Security Antivirus is a new rogue security program, also known as rogue antispyware application. The rogue from the same family of malware as Live PC Care. Security Antivirus is installed through the use of trojans that come from fake online malware scanners.
When the trojan is installed, it will download and install Security Antivirus onto your computer and register it in the Windows registry to run automatically when Windows loads. The same trojan will also drop several files with random names in %UserProfile%\Recent folder (ANTIGEN.drv, ANTIGEN.exe, cid.dll, CLSV.drv, DBOLE.sys, ddv.dll, ddv.sys, energy.tmp, FS.drv, PE.exe, PE.sys, runddlkey.dll, std.exe, tjd.drv). All of these files can`t harm your computer, but Security Antivirus will label them as serious computer infections.
Once running, the rogue will simulate a system scan and report above files as dangerous infections that will not be removed unless you first purchase it. Of course, the scan results is fake, because Security Antivirus is unable to detect or remove any infections. So you can safely ignore all that the program displays you.
What is more, while Security Antivirus is running, it will flood your computer with warnings, fake security alert and notifications from Windows task bar. Some of the alerts:
System alert!
malicious applications, which may contains Trojans, were found
on your computer and are to be removed immediately. Click
here to remove these potentially harmful items using Security Antivirus.
System alert!
Potentially harmful programs have been detected in your
system and need to be dealt with immediately. Click here to
remove them using Security Antivirus.
System alert!
Security Antivirus has detected potentially harmful software in
your system. It is strongly recommended that you register
Security Antivirus to remove all found threats immediately.
However, all of these alerts and warnings are fake and like scan false results should be ignored!
Last but not least, Security Antivirus may block Task Manager and legitimate antivirus and antispyware programs (Kaspersky Antivirus, DrWeb, AdAware, McAfee, Norton AV, etc). Also the rogue will add several lines into HOSTS file so that when you open Google, Yahoo or Bing, you will be redirected to a malicious website.
As you can see, Security Antivirus is a scam which designed with one purpose to scare you into purchasing so-called “full” version of the program. Most important do not purchase it! Please follow the guidelines below to remove Security Antivirus and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Security Antivirus] “C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe” /s /d
More screen shoots of Security Antivirus
Use the following instructions to remove Security Antivirus (Uninstall instructions)
Step 1. Remove Security Antivirus and any associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Security Antivirus infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Security Antivirus removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Step 2. Reset HOSTS file
Run Malwarebytes Anti-malware. Open Tools tab. Under FileASSASSIN label click to Run Tool button. In the open window navigate to C->Windows->System32->Drivers->etc and select HOSTS file. Click Open button. Click YES to confirm. Close Malwarebytes Anti-malware.
Click Start, Run. Type notepad and press Enter. Notepad opens. Copy all the text below into Notepad.
127.0.0.1 localhost
Save this as HOSTS to your C->Windows->System32->Drivers->etc. (Remember to select Save as file type: All files in Notepad). Close Notepad.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Security Antivirus creates the following files and folders
%UserProfile%\Application Data\Security Antivirus
C:\Documents and Settings\All Users\Application Data\SAVSys
C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe
%UserProfile%\Desktop\Security Antivirus.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
%UserProfile%\Start Menu\Security Antivirus.lnk
%UserProfile%\Start Menu\Programs\Security Antivirus.lnk
Security Antivirus creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Antivirus
Tried your advice to rid computer of Security Antivirus but it keeps reappearing everytime i reboot after running Malwarebytes.
Any suggestions???
Karen, probably your PC also infected with a trojan that reinstalls it. Ask for help in our Spyware removal forum.
thanks