Belonging to the same family of rogue antivirus software as PC Live Guard, Security Antivirus uses the same tactics as its relatives to try and lure users in to paying for the license of the software. Security Antivirus reaches user systems via fake online malware scanners and through Trojan viruses. Once established on the system, it will create a number of harmless files on the hard disk, which it later flags as dangerous virus files through fake scans of the system. Security Antivirus also displays a large number of fake pop-ups from the Windows taskbar, warning the users of non-existent viruses and hacking threats from remote computers. While bombarding the user with all these false warnings, Security Antivirus urges the user to pay for the license to the ‘full’ version of this rogue software, claiming repeatedly that the currently installed ‘trial’ version cannot remove the detected ‘threats’. It is important to note that the so-called ‘full’ version of Security Antivirus is just as incapable of scanning or cleaning out any ‘threats’ as the ‘trial’ version is.

Security Antivirus

In order to delete Security Antivirus, you must stop its processes, unregister its DLL files, delete its files and folders and remove its registry entries.

File Removal Procedures

The first step you must take in order to delete Security Antivirus is to stop the following processes:

  • SA345d.exe
  • ANTIGEN.exe
  • PE.exe
  • std.exe

Next, it is necessary to unregister the following DLLs:

  • mozcrt19.dll
  • sqlite3.dll
  • cid.dll
  • ddv.dll
  • runddlkey.dll

The final step in file removal is to delete the following files and folders:

  • c:\Documents and Settings\All Users\Application Data\345d567\
  • c:\Documents and Settings\All Users\Application Data\345d567\72.mof
  • c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\SA345d.exe
  • c:\Documents and Settings\All Users\Application Data\345d567\SAV.ico
  • %UserProfile%\Application Data\Security Antivirus
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
  • %UserProfile%\Application Data\Security Antivirus\cookies.sqlite
  • %UserProfile%\Desktop\Security Antivirus.lnk
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\ANTIGEN.exe
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.drv
  • %UserProfile%\Recent\DBOLE.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\ddv.sys
  • %UserProfile%\Recent\energy.tmp
  • %UserProfile%\Recent\FS.drv
  • %UserProfile%\Recent\gid.drv
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\runddlkey.dll
  • %UserProfile%\Recent\std.exe
  • %UserProfile%\Recent\tjd.drv
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\Security Antivirus.lnk
  • %UserProfile%\Start Menu\Programs\Security Antivirus.lnk
  • c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\BackUp
  • c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
  • c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
  • c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
  • c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\
  • c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml

Once these steps have been completed, Security Antivirus no longer resides on your hard disk.

Registry Removal Procedures

Removing files and folders is not enough to completely delete Security Antivirus. To ensure complete deletion, the following keys and settings should also be removed from the registry:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q=searchTerms”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q=searchTerms”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =”http://127.0.0.1:27777/?inj=%ORIGINAL%”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Antivirus”

After you have completed the removal of these registry entries, your system is completely safe from Security Antivirus. In order to make sure that complete Security Antivirus removal has been accomplished it is recommended to scan the entire computer using genuine antivirus software such as Spyware Doctor with Antivirus.

Conclusion

Inexperienced users are advised against attempting to manually delete Security Antivirus, as any mistake you make could cause damage to your operating system. Instead, inexperienced users should make use of a web-based repair service such as www.onlinecomputerrepair.org or legitimate antivirus software when trying to delete Security Antivirus.

Get Social, Bookmark Us!!:
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • del.icio.us
  • digg
  • Fark
  • Furl
  • Ma.gnolia
  • NewsVine
  • Reddit
  • Smarking
  • Spurl