How To Remove Security Antivirus - (Uninstall Guide)
Article by George Norman
On 12 Feb 2010
The software application entitled Security Antivirus (check out a screenshot below) is not a genuine antivirus program. Security Antivirus is in fact a rogue antivirus from the same family of rogues as Fast Antivirus 2009, Virus Shield 2009, Virus Alarm, Virus Doctor, Malware Catcher 2009, and Virus Sweeper. Security Antivirus, just like all the other rogues from this family, claims to be able to provide “full protection against potentially unwanted software, viruses and malware.” And just like all the other rogues from this family, it cannot protect against any type of malware.

Security Antivirus claims to be able to o all those things to scam you:
  • The first step in the scam is to go get you to believe Security Antivirus is a genuine security software application
  • The second step is to trick you into thinking your computer is infected. In this regard the rogue (once it has been installed on your system) will perform fake system scans (that detect numerous security threats) and bombards you with popups and fake security alerts. Here are some examples:
Security Antivirus has detected potentially harmful software in your system. It is strongly recommended that you register Security Antivirus to remove all found threats immediately.

Advertising

Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Security Antivirus.
Your PC may still be infected with dangerous viruses. Security Antivirus protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.
  • The third step in the scam is asking you to pay for a Security Antivirus license to activate the program and supposedly remove the infection. You know, the fake infection detected by the fake antivirus program Security Antivirus. You see how this is a scam?




Automatic removal guide


Manual removal guide

Stop and remove the processes:

std.exe
PE.exe
ANTIGEN.exe
SA345d.exe
SA83b.exe


Access the Windows Registry Editor and delete the following registry keys:

HKEY_CURRENT_USER/Software/3
HKEY_CLASSES_ROOT/SA345d.DocHostUIHandler
HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER/Software/Classes/Software/Microsoft/Internet Explorer/SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/User Agent/Post Platform "App/7.00195"
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run "Security Antivirus"


Locate and delete the following files:

c:/Documents and Settings/All Users/Application Data/345d567/
c:/Documents and Settings/All Users/Application Data/345d567/72.mof
c:/Documents and Settings/All Users/Application Data/345d567/mozcrt19.dll
c:/Documents and Settings/All Users/Application Data/345d567/SA345d.exe
c:/Documents and Settings/All Users/Application Data/345d567/SAV.ico
c:/Documents and Settings/All Users/Application Data/345d567/sqlite3.dll
c:/Documents and Settings/All Users/Application Data/345d567/BackUp
c:/Documents and Settings/All Users/Application Data/345d567/BackUp/Adobe Reader Speed Launch.lnk
c:/Documents and Settings/All Users/Application Data/345d567/BackUp/Adobe Reader Synchronizer.lnk
c:/Documents and Settings/All Users/Application Data/345d567/Quarantine Items/
c:/Documents and Settings/All Users/Application Data/345d567/SAVSys/
c:/Documents and Settings/All Users/Application Data/345d567/SAVSys/vd952342.bd
c:/Documents and Settings/All Users/Application Data/SADFIOPODIV/SAAKDUPV.cfg
%UserProfile%/Application Data/Security Antivirus
%UserProfile%/Application Data/Microsoft/Internet Explorer/Quick Launch/Security Antivirus.lnk
%UserProfile%/Application Data/Security Antivirus/cookies.sqlite
%UserProfile%/Desktop/Security Antivirus.lnk
%UserProfile%/Recent/ANTIGEN.drv
%UserProfile%/Recent/ANTIGEN.exe
%UserProfile%/Recent/cid.dll
%UserProfile%/Recent/CLSV.drv
%UserProfile%/Recent/DBOLE.sys
%UserProfile%/Recent/ddv.dll
%UserProfile%/Recent/ddv.sys
%UserProfile%/Recent/energy.tmp
%UserProfile%/Recent/FS.drv
%UserProfile%/Recent/gid.drv
%UserProfile%/Recent/PE.drv
%UserProfile%/Recent/PE.exe
%UserProfile%/Recent/PE.sys
%UserProfile%/Recent/PE.tmp
%UserProfile%/Recent/runddlkey.dll
%UserProfile%/Recent/std.exe
%UserProfile%/Recent/tjd.drv
%UserProfile%/Recent/tjd.sys
%UserProfile%/Start Menu/Security Antivirus.lnk
%UserProfile%/Start Menu/Programs/Security Antivirus.lnk
c:/Program Files/Mozilla Firefox/searchplugins/search.xml


Unregister the following DLL libraries:

mozcrt19.dll
sqlite3.dll
cid.dll
ddv.dll
runddlkey.dll


Block access to the domain(s):

www.securityantivirus.com


Tags:
About the author: George Norman
.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular Removal Guide
By George Norman on 19 Feb 2010
If you did not manually install XP Micro Antivirus and the software just showed up on your computer one day, it means that a Trojan
By George Norman on 19 Feb 2010
Software Antivirus, unlike what the name may suggest, is not a security software solution nor is it an antivirus program. Software Antivirus is nothing more
By George Norman on 19 Feb 2010
The irony here is that the name WiniFighter would lead you to believe this is a security software application that will keep malware from the
By George Norman on 19 Feb 2010
PC Security 2009, a rogue antispyware program, is usually distributed by malware that installs the rogue on your system without your consent. The rogue’s installer
By George Norman on 18 Feb 2010
The people with malicious intent that put out the Internet Security 2010 rogue have rolled out another fake security software application, mainly Security
By George Norman on 18 Feb 2010
Personal Anti Malware, a rogue security software application, is usually distributed by Trojans. A Trojan manages to compromise your system, then installs the rogue without
Advertising
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!

HTML Linking Code