Antivirus Live is a rogue antispyware program. It is a clone of widely spread rogue called Antivirus System Pro. The software usually spreads with the help of trojans. Once downloaded and installed Antivirus Live will register itself in the Windows registry to run automatically when Windows loads.
When running, it will start a scan your computer and reports numerous infections to make you think that your computer is infected with trojans, spyware and other malware. Then Antivirus Live will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are fake and don’t actually exist on your computer. So you can safely ignore them!
Antivirus Live blocks the ability to run any programs. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
What is more, while Antivirus Live is running , you will be shown fake Windows Security Center, nag screens, warnings and fake security alerts from your Windows taskbar. The rogue will also change the proxy setting of Internet Explorer to redirect you to the Antivirus Live site.
As you can see, Antivirus Live is a scam. Do not be fooled into buying the program. Instead of doing so, follow these removal instructions below in order to remove Antivirus Live and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [ekwdvdwk] C:\Documents and Settings\username\Local Settings\Application Data\username\gxymsysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
Use the following instructions to remove Antivirus Live (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the explorer.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [wpolkxos] C:\Documents and Settings\user\Local Settings\Application Data\ovugbs\rwjrsysguard.exe
Note: list of infected items may be different, but all of them have “sysguard.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Live infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antivirus Live removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Antivirus Live creates the following files and folders
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
Antivirus Live creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
It was a very helpful tips how to prevent the live virus through computer.
i didnt dl the hijackthis.exe…
i just dl’ed malwarebytes on another pc…put it on my usb….turned my infected pc on…opened up task manager before spyware kicked in….disabled it…installed malwarebytes and did scan…removed…restarted muthafukka is now gone…i swear i got it from mininova as well…:(
but yeh this thing disabled everything….but malwarebytyes is the bomb!!
Got this virus first at home 2 days ago and had to do a system restore before I could even run anything after that ran Spyware doctor sorted. However Yesterday my bro brought his laptop in infected with this. Couldn’t do system restore as he had it switched off! Tried to install Malware Bytes but couldn’t! Sussed out that after when you log on it takes a minute for Antivirus to kick in, CTRL ALT Delete googled the various processes then \
Thank you! I had a lot of trouble since I couldn’t disable the proxy server. I loaded the malwarebytes and hijack this programs onto a usb on a non-infected computer and loaded them on the infected computer before the Virusware loaded. Unfortunately, the Visurware would keep closing them. So, I restarted the infected computer in safe mode, ran Hijack and Malwarebytes. All appears to be perfect now. Many thanks for helping me to be rid of this nuisance.
Shouldn’t this be illegal for them, Antivirus Live, to give your computer a virus (fake or otherwise) that forces you to purchase their software to remove the virus that they themself gave you in the first place? What authority could this company be turned in to to be investigated?
Considering the virus closes Hijack This before it can finish, this information was not helpfull. Thanks anyways – guess I’ll have for format my hard drive and start from scratch.
angelnb, make a new topic in our Spyware removal forum. I will help you.
hey i think my anti virus live is on steroids. it won’t open malware, explorer, task manager, spy doctor etc. i’ve tried every method out there and it won’t work! any suggestions?
Download RKill by Grinler from here.
Before saving rkill.com, rename it first to explorer.exe and click Save button to save it to desktop.
Double click the RKill desktop icon. If you are using Vista please right click and select Run as Administrator.
A black screen will briefly flash indicating a successful run. If the tool does not run and you will be shown a message that stats that rkill is infected, then without closing the message, try to run rkill once again.
Now you can run Malwarebytes Anti-malware.
Thanks heaps. I downloaded malwarebytes on another pc and used the to load it on the desktop. I managed to start it before the antivirus live started. all fixed thanks. My computer would not start in safe mode.
A very big THANK YOU. Its been a nightmare, but your clear precise instructions worked perfectly.
Could not load anything. went to safe mode, ran as explained and now am spyware free
Rosco, try SafeBootRepair to restore Safe mode.
Download it from here.
Hey, this is all a sham! While Antivirus Live is a headache, using the Malwarebytes solution is s sham to. It wants you to buy it, to remove anything it finds. I’m pissed at symantec for not having a removal tool.
very simply:
– open windows in “safe mode”
– search your pc for (sysgaurd.exe) and make sure you check on “search hidden files and folders” from the “more advanced options”
– delete all files contain [random]sysguard.exe, for example: wmcqsysguard.exe.
– to ensure complete removal, scan your pc with malwarebytes
good luck
Where is this website at I had to buy the god dam program to get it to uninstall and would like to talk to them about canceling my account.
Restart your system in SAFE MODE then everything works great!
Thank You
I GOT RID OF “ANTI VIRUS LIVE” FOR FREE
1. I DOWNLOADED “MALWAREBYTES” TO A USB FLASH DRIVE, THROUGH A UNINFECTED COMPUTER.
2. I THEN STARTED THE INFECTED COMPUTER IN “SAFE MODE”. AND INSTALLED “MALWAREBYTES” AND RAN A SCAN.
3. POOF….THE VIRUS WAS GONE !
I TRYED “SPYWARE DOCTER” FIRST AND IT DIDNT WORK.
So far so good. My netbook was infected with this lousy virus.
I did exactly what the instructions said and so far the netbook is working fine.
The sites I was at when I got it was NoradSanta.com and a site with Santa jokes (for my son).
Thanks for the help.
Smed
thanks! worked perfectly, i started in safe mode and the rest worked as expected. this was a life saver!!!!
No luck following anyones advice. Have I got the latest version. Safe mode still has the pop ups saying virus. Rkill says ‘too big a program’ in the black box
Timmyt, ask for help in our Spyware removal forum or try following:
Download exeHelper from here and save it to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up. Press any key to close once the fix is completed.
If the tool does not run and you will be shown a message that stats that exeHelper is infected, then without closing the message, try to run exeHelper.com once again.
Now you can run Malwarebytes Anti-malware.
It worked. Had to use Safe Mode but the steps were right on. Thanks all.
Didn’t go to safe mode. Instead, as soon as PC booted up, CTRL-ALT-DEL to open TaskManager to get rid of the sysguard.exe. Checked proxy settings off in IE. Then ran REGEDIT and got rid of each registry manually. Why didn’t Norton pick this up when it came into my computer?!?!
Just a heads up that I had a case of “advanced” antivirus live, I was looking up football playoff scenarios, and hit a site with a ton of popups (running adblock in firefox, still got them), nothing short of booting into safemode worked for me. Just curious, is quick scan enough, or should I opt for complete scan?
I have XP, and I think I have some mutated version of Antivirus Live, because EVERY removal help site I’ve gone to has failed.
I’ve downloaded everything from Spyware Doctor to AVG to Microsoft Malicious Software Removal, and I’ve done this using firefox, and when I go to open the files, Antivirus Live pops up with a window saying they are infected files and can’t be opened.
I’ve done the thing in Explorer disabling the LAN settings, but Antivirus Live keeps re-enabling it over and over and over and over, and then floods my screen with pornographic adware popups.
I don’t know what else to do. Nothing I’ve done so far has gotten past the downloading-the-file-phase, and I’m at my wits end. Three hours of trying to figure something out, and I’m two seconds away from throwing my computer across the room.
Followed almost to a key- I could not boot using safe mode, I would only get a blue screen moments after selecting the process. AND after I downloaded HijackThis, Antivirus Live refused to let it run. So i restarted the computer and quickly booted up Hijack this immediately, before the malware could actually start playing its evil tricks. this worked, I found only two cases of the “sysguard”, both in 04 as stated. Once I deleted this, my internet explorer worked fine, and since I already had MalwareBits anyway, I was finally able to run it now that HiJackThis cooled off AVL. After the quick scan, I was prompted to restart, which I did. I can find no traces of the malware.
THANKS!!!!!!
Nate, if the instructions above does not help you, then ask for help in our Spyware removal forum.
Danielle, you have used HijackThis before Malwarebytes Anti-malware ?
This is good info, thanks for the help. My friend has this piece of crap virus. I hope he gets it deleted. Thanks!