There are many different types of computer viruses. Some are just annoying, some are malicious, and some take control of your computer to perform undesired operations. These undesired operations range from directing your browser to random websites, or locking down your computer. The viruses that lock down your computer usually want you to pay for something. One such virus is called Anti-Virus soft, and its whats known as a rogue anti-virus program. It locks down your computer claiming you’re computer is infected and it tells you to fix it you need to purchase anti-virus soft. Anti-Virus soft also tends to keep your anti-virus software from working, so you need to find another way to remove it.
This guide will show you how to remove the Anti-Virus Soft program without having to take it to a professional and spend a bunch of cash.
1)Boot your computer into safe mode, by restarting your computer and holding down F8 before the windows logo appears. A list will appear and the list should say
Safe Mode
Safe Mode With Networking
Safe Mode With Command Prompt
2) Click on the Safe Mode With Networking wait for it to boot up. There will be long lines of text, and after a while it will boot into windows with a slightly larger tool bar and icons than you might be used to. Don't worry. This is only temporary, when you boot back normally all your settings will be back to normal.
The reason the safemode desktop looks like this is because safe mode loads only basic drivers necessary to keep your computer running so you can tinker around and remove problems that can be caused by programs that are not part of the bare bones operating system.
Once everything loads Open Internet Explorer. Click on the Tools menu and then select Internet Options.
In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.
Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.
This removes the proxy settings AntiVirus Soft sets up, make sure Firefox and any other browser you use has the correct proxy settings.
3)Now the killing blow:
Kill processes:
[RANDOM CHARACTERS]sysguard.exe, for example ghrtsysguard.exe [RANDOM CHARACTERS]sftav.exe
INFO:
how to kill malicious processes
WARNING BE CAREFUL IN THE REGISTRY, DO NOT DELETE OR ADD ANY INFORMATION OTHER THAN WHAT IS BELOW! IF YOU ARE NOT SURE WHAT YOU ARE EXPECTED TO DO ASK ON A TECH FORUM BEFORE DELETING.
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\AvScan
INFO:
how to remove registry entries
Delete files:
FOR Windows XP: %UserProfile%\\Local Settings\\Application Data\\\\[RANDOM CHARACTERS]sysguard.exe
FOR Windows Vista and Windows 7: %UserProfile%\\AppData\\Local\\\\[RANDOM CHARACTERS]sysguard.exe %UserProfile%\\AppData\\Local\\\\[RANDOM CHARACTERS]sftav.exe
INFO:
how to remove harmful files
Delete directories:
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\ (Win XP)
%UserProfile%\AppData\Local\\ (Win Vista & 7)
Now reboot! You should have successfully removed Anti-Virus Soft. Please keep in mind that anti-virus soft might not have been removed this way, and if the problems persist you will need to find another way to remove anti-virus soft.
No comments:
Post a Comment