BlueFlare Antivirus is a new rogue anti-spyware program from the same family of malware as Sysinternals Antivirus. The malicious program usually installed itself onto your computer without your permission and knowledge, with the help of trojans. When the trojan is started, it will download and install the rogue onto your computer.
During installation, BlueFlare Antivirus will drop a malicious file called csrss.exe to Windows Startup folder, so it will start automatically every time when Windows loads. Once started, it will run the “BlueFlare Antivirus.exe” program, which is a core part of the rogue. Once installation process is complete, the rogue will perform a system scan and “detect” a lot of infected files, trojans, worms, and so on, that will not be fixed unless you first purchase the full version of the program. Of course, this is not necessary.
The scan results, as well as the “system scan”, is nothing but a scam. In reality BlueFlare Antivirus cannot detect and remove any infections, as well as not be able to protect you from possible infections in the future. Thus, you can safely ignore all that the rogue antispyware will show you.
While BlueFlare Antivirus is running, it will display a fake Windows Security Center and a wide variety of alerts, reminders, security messages from Windows task. Some of the alerts:
However, like the scan results, all of these alerts, screens and pop-ups are a fake. Feel free to ignore all of them.
What is more, BlueFlare Antivirus can block the Windows Task Manager and most legitimate Windows applications, so that they will not even start. If you try to run a program, your computer will display an alert from Windows task bar stating that the program is infected and then this program will be terminated. An example of the alert:
As you can see BlueFlare Antivirus is a fraudulent program that you should to try to remove immediately after the discovery on the your computer. Do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove BlueFlare Antivirus and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O2 – BHO: ADC PlugIn – {19090308-636D-4e9b-A1CE-A647B6F794BF} – C:\Documents and Settings\1\Application Data\BlueFlare Antivirus\sbr32.dll
O4 – Startup: csrss.exe
Use the following instructions to remove BlueFlare Antivirus (Uninstall instructions)
It is possible that the rogue will not allow you to run a malware removal tools, then you will need to reboot your computer in Safe mode with networking.
Restart your computer. After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Now you should download Malwarebytes Anti-malware and remove all BlueFlare Antivirus associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. Once installation is complete, you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Now click on the Scan button to start scanning your computer for BlueFlare Antivirus associated malware. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. Make sure all entries have a checkmark at their far left and click “Remove Selected”.
Your system should now be free of the Zentom System Guard virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
BlueFlare Antivirus removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
BlueFlare Antivirus creates the following files and folders
%UserProfile%\application data\blueflare antivirus
%UserProfile%\start menu\Programs\blueflare antivirus
%UserProfile%\application data\blueflare antivirus\sbr32.dll
%UserProfile%\start menu\Programs\Startup\csrss.exe
%UserProfile%\application data\blueflare antivirus\ms.conf
%UserProfile%\application data\blueflare antivirus\blueflare antivirus.exe
%UserProfile%\application data\blueflare antivirus\blueflare antivirus.ico
%UserProfile%\application data\blueflare antivirus\csrss.exe
%UserProfile%\Desktop\blueflare antivirus.lnk
%UserProfile%\start menu\Programs\blueflare antivirus\blueflare antivirus.lnk
BlueFlare Antivirus creates the following registry keys and values
HKEY_CLASSES_ROOT\CLSID\{19090308-636D-4e9b-A1CE-A647B6F794BF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19090308-636D-4E9B-A1CE-A647B6F794BF}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{19090308-636D-4E9B-A1CE-A647B6F794BF}
