How to Remove Antivirus Live [Removal Guide]

This guide will give you easy instructions on how to remove Antivirus Live for free.


What is Antivirus Live? (Information)

Antivirus Live is a fake security software which uses fraudulent strategies by displaying false or exaggerated security issues on your computer rather than any legitimate ones to coerce you into purchasing their software.

Antivirus Live is a new malicious specimen from the same group of fake antivirus software as Antivirus System Pro.


Antivirus Live Screenshot




HijackThis Lines Present:

O4 - HKLM\..\Run: [[random file name]] C:\Documents and Settings\GeekPolice VM\Local Settings\Application Data\[random file name]\[random file name]sysguard.exe


Antivirus Live items:

C:\Documents and Settings\GeekPolice VM\Local Settings\Application Data\[random file name]\[random file name]sysguard.exe
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random file name]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random file name]"

---

Follow these instructions to continue:

You have to start computer in Safe Mode by doing the following:

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, keep tapping F8.
  
• Instead of Windows loading as normal, a menu should appear
  
• Select the first option, to run Windows in Safe Mode with Networking.

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.

• Now click on the Connections tab and then the Lan Settings button
  
• Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN.
  
• Click the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

---

1. Please download this removal tool: Malwarebytes' Anti-Malware.



2. Install Malwarebytes' Anti-Malware by double clicking on mbam-setup.exe

3. Follow the prompts. Make sure that Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware are checked. Then click finish.

4. Malwarebytes' Anti-Malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

If you are having problems with the updater, you can use this link to manually update Malwarebytes' Anti-Malware with the latest database



5. Close ALL open Windows, Programs, File or Folders.

6. Make sure you are on the Scanner tab. Select Perform quick scan then click the Scan button as shown above.

7. Malwarebytes' Anti-Malware will now start scanning your computer for infected files as shown below.



8. When the scan is finished a message box will appear, click Ok to continue.

9. Click Show Results.


10. You will now be presented with a screen showing you the malware infections like shown below. Yours may look different depending on the infection you have.

11. Click on Remove selected


12. When removing the files, Malwarebytes' Anti-Malware may require you to restart the computer in order to do a complete removal. If it dȋsplay a message stating that it needs to restart, please allow it to do so.

13. After that you can close the Malwarebytes' Anti-Malware window, your computer is now cleaned.

To protect your computer from future threats like this, you may want to consider purchasing the Pro version of Malwarebytes' Anti-Malware with real-time protection from this link.

---

If you are still experiencing problems or difficulties following this guide or require any assistance removing this software, please post your questions in our Virus, Spyware & Malware Removal forums for free help.

You have to be logged in to post questions. Registration is free. By registering you are privileged to other virus removal resources in future.

Last edited by Doctor Inferno on 10th April 2010, 5:26 am; edited 8 times in total (Reason for editing : Information Update)

Works a charm, thank you.

OMG! Thank you so much it works! It totally removed that annoying Antivirus Live.

am i really supposed to pay for the Anti-Malware? i have no way of paying for this

ChicagoTed wrote:

am i really supposed to pay for the Anti-Malware? i have no way of paying for this

Hello,

Malwarebytes Anti-Malware is free. Simply download and run it.

Awesome, your removal guide worked a charm. I registered here to say thank you!

So i downloaded it, ran it, and now its gone! Thanks dude.

Cheers

I followed the instructions on my XP computer, but the Antivirus Live virus now actually prevents me from apply the change to LAN settings. I also tried to use my task manager, but it stopped me from opening it up.

Any suggestions?

thanks, gm

I went into safe mode before following the instructions above. I downloaded 'Malwarebytes' Anti-Malware' via another PC and transferred it to the infected PC with a USB stick. This has worked fine for me.

Thanks!

OMGosh! Thank you so freaking much for this guide, the fake Antivirus Live is killing me. But I'm glad it now gone.

You will need to run in safe mode for the above procedures to work because the malware will not let you use most commands.

This guide worked as promised, many thanks.

First of all, thank you for all your help.

After running the scan, A couple of the problems detected say :Disables.Security..." Under the Vendor column, and "Registry Data" under the Catagory column. Is it really safe to hit "Remove Selected"?

Jamesruglia wrote:

First of all, thank you for all your help.

After running the scan, A couple of the problems detected say :Disables.Security..." Under the Vendor column, and "Registry Data" under the Catagory column. Is it really safe to hit "Remove Selected"?

Yeah, that line is sometimes caused by your actual AV making that setting, but malware has also been known for that same key too, so MBAM removes it.
If it comes back, your AV has restored it and it's legit. You can set it to the ignore list in MBAM.

YES! Thank you so much for your clear and prompt help! It seems to be all fine again! I had somewhat recently had to re-install Windows because of that Police Pro garbage and I went and found another of these stupid things. Thank you again!

I too had the problem of the pop-up stopping me from doing anything. I re-booted in safe mode and was then able to access the geekpolice site, download the malware and implement the cleanup program. Worked like a charm! Thank you!

mine keeps saying the run times out

I have downloaded the anti-malware on one laptop and transferred it via a USB stick to my infected laptop and successfully removed the Antivirus live, but now when I open my browser I receive "Internet Explorer cannot display the webpage".
I sorted out the problem of being unable to open task manager by clicking "End Task" before Antivirus could pop up and close it, and I had the same problem whenever I tried to open IE then as well.

Kalakashi wrote:

I have downloaded the anti-malware on one laptop and transferred it via a USB stick to my infected laptop and successfully removed the Antivirus live, but now when I open my browser I receive "Internet Explorer cannot display the webpage".
I sorted out the problem of being unable to open task manager by clicking "End Task" before Antivirus could pop up and close it, and I had the same problem whenever I tried to open IE then as well.

Hello,

To fix the Internet connection problem, try this:


Hello,

• Now click on the Connections tab and then the Lan Settings button
  
• Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN.
  
• Click the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

Open CMD, Reset WINSOCK entries to installation defaults by typing: netsh winsock reset catalog

Reset TCP/IP stack to installation defaults by typing: netsh int ip reset reset.log

Restart your PC.

If it doesn't work, download Winsock XP Fix from here, save it to your Desktop.
http://www.snapfiles.com/get/winsockxpfix.html

Double click on the exe on your Desktop.
Press the "Fix" button, then restart again.

See if you can connect now.

This, unfortunately does NOT work for me. I went into Safe Mode with Networking, ran Rkill (I dont know if advertising is allowed) and than I ran Malwarebytes Anti-Malware (I already had it installed). Did a FULL scan and I removed 12 infected processes that were picked up. I restarted and booted up the desktop normally. Next thing you know, Antivirus Live is still there, warning me and terminating processes. Any help here? Got around 3-4 hours until my dad comes home and finds out I screwed the computer up like, the 5th time. Any help is greatly appreciated. (I just recently registered for this forum and I dont know if I have to make a seperate thread for this?)

Hello,

Open a new topic here: http://www.geekpolice.net/virus-spyware-malware-removal-f11/

We will help you from there.

When i go to restart in safemode it won't let me chose anything. It's like the keyboard is disabled and no of the keys work. What should I do now.

In my haste. I downloaded a similar version which was a rouge version looking for money and infecting the computer as well. There is a difference "Malwarebytes Anti Software" is the free one "Malwarebytes Pro" is bad news. The flag went up for me when it found 1500 errors!!!!
In fact M.A.S cleaned up the Pro version as a bonus after getting rid of Antivirus live. Saved me $39 as well.
I have AVG, PC tools registry Cleaner and Spybot Search and Destroy who are all powerless in stopping Antivirus Live. 3rd infection in two weeks. Hope this one works!!! I'll pay if it does.

I followed your instructions for removing this insidious malware an they worked perfectly. Thank-you so much.

I have the Anti Virus LIVE in my XP
Every time I tried to reboot in safe mode my keyboard doesn't work.
What should I do?

Doctor Inferno wrote:

ChicagoTed wrote:

am i really supposed to pay for the Anti-Malware? i have no way of paying for this

Hello,

Malwarebytes Anti-Malware is free. Simply download and run it.

Another computer cleaned and infection free thankyou so much just saved me hours of heartache trying to get rid of this infection cleaned and back to normal in 10mins. Thanks again

I'm following your directions to get rid of Antivirus live, however, when I try to restart in safe mode by tapping F8 I just get a blank screen. Is there a work around for this or am I out of luck???

Well, I got the safe mode to work and downloaded your fix and..........IT WORKED!!!!!! WOO HOO!!!! No more %^$#(*& Antivirus live popups! Thank you so much! God Bless you and MERRY CHRISTMAS!

IT WORKED I can't thank you enough and i'm sorry to the ones that couldn't get their computers fixed yet but hang in there...i promise you that it really worked otherwise i wouldn't be writing this...the only thing that i was confused on was if you needed to download malwarebytes' anti-malware before or after you began the process but go by the order the directions are in and it is fine...it didn't take no longer than 10mins. to get it completely done...i mean restart/safe mode/download (wait a few seconds before you can download, it is free)/clean up (i had 178 viruses completely removed)/back to normal mode/BROWSE!!!YAY!!

ANY news how to make my SAFE MODE work???

flairlive wrote:

I have the Anti Virus LIVE in my XP
Every time I tried to reboot in safe mode my keyboard doesn't work.
What should I do?

Doctor Inferno wrote:

ChicagoTed wrote:

am i really supposed to pay for the Anti-Malware? i have no way of paying for this

Hello,

Malwarebytes Anti-Malware is free. Simply download and run it.

Flairlive, Is your keyboard faulty? Please try to using another keyboard.

This is the first time I've ever caught something that I couldn't get rid of by the usual means. It literally took over my entire computer except internet usage, and even wouldn't let me go to other virus protection sites on the internet. I followed the removal instructions as best I could considering they were written for IE and not Mozilla, but it still worked like a charm. Thank you.

this was the only site that made it easy for me to follow. im not computer illiterate but i usually have enough antiviruses to keep me from getting one but word of advise.... dont misspell facebook or myspace it ends bad sometimes

Worked like a charm in Safe Mode. I already had Malwarebytes installed on my husband's computer - BUT - as he's not updated it or run it lately (he'll get yet another tutorial and lecture!) this annoying software took over and wouldn't let me run the Malwarebytes.

Once again, Geek Police has saved countless hours of frustration. You guys are the best!

Wow!! Thank you SO much! I normally couldn't get rid of these things if already put on here but this was so easy to understand, I actually managed! This worked perfectly thanks again!

Quick question.

If my desktop is set up where I have an admin partion (which has admin rights), and then a separate partion for myself, and the infected partion seems to only be the one for myself (which does not have admin rights), can I just go in as the admin, download the removal software and run it as the admin.

This assumes I am not logged on as myself, just the administrator.

I tried bring up the machine in safe mode and was having trouble.

Or am I missing something.

um . . . I tried it on safe mode and it says there was nothing, but the antivirus live thing is still there!

I did it on my computer normally and it get it but when it restarts it's still there. . .

the antivirus live is still there as the anti-malware scan is going and the scanning is the only thing i could control and nothing else on my pc

did i miss a step or did something wrong? or is there anything else to do to stop it?

For the folks who have their PC's set up with an administrator account and several non-administrator accounts, like me.

I got the problem as I was logged in as my user name (not the administrator), which does not have admin rights. The only user affected seemd to be me, the others and the administrator accounts were fine.

What I did was , I logged on as the administrator, I downloaded the software, and I ran it (all as the administrator), in regular mode. The malbytes software pick up and deleted several problems.

I then logged off as the administrator, and on as myself, I coudln't go on to the internet until I disabled the proxy lan setting check (see instructions from above), as this was left over from when the problem was created. Once I did this, I could get to the internet, and no move problems.

This is easier then dealing with safe mode, but it presupposed that you have multiple accounts.

Hope this helps

I followed your steps to remove that antivirus live and it really worked for me! Appreciate that! Thanks!

flairlive wrote:

ANY news how to make my SAFE MODE work???

flairlive wrote:

I have the Anti Virus LIVE in my XP
Every time I tried to reboot in safe mode my keyboard doesn't work.
What should I do?

Doctor Inferno wrote:

ChicagoTed wrote:

am i really supposed to pay for the Anti-Malware? i have no way of paying for this

Hello,

Malwarebytes Anti-Malware is free. Simply download and run it.

The new Anti virus live has a fake F8 safe mode screen, so make sure you wait for the true windows safe mode screen or the virus will act like it's going into safe mode with the keyboard disabled.

Good Luck! We had this problem, but had to push F10 when the computer first started then F8.

Hope this helps.

Michael

You're advice was very comprehensible. The directions were simple to follow and very accurate. It works 100%! Thanks for the knowledge!

Two Thumbs up!

I downloaded Malwarebytes' Anti-Malware. I couldn't use the Rapidshare download due to too many people using rapid share and I didn't have a premium account. I used the other link contained in the spoiler. The download went on fine but I can't open up Malwarebytes' now. When I click on it nothing happens. I have tried right clicking and running it as an Admin, right clicking and selecting open and going out of safemode to run it, but antivirus live stopped that one.


[Edit]: I tried logging onto another administrative account, seeing others have success with it. I am still having the same problem where Malwarebytes' won't load. I occasionally get a message from windows saying the program had stopped working and needs to close. I also have Malware Defense that is messing around too, but I found that forum and found the solution to be pretty much the same, run Malwarebytes'.

Last edited by Pleasehelpme on 3rd January 2010, 5:07 pm; edited 2 times in total (Reason for editing : Additional Info)

I have my mothers HP laptop that is infect with both antivirus live and internet security 2010. I don't know how she got these but she can barely turn a computer on let alone run a regular virus scan. Anyways, it's completely crippled the computer. I can't open in safemode, I can't open the control panel, I can't get on internet explorer, and everything I try to run, it closes. I can't even ctr+alt+delete. How can I manually get ride of this thing, I can even run the registry.

You guys are legends, it worked great.

I am still looking for help to get my Malwarebytes' program to work.

I had to run the Anti-Malware twice, once in full scan, to completely remove the virus, but it worked. Thanks so much for the help; excellent site!

Do I need to enable/disable something to allow Malwarebytes' Anti-Malware to run while in safe mode? Everything I try to do to allow malwarebytes' to run doesn't work. Please help, I need to get my computer up and running before school starts up again.

Why does it take so long to get help at this site?

Hi I got the AntiVirus Live virus last night. I found your website and free service this morning. From work, I downloaded the file to my flash drive, since my laptop was at home totally messed up. Your directions were awesome...easy to follow...and my laptop is fixed, as I am typing this to you NOW on it. Thank you SOOOOO much!

You guys are awesome! Worked like a charm after a half hour of frustration at this stupid thing.

I was able to download the malwarebytes off your link, and ran the simple scan in safe mode. Now, computer will not boot at all. Tried hitting f8 during boot, and screen just goes blank/black now. tried everything to get it back, but no avail. Any suggestions? Did I miss something? Oh, one more thing, keyboard seems to be disabled after the initial startup screen.
Running xp pro sp2.

Thanks

Last edited by idorego on 10th January 2010, 4:00 am; edited 1 time in total (Reason for editing : add information)