Security Antivirus video: (thanks to rogueamp)
Once installed, SecurityAntivirus runs a fake system scan and reports false threats. Then it prompts to pay for a full version of the program to remove the false threats. By the way, this misleading software creates several harmless and fake files on your computer and then detects these files as infections/threats. SecurityAntivirus creates the following files in %UserProfile%\Recent\ directory: tjd.sys, ANTIGEN.exe, cid.dll, PE.drv, ANTIGEN.drv, DBOLE.sys, CLSV.drv, ddv.dll, FS.drv, ddv.sys, energy.tmp, gid.drv, PE.exe, PE.sys, PE.tmp, tjd.drv, ANTIGEN.drv, runddlkey.dll std.exe. These file will be associated with infections listed below:
- Trojan-Spy.HTML.Bankfraud.ra
- Virus.Win32.Faker.a
- BAT.Looper
- Trojan-PSW.Win32.Delf.d
- Trojan-Spy.HTML.Bayfraud.hn
- Trojan-Spy.HTML.Bankfraud.ix
- Trojan-Spy.HTML.Citifraud
- Packed.Win32.PolyCrypt
- and etc.
Now, the worst part is that Security Antivirus blocks Task Manager and other useful system tools. Of course, it blocks security software in the first place. The rogue program installs BHO (Browser Helper Object) and modifies Windows Hosts file (adds 62 malicious entries) so that you will be constantly redirected to various bogus websites. Google search results will be also hijacked, it will display search results from indgala.com instead. As you can see, this program is a total scam. Don't purchase. It you already did that, contact your credit card company and dispute the charges. Then remove Security Antivirus from your computer as soon as possible. We’ve got the instructions to help you get rid of this annoying infection. Please read further. Good luck!
Security Antivirus removal instructions (method #1):
Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.
NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.
Removing Security Antivirus in Safe Mode with Networking (method #2):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.
2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
Security Antivirus associated files and registry values:
Folders and files:
- C:\Documents and settings\All Users\ Application Data\d5fcc6
- C:\Documents and settings\All Users\ Application Data\d5fcc6\72.mof
- C:\Documents and settings\All Users\ Application Data\d5fcc6\mozcrt19.dll
- C:\Documents and settings\All Users\ Application Data\d5fcc6\SA345d.exe
- C:\Documents and settings\All Users\ Application Data\d5fcc6\SAV.ico
- C:\Documents and settings\All Users\ Application Data\d5fcc6\sqlite3.dll
- C:\Documents and Settings\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
- %UserProfile%\Application Data\Security Antivirus
- %UserProfile%\Recent\ANTIGEN.drv
- %UserProfile%\Recent\ANTIGEN.exe
- %UserProfile%\Recent\cid.dll
- %UserProfile%\Recent\CLSV.drv
- %UserProfile%\Recent\DBOLE.sys
- %UserProfile%\Recent\ddv.dll
- %UserProfile%\Recent\ddv.sys
- %UserProfile%\Recent\energy.tmp
- %UserProfile%\Recent\FS.drv
- %UserProfile%\Recent\gid.drv
- %UserProfile%\Recent\PE.drv
- %UserProfile%\Recent\PE.exe
- %UserProfile%\Recent\PE.sys
- %UserProfile%\Recent\PE.tmp
- %UserProfile%\Recent\runddlkey.dll
- %UserProfile%\Recent\std.exe
- %UserProfile%\Recent\tjd.drv
- %UserProfile%\Recent\tjd.sys
- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
- HKEY_CURRENT_USER\Software\3
- HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"
Share this information with other people:
How to remove Security Antivirus fake program? (Uninstall guide)
4/
5
Oleh
soni agus