How to Manually Remove Antivirus Live Malware

Step-by-Step Guide

1. 1

   Step 1: Start your computer in Safe Mode with Networking.

   To access this, reboot your computer and repeatedly hit the F8 key until the Advanced Startup menu opens.
   
   Then select Safe Mode with Networking.
   
   If Windows loads without showing the menu, then you did not hit the F8 key in time, and you will have to retry.
2. 2

   Step 2: Readjust your LAN settings.

   AntiVirus Live hijacks your LAN settings to keep you from properly connecting to the internet.
   
   In order to download the tools you need, you will most likely need to fix these settings first.
   
   This step is not a permanent fix, as AntiVirus Live will reset the settings the next time it loads.
   
   Open Internet Explorer and click the Tools menu.
   
   Select Internet Options from the menu.
   
   Select the Connections tab.
   
   Click the LAN settings button.
   
   Uncheck the box that is labeled “Use a proxy server for your LAN”.
   
   Press OK.
   
   This will keep AntiVirus Live from redirecting you when you open your web browser. , Rename procexp.exe to explorer.com before saving it to your computer.
   
   This will help allow you to run it without AntiVirus Live interfering. , It will be labeled as “sysguard.exe”, with random characters before “sysguard”.
   
   For example, it may be labeled “xjgvsysguard.exe”. , Navigate to %UserProfile%\Local Settings\Application Data\ "(For vista/Windows 7/Windows8
   - %UserProfile%\Appdata\local\)" delete the following folder: \.
   
   The characters will be different for every system.
   
   If you open the directory, you should see the sysguard application.
   
   This means that you need to delete that folder., Open Windows Registry Editor by clicking Start and searching for “regedit”.
   
   Remove the following registry values.
   
   Always be careful when deleting registry entries, because deleting the wrong entries can cause your computer to malfunction.
   
   HKEY_CURRENT_USER\Software\AvScan HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""
   
   Let the computer boot normally.
   
   AntiVirus Live should no longer load and hijack your browser. , If you we tricked into paying for AntiVirus Live, contact your financial institution and dispute the charges to their company.
   
   Inform the credit card company that you were scammed.
3. 3

   Step 3: Download Process Explorer from the Microsoft TechNet website.

4. 4

   Step 4: Use Process Explorer to end the AntiVirus Live program.

5. 5

   Step 5: Delete the application folders.

6. 6

   Step 6: Remove the AntiVirus Live registry entries.

7. 7

   Step 7: Reboot your computer.

8. 8

   Step 8: Dispute your credit card charges.

Detailed Guide

About the Author