads from one account to another faster than we can type anything, and has not been detected by the Kaspersky Rescue Disk or F-Secure Rescue Disk with the latest updates.

    Good Luck!

  13. jigme |

    Great..
    it worked in safe mode.. :)
    jigme

  14. td |

    This thing sucks! Try the safemode thing, that is the only thing that worked for me. I was finally able to download the program that killed it.

Post a Comment: