Antivirus Soft is malicious software from the family of Antivirus Live. This malware makes entry in your PC without letting you think about it. These infections are installed in PC with help of malicious PDF file which are responsible to corrupt older versions of adobe reader. Antivirus soft malware also spread through scamming sites and social networking sites.
Once this software is installed, it continues to update itself automatically whenever you logs in your window and go online. This malware shows numerous infections which are fake and do not actually exist.
When you will be running, Antivirus Soft they display fake security alerts on the infected computer. The text of some of these alerts are:
. Antivirus Software Alert
. Infiltration Alert
. Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
. Threat: Win32/Nuqel.E
This program uses aggressive techniques to protect itself from being removed by anti-malware programs. Such as -
. When the Antivirus Soft process is running it will close all the running programs by falsely stating that these programs are infected.
. This malware also changes the proxy settings in IE which prevents you from browsing any other site than Antivirus Soft. This is done to force user to purchase this malicious software.
How to Remove it
This malware can hamper your entire computer activity. If you are finding yourself stuck in similar situation, you can use following steps to remove this malware from your PC -
1. Restart your computer. This is important to work on PC in a safer atmosphere. The moment computer restarts, press "F8″ key constantly. Now, use the arrow keys to highlight the "Safe Mode with Networking" option, and then press ENTER.
2. Now Open Internet Explorer, click on the 'Tools menu' and then select Internet Options.
3. In the Internet Options window click on the 'Connections' tab, which would be followed by a click on the LAN settings button.
4. Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.
5. To be more protected, download an automatic virus removal tool which you can find online. There are numbers of automatic removal tool available. After downloading a good tool, run the full system scan and remove detected files.
Antivirus Soft manual removal:
[RANDOM CHARACTERS]sysguard.exe, for example ghrtsysguard.exe [RANDOM CHARACTERS]sftav.exe
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = "1″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ""
Windows XP: %UserProfile%\Local Settings\Application Data\\[RANDOM CHARACTERS]sysguard.exe Windows Vista and Windows 7: %UserProfile%\AppData\Local\\[RANDOM CHARACTERS]sysguard.exe %UserProfile%\AppData\Local\\[RANDOM CHARACTERS]sftav.exe
%UserProfile%Local SettingsApplication Data[RANDOM CHARACTERS] (Win XP)
%UserProfile%AppDataLocal\ (Win Vista & 7)