rouend welcome to the darkside

Pr0n!

Antivirus Live is a Rogue Antispyware software. New security tools appear online every day; can you tell if they are useful programs or fraudulent applications? Advertising techniques used by rogue programs might be even more convincing than advertisements of real security tools. How can you recognize a scam? 

1. It is installed without your permission.

If a program is installed without your consent, it indicates either a computer parasite or bad attitude of the creators of the program. Regular software can’t magically appear on a machine without your permission. However, not every program is fraudulent and malicious if it is installed without user’s agreement. Software already installed on a computer may offer new additional tools and they may even install those new products automatically. These actions are usually defined in settings of the program and in the license agreement. 

2. Its reputation online is terrible.

Doing a little research online is always worth the time spent. If the program is reputable, you will find reviews on at least several different websites. And if the program is not genuine, most of the results you find will advice how to delete the software. Unfortunately, some of the rogue programs are advertised on fraudulent websites in order to trick people into buying the fake security tools. 

3. The official website is poorly built and lacks basic information.

Running a website doesn’t cost much and it’s not as difficult as it may seem to be. This is the reason why there are plenty of fraudulent web sources; however, creating a functional website takes much efforts and time and money. Scammers rarely bother to spend time and money for websites that get closed and banned in a week; this can help you to recognize a fraud. 

If the official website of software is full of logic mistakes and spelling mistakes, it shouldn’t be trusted. Lack of contact details and basic information about a company is also a symptom of a phishy deal. 

4. The payment website is suspicious.

There are plenty of websites dedicated to payment but the most majority of them are not reputable. If you decide to purchase a license of new software, make sure you know what kind of payment system is used. If you have never heard about certain payment system before, it’s better to back off. If you pay for something via fraudulent website, you lose the money, your online banking account and it may even lead to identity theft. If the payment system is reputable, you can trust the software too since reputable companies don’t cooperate with scammers. 

If the payment page is secured, the address bar should be yellow on the most popular web browsers. There should also be a closed padlock icon next to the address of the website. 

5. Performance of the program is poor.

If the program doesn’t do a thing, why should you pay for it? The majority of fake security applications slow down a computer considerably because they use lots of system resources but they don’t perform any actions. If the program is only capable of loading pop-ups it’s most likely not a security tool. 

While Antivirus Live is running , you will be shown fake Windows Security Center, nag screens, warnings and fake security alerts from your Windows taskbar. The rogue will also change the proxy setting of Internet Explorer to redirect you to the Antivirus Live site.As you can see, Antivirus Live is a scam. Do not be fooled into buying the program. Instead of doing so, follow these removal instructions below in order to remove Antivirus Live and any associated malware from your computer for free. 

Symptoms in a HijackThis Log

O4 – HKLM\..\Run: [ekwdvdwk] C:\Documents and Settings\username\Local Settings\Application Data\username\gxymsysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe 

Use the following instructions to remove Antivirus Live (Uninstall instructions)

Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK. 

Doubleclick on the explorer.exe on your desktop for run HijackThis. HijackThis main menu opens. 

Click “Do a system scan only” button. Look for lines that looks like: 

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [wpolkxos] C:\Documents and Settings\user\Local Settings\Application Data\ovugbs\rwjrsysguard.exe 

Note: list of infected items may be different, but all of them have “sysguard.exe” string in a right side and “O4″ in a left side. 

Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis. 

Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer. 

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish. 

If an update is found, it will download and install the latest version. 

Malwarebytes Anti-Malware Window 

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Live infection. This procedure can take some time, so please be patient. 

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below. 

Make sure that everything is checked, and click Remove Selected for start Antivirus Live removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.