Antivirus Live

Antivirus Live Description

Type: Rogue AntiSpyware Programs

Antivirus Live is a misleading security program from the FakeSpyPro family. With the help of sneaky backdoor Trojans, Antivirus Live is able to spread to different computer systems. Antivirus Live scares users into purchasing its bogus security program by producing fake scan results of alarming parasite infections on a PC. The display of multiple pop-ups also assists Antivirus Live into persuading the computer user to purchase the conveniently recommended and useless Antivirus Live. Antivirus Live may also disable certain security settings and block its removal via the Control Panel or Safe Mode. Removing Antivirus Live with a legitimate anti-virus program is strongly advised.

The Antivirus Live family has numerous members. Among these members are AntiSpyware Soft, Antivirus System Pro, Spyware Protect 2009, Security Central, Antivirus Soft, Antivirus Suite, Antivir Solution Pro, Security Suite, Malware Destructor 2011, Antivirus Action, Antivirus Scan, PC Security 2011, Antivirus .NET, AntiVira Av, AntiMalware GO, Antivirii 2011, Antivirus Monitor.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
McAfee+Artemis Artemis!1F84ACCB79A7
TrendMicro TROJ_FAKEALE.SMQ
Sophos Troj/FakeAle-PG
Panda Trj/Zlob.KH
Microsoft VirTool:Win32/VBInject.gen!BW
McAfee-GW-Edition Heuristic.LooksLike.Win32.Trojan.C
McAfee FakeAlert-IE
K7AntiVirus Trojan.Win32.FraudPack.qyx
Ikarus VirTool.Win32.VBInject
Fortinet W32/FakeAle.PG!tr
eTrust-Vet Win32/AntivirusSystemPRO.A
eSafe Win32.VirToolVBInjec
DrWeb Trojan.Fakealert.4818
Comodo ApplicUnwnt.Win32.Adware.SpywareProtect2009._20
ClamAV Trojan.Fraudpack-232

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Antivirus Live

File System Details

Antivirus Live creates the following file(s):
# File Name MD5 Detection Count
1 %WINDOWS%\sysguard.exe N/A
2 %WINDOWS%\system32\iehelper.dll N/A
3 nworsysguard.exe b54ed44807c881ca78a1d2a6fea14099 0
4 wnwgsysguard.exe 93c47219e8721f3b7a0b767ee61b3b3e 0
5 feflsysguard.exe cb3f6e6d9d9fc81d672a3ec81c827222 0
6 acsqsysguard.exe 62698cc20a087a4c84113a9f3d526337 0
7 pxhrsysguard.exe 52092c53770a70d71513fce53bd18254 0
8 savhsysguard.exe bcfe50fc2015af7beed9a09577be201d 0
9 wegtsysguard.exe e0894e07721b5c1a3b45496cee46ebf9 0
10 rxissysguard.exe bcc5224931234ff7bd8e425187f03e44 0
11 yobosysguard.exe 4854d10e95f193d0a45e40bf35eaafa9 0
12 njgksysguard.exe 66f572887ba65b8bf962fb175f8e8928 0
13 sgnfsysguard.exe 0040e19bdeff2f26495e8ff8c1c86d78 0
14 itqqsysguard.exe 6870c6219d5ac6a35343e19f84cb6c0e 0
15 oxclsysguard.exe 3d93f631ff53756c95aa7460c550005b 0
16 ynrasysguard.exe a9131bccdc09b4e39fdf093461fd28f7 0
17 mbnqsysguard.exe 25a48948ed84b17285af017af9a20d6e 0
18 ufwfsysguard.exe 6c4cb999488bad4901af7a712406ad67 0
19 oslksysguard.exe ebf37dd60c6a7cefdc4aa7d345b18114 0
20 cxwysysguard.exe 9e9960c07ae6036d3dfe8edf23134c26 0
21 anbesysguard.exe aa14cf58d92c00c2353b814ac079ae8d 0
22 ygdpsysguard.exe 1110c115e63bd0073b794799f56d8967 0
23 pbuqsysguard.exe e1b00f75057a2bc221b33f6ca5cbcf6a 0
24 pxwksysguard.exe 75351c346ad3fe2f5334d2b608516f25 0
25 bcvksysguard.exe f2c0148943b89d1c9abaf5d94affd171 0
26 qdcwsysguard.exe e52c3e7526055190fef2ec3d79b075c6 0
27 gjqcsysguard.exe 3fcb8b29edf41e38e41c76970182920f 0
28 xinpsysguard.exe e3354fc6813d4876f7a9095fd7345368 0
29 nswosysguard.exe 1f84accb79a737e17b97b6ea2c6f64f0 0
More files

Registry Details

Antivirus Live creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\AvScan
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

71 Comments

  • Mike:

    How do your remove this if the virus will not let you access the net or your CD drive? The virus only allows you to access the Antivirus Live site! It will also not allow you to run your sercurity program and remove it.

  • CagedTech:

    Mike: You have a nasty rootkit designed to block other security software from executing and leaves the rogue anti-spyware program as the only tool you are allowed to use. This requires a special type of removal. This article explains how rootkits block security software http://www.enigmasoftware.com/trojan-rootkit-gen-variants-block-security-applications/.

    Luckily, when you purchase SpyHunter you can use the Spyware HelpDesk which offers free custom fixes for hard-to-remove malware. The Spyware HelpDesk allows direct access to our team of skilled technicians that are able to remotely assist you, even guide you through each step, and generate a fix to your unique infection.

  • adriana:

    hi your article says everything i have but once i download the program to remove Antivirus live i download it and then it donsent let mi access the program you suggested to d.load! because the security warning pops up on it.! please help me i'm getting frustrated!.

  • Jeff Glasstetter:

    HI, I was able to get Antivirus Live from popping up on my screen after startup. You need to go into "msconfig" in the "startup" tab disable "gxqwssysguard" from starting. Then you will be able to go in and uninstall Antivirus Live's components.

  • jesse :

    ANTIVIRUS LIVE - Malware

    If you get this on a PC, it's a bitch to remove, but here's how you do it. It wont let you open regedit or even a command prompt, but it's slow to load, so:

    Log out of PC in question, and log back in again.

    AS FAST AS YOU CAN, Right click on the task bar and open task manager.

    Find the process: [random]sysguard.exe, for example mscqsysguard.exe and stop it.

    Then run regedit and back up the registry to another location, such as a flash or network drive.

    delete the following registry keys:

    HKEY_CURRENT_USER\Software\AvScan

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyOverride" = ""

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

    Then, delete the following files: %UserProfile% is any user with a folder in the documents and settings folder

    %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\
    %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[random]sysguard.exe
    %UserProfile%\Local Settings\Application Data\(any files not in a folder that are in this tree)
    %UserProfile%\Local Settings\Application Data\sysguard.exe

    Tell the Virus: GOTCHA BIATCH!!

  • Bob Evans:

    Thanks Jesse. Your solution was right on target. That was one nasty experience. My antivirus supplier was Symantec Norton 360. They were hopeless. Tried to make another $139 on top of what I have already paid them for virus software that did nothing to protect me.

  • EncompassIT:

    I am a Systems Administrator for an IT company, and I have seen this particular virus at least 10 times in the last week. Anyone else notice this? Is there any information of its origin?

  • Jamie:

    You can gain access to the internet again by opening IE and going to Internet Options\connections. Once in connections, go to the bottom of the window to "LAN Settings".

    Uncheck "Use a proxy server". Now you can get back on the Internet. You can update malwarebytes as well.

  • Daniel:

    Worked like a charm. I feel like I just beat a game...

  • Doug :

    Jesse,
    Right on with the log off and click task manager, did it and found what to remove and Bingo the nast thing was gone, thanks again for the info

    Doug

  • Bob:

    THANKS THANKS THANKS SOOOOOOOO MUCH JESSE!

  • JoeMama:

    Great Help!

    I had a machine that blue screened on safe mode so I used your directions to remove this crapware.

  • happy gilmore:

    hey guys thanks for your help i also found out that if you go to a restore point like a month earlier than when you got the virus it'll work to. thank you again you guys saved my bacon, yall gave me a place to start.

    thanks again

  • John I:

    Jesse you are a god. I could not find a cure for this and worked on it for close to 6 hours. Your note above cured it for me. Thank you...Thank You....Thank You.....Thank You...Thank you..

  • peys_mommie:

    had this on my work pc, but instead of trying to beat the program to get msconfig up, I just simply rebooted in safemode. Push F8 immediately when it reboots up on XP, this will allow you to work without rushing and hurrying. It took me a few mins to do what needed to be. The scan was the longest part of the process.

  • KC:

    Thank you soooooo much for the instructions, Jesse!
    I had this virus (or at least the older version of it) last year, it was the nastiest thing ever, had to reinstall Windows.
    This has been great help -thanks again!!!

  • JR:

    I followed Jesse's steps, and everything seems to have worked fine. I'm not having issues at start-up anymore or anything.

    I didn't find a few of the keys mentioned above, or any of the files, so I was unable to delete them all. I did find and delete the 1st 4 that are listed. Is there somewhere else I need to look? Could the un-deleted files still give me problems?

    Hoping that I've gotten rid of enough of the virus to keep from causing any future problems...please let me know if this isn't the case.

  • organic girl:

    It's really weird it attacked me last night. Don't know if I should spend $199.00 for Geek Squad at Best Buy to remove it versus doing it myself because I'm scared I won't get all of it off my PC. I hope I don't have to have my hard drive reformatted?

  • Nathan:

    Jesse, you’re the best! Got the malware this morning, followed your instructions, and I’m up and running again this afternoon. I was missing a couple registry keys that you mentioned. I couldn’t find these:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings”ProxyOverride” = “”
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS]”

    Also didn’t find this file:

    %UserProfile%\Local Settings\Application Data\sysguard.exe

    Maybe it’s because I pulled the plug on my computer when the pop-ups started and the virus didn’t have a change to fully deploy. BUT, here’s what I did find. I searched all local drives for files modified today. I found this file:

    %UserProfile%\AppData\Local\Temp\1073.exe

    My address above is a little different than yours. I’m using Vista. Not sure what you’ve got. The important thing is the “1073.exe” file has the same icon logo (yellow with red dots), same size, same modification date & time (7:04 AM), same company (tzuk), and same file description (Sandboxie Start) as the “sysgaurd.exe” file. So I deleted this file and all other files modified from 7:04 AM until I shut down. A Google search for “1073.exe” brought me back to the same torrent website that originally gave me the virus.

    Now that it's gone, I hope, is there a way to prevent future attacks?

  • chucky:

    What a genius you are Jesse worked perfectly.

    Also, might add do a "search" on sysguard.exe to hunt down any stray remaining artifacts.

  • landman:

    It took me forever to get rid of this. Thanks for all of the pointers. McAfee was of no help, and I was lucky to find this site.

  • Eva:

    Thanks Jesse -worked like a dream!

  • Joann:

    Jesse you are the BEST! I would kiss you if I saw you, believe me I am pretty enough for you to like it! Thank you Thank you!!!

  • scared:

    I had this virus today . I beat it in my own way but I want to make sure I know what to do if it ever comes back. What really frightened me was the way it prevented me from using basic Windows applications. As someone mentioned it stopped regedit from working. I also tried to use MSpaint , notebook, media player and sound recorder. They all were prevented from working with the same very convincing Windows style warning message. ".....mspaint.exe cannot start because it's infected with a virus. .......anti virus now." I can't believe it's possible to hack into Windows programmes like that. How do they do it?

  • scared:

    I mean usually something like this stops everything to do with internet. I had unplugged my internet connection maybe because I wanted to relax and listen to some music instead before having to worry about dealing with a virus. That's what's really annoyed me about this attack. I really want revenge now for taking over my whole PC even when I wasn't using the internet. They need to be caught and publically executed.

  • Christan:

    Please help!! I got this virus last night and shut my computer down to restart. Now my monitor won't come out of sleep mode to even try to run any troubleshooting!! How in the world do I fix that and does it mean that my harddrive was wiped or is corrupted? I have no problems wiping the harddrive as it's still pretty new, but I need to be able to do that and can't figure out how w/out a monitor.
    I even tried using my son's monitor and that didn't work either. I really don't want to pay the money to use geek squad when I know I can clean this myself if given the chance!
    Thanks!

  • scared :

    I madde this video about my experience http://www.youtube.com/watch?v=DZAZO00vYqs
    I took this other short video to try and record how none of my offline applications were allowed to work either http://www.youtube.com/watch?v=tSU1vBnw4H0 as I could not use mspaint.exe to save any screenshots. The same message appeared for every application I tried.
    It's hard to say what to do about your monitor not coming out of sleep. I hope by now you've fixed it. It's not easy to imagine what it's like to have that problem. I once overclocked my PC and got no picture on my monitor. With my little knowledge I was quite fortunate that I was able to reset the BIOS . This was a long time ago but there was one of those connections like you have on the back of hard drives to set them to slave / master etc. You have to take it off , restart the PC and then replace it to get your BIOS setings back to default. Or maybe if you try holding down "escape" "del" or "F8" you might get the setup page for the BIOS or SOMETHING.
    Sorry , I knwo it's a nightmare, hopefully someone eles will be along to help soon.

  • scared:

    It's always handy to have a spare PC to use. If nothing else works remove your hard drive from your PC . Set it to slave . Insert it in your son's PC and when you switch it on you will be able to format it as an extra hard drive that will have no effect on your son's PC's operating system. It will just be like any removable storage. You could even save any files you don't want to lose and retrieve them later. There is always the possibility it's just a coincidence and that it's another problem unrelated to the virus that would have happened anyway. I've had that nightmare before. That's another thing about these viuses. They can send you on a wild goose chase for days trying to figure out what's wrong and then you could find out it's quite simply a power supply fault. Those bastards.

  • Christan:

    Scared--thanks for the note. I have not been able to get it to work and yes it's a nightmare! I've never had a virus before, my biggest issue is always not enough memory or stupid stuff. I will definitely try your ideas though. I have tried holding down F8 and esc., don't think I tried delete. I'll be investigating my monitor later today!! Hopefully it works.
    Still open to any and all suggestions, if anyone has any. In all the research I have done online, not one comment has said anything about this spam messing with the monitor. I am at a loss!

  • scared:

    Obviously you leave your son's hardrive in the PC. You add your's as an extra . Ithinkyou will have understood that. That reset bios "switch" is usually near the power connections at the bottom of the Motherboard. I think it must be obvious to find - it connects 2 pins for no other reason than it can be disconnected and reconnected.
    No more ideas. I think it must be the BIOS thing that you need to try . I can't see how your operating system on the hardrive could get it's command to the monitor before going through BIOS startup. Try disconnecting the HD and start the PC without it just to make sure but I'm fairly certain it won't make any difference.

  • scared:

    Check your Motherbord manual to see how to reset BIOS to default. It's a long time since I did it there may be a new sytem for modern PCs.

  • Michaela:

    I have antivirus live on my computer. After spending most of my Sunday, following ever advise I could find online. Nothing worked for me. Computer would not start in safe mode, proxi setting in IE, kept going right back after I unchecked it about 100 times. You name it I tried it. My computer is not in the shop and even my computer guy, is at the end of his rope and is reformating my computer.
    My son, just called me from college and told me the same thing showed up on his computer last night. He is in the middle of his disertation and eventhough he backs up all his data and emails it to himself. He got frustrated and actually paid them $79. It went away right away. It will cost me more to get my computer reformated. My fear is that they now have his credit card and his computer probably still has their program on it. Any advise for him. I already told him to call his bank and get a new credit card.
    Help
    Michaela

  • CagedTech:

    Hi Michaela!

    His first mistake was that he got frustrated, gave up and paid them. That's the whole point of ransomware. Now they have his credit card information. Your initial advice was correct. He should report the transaction to his bank without delay! Also to prevent further charges, he should ask the bank to reissue him another credit card and close the old one because the scammers will continue to charge the credit card bits at a time.

    The other issue is that he now has a rogue anti-spyware program installed in his computer. Just because his computer is back to "normal" does not mean that the computer is secure and clean. There could be malware, which may have initially installed the rogue program, laying dormant only to attack later, or there are hidden files designed to change computer settings or disable key functions like the Task Manager.

    He has to remove the rogue anti-spyware program he paid for and the malware that caused the problem in the first place. There are plenty of popular and well-known anti-spyware programs that he can use to remove the rogue anti-spyware program.
    If the rogue anti-spyware program is still in his computer after using several anti-spyware programs, he can have a go at it with our Spyware HelpDesk ( http://www.enigmasoftware.com/products/spyware-helpdesk/) which puts him in contact with one of our technicians who can diagnose his computer and provide a fix that is specific to the problem that he has on his computer. The Spyware HelpDesk comes with SpyHunter and what's great about it is that everything is done automatically. He click a button to generate and send a diagnostic report of his computer, a technician takes a look at it and comes up with a unique fix and sends it via SpyHunter so when he updates SpyHunter the fix is already available.

  • scared:

    That is really sad about this guy giving his credit card details. I once asked my bank if there is any way to stop people taking more than what they say when paying with a credit card online and they said "no, but...." Sorry but that $79.99 could be $1000. I would never buy anything from a website with my credit card unless I was 100% sure about it.
    I can clearly recall when I caught the virus and from which site so i dared to go back and make a video of it. DO NOT VISIT FLMSDOWN dot NET http://www.youtube.com/watch?v=fnsfjW7YF0E .
    I have one IP source that is bothering me . I wrote down on a piece of paper some IP sources at the time because I couldn't use notepad. I keep seeing this one and get dropped packets from it. It may be because I had Veoh Webplayer that use to start automatically but I blocked it. ip68-140-30.ri.ri.cox.net
    The other ones I noted down at the time but which no longer appear are the ones I think are the culpits. From Poland 81-219-136-242-adsl.inetia.pl amddynamic-78-8-69-231.sp.dialog.net.pl
    There are alot of these fake antiviruses like Ativirus Live with different names but are all the same scam as far as I can see. There is a great real time video just gone up on Youtube "PC Guard 2010 Analysis and Removal" which shows just how scary an attack is with the deceptively similar Microsft Security Center design.

  • scared:

    I just thought - most credit card companies insure aginst online fraud so I suppose he Michealas son could claim back what he paid as this is a scam. I should imagine those credit card companies will want to hunt down who's responsible because it's going to cost them dearly. I might pass on the information I have to them.

  • Joe:

    Thanks so much for this...it's been a huuuge help...what a blessing you are...<

  • Joe:

    THANK YOU THANK YOU THANK YOU

  • scared:

    I got the name of that Youtube video wrong . PC Guard Live not PC Guard 2010. This is the video address anyway http://www.youtube.com/watch?v=UoT8mZaN7gg It's a really good realtime capture of one of these viruses in progress.

  • shushu:

    im a kid with not very techie parents, so should i go to bestbuy or something, or can i fix this stupid thing on my own?

  • shushu:

    to end the sysgaurd. exe program, do i just click end task? everytime i logon, within the first minute the task manager and regedit get blocked off... im goin crazy

  • scared:

    Restart the PC . Press F8 for startup options. Skip the taskmanager step. Delete as Jesse advised all instances of the Antivirus Live program . e.g. sysguard.exe in regedit.exe.

  • scared :

    Restart the PC . Press F8 for startup options.Select SAFE MODE. Skip the taskmanager step. Delete as Jesse advised all instances of the Antivirus Live program . e.g. sysguard.exe in regedit.exe.

  • shushu:

    i cant run regedit because "application cannot be executed. the file is infected. please acrivate your antivirus."

  • Charlie :

    I was one click away from sending these b@$t@rd$ my seventy bucks. Thanks for the help cleaning this up. I'm sure they've scammed millions of people. They should be arrested!

  • scared:

    Maybe I should have said try to beat Antivirus Live into taskmgr.exe by using the hotkeys , ctrl alt and del pressed simultaneously . Don't press the combination twice though , that will restart the PC. I just experimented with it and there is about a delay of a second before it pops up after pressing the hotkeys. Probably too late to tell you but just in case it helps anyone else struggling to rid themselves of the virus.

  • scared:

    What an idiot I am shushu. I just looked at your question again. Yes you do click "end task" if you can get there in time

  • jpeeltx:

    Another grateful THANK YOU, Jesse!!

  • sal:

    Great info guys. I had this on my home computer and after 3 hours fixed it. Got this on my work computer today and it was a bit more tenacious, taking a bit more time. Did the safe mode operation, and it worked like a charm. I wish I got to this site first though, because the task bar seems like an easier solution. We need to find these schmucks and shut them down I say! I am unpleasantly surprised about how useless my antivirus program was with this (norton).

  • Lori:

    so far i opened the task tray and stopped the programs. Also I obviously clicked not to use a proxy or I couldn't get here. 😛 trying to restore it to previous date before messing around in the registry as that scares the living crap out of me. Hoping it works and tyvm for this site so far.

    ~Lori

  • Lori:

    re update... so far i deleted the first set of files... however i wish to know specifically where the

    %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\
    %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[random]sysguard.exe
    %UserProfile%\Local Settings\Application Data\(any files not in a folder that are in this tree)
    %UserProfile%\Local Settings\Application Data\sysguard.exe

    files are as I am severely nervous about being in the registry in the first place.

    tyvm Lori

  • Lori:

    i found some things that said userprofile and deleted them. there were no precent signs and they did not specifically say what you wrote in, (ie: local settings/application data/etc...) but so far no harm seems to have come and I seem to be rid of this virus.

    I had found another site on my other computer and asked them what to do about this problem and they told me that they couldn't help because I had not posted any logs and that they were deleting my post. Thank whatever higher power you believe in I found this site and you people. I hope you all have wonderful lives and wish nothing but the best for all of you.

    Much gratitude,
    Lori

  • Centurion:

    Hey thanks Jessie..
    Much relieved ..fixed this incidious software/malware cr..p on my sons pc thanks to your help!!
    great job!!

  • Jayne:

    T H A N K Y O U J E S S E!!!!! wow, what a disaster we had. Sunday morning my husband could not get on his computer ...nothing. This nasty pop up - anti virus inc forcing you to buy their protection. Fortunately, we checked on line on my laptop and somehow found this website with all these helpful comments. Found and followed Jesse's directions for deleting files. Didn't find all of them, but deleted most in the list. Thank you for helping us. We don't understand the mentality of people bright enough to do good with this technology but choose to be destructive, deceptive. Just ugly. Anyway...thank goodness for people like Jesse...thank youuuuuuuuuuuuuu! Jayne & Joe

  • sooo glad its gone!:

    Jesse,

    I cant tell you how much I love you right now!!!! You saved my life! the fact that you would post this and help us out shows what a great person you are. thank you again and again.

    xoxo

  • Gus:

    God Bless you Jesse. You are the man!!!!!

  • Stephen:

    I had the antivirus live get on, finally called McAfee to help get it off. They found the program, and files, but right now the network card is not working. Any advice? Will this be a system restore? Thanks,

  • scared:

    Lori, thos files should be in documents and settings with your user profile, "lori" I presume. If you chose your user profile as fred you would see a folder fred in the "document and settings" folder. Sometimes difficult to find because for some reason it's not the same as "my documents". Click on "my computer" then on the harddrive with windows running on it probably C:/ but D:/ in my case because I have C:/ with nothing on . Then you will see it.

  • Dana B:

    Jesse, your instructions worked beautifully - but the icon for antivirus live remains in the system tray. What does this mean? How do I remove icon/eliminate what is causing it?

  • David:

    Thanks very much, Jesse!
    I'm very much intrigued to know how you found the solution. Could you share with us?
    Also, for people affected by this -- you'd better also do a full disk search for sysguard and delete those findings.

  • Jena:

    Thank you Jesse!! I am not a computer person but I followed your instructions (although I had to google to find out where to find the right location) but my computer seems to be free of that nasty thing. A day after my attack my uncle sent out an email warning to watch out for Antivirus Live. I replied that he should also have your great info on how to get rid of it. Aloha!

  • Allison:

    THANK YOU SO MUCH for these instructions. I was unable to find a few of the items though (listed below) and all seems to be well. Thank goodness for Mozilla Firefox which was NOT AFFECTED by this on my computer. I was still able to access the web via my Firefox even during the Antivirus live attack, which is how I found this page.

    Any one have a recommendation for a better anti virus that might actually work against this coming on again? It sounds like Norton didn't do much for anyone with removing or catching it (didn't prevent me from getting this). I am considering switching to McAfee which one person above seemed to receive help from. Any insight would be great.

    Thanks, Allison

    Items I couldn't locate to delete. Note I did do a full system search for sysguard and sysguard.exe and nothing was found so I think I found it all.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings”ProxyOverride” = “”

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″

    Then, delete the following files: %UserProfile% is any user with a folder in the documents and settings folder

    %UserProfile%\Local Settings\Application Data\(any files not in a folder that are in this tree)
    %UserProfile%\Local Settings\Application Data\sysguard.exe

  • Jamie:

    Jesse I just wanted to tell you that you have managed to save a whole year of A Level Coursework, I was about 5 minutes from system restoring my laptop and removing endless media/photography and ICT projects/Courseworks when i stumbled upon this page. You are a GOD my friend. Thank you!

  • Joe:

    frustrated by this malicios virus. had to pay $100 to have it remvoed.
    anythng we can do to have initiate or join a criminal invetigation or class action law suit?

    thanks for your good info.

  • Samantha:

    Jesse is a hero!!

    Btw, for Windows Vista users, the last files are not in Local Settings\Application Data anymore. Windows changed to:

    C:Users\[user name]\AppData\Local

  • Wayne:

    Unfortunately, I am one of those who bought the program to clear all the mess on my computer. Now I backed the files up to a previous date and the Live Virus pro is not on my system, but the charges are still pending on my card acct. Am trying now to figure out how to block the charge for something I do not have.

  • mandy:

    I followed Jesse's instructions and it worked like a charm! I was able to find all of the files and registry keys and delete them, and get back onto my computer. Thank you so much!!

    Now I am having a new problem, though, and could use some assistance. I can get online, but everytime I try to log in to a website with a username & password, my IE crashes and will not allow me access. Is there another step that I am missing? I can view any website, but have an issue when I try to login to personal information. Any ideas???

  • milo:

    lets find these f**kers and bash their head in

  • Frani:

    omg thank you thank you thank you!! Jesse's steps worked great for me as well! I was so scared..I had a similar problem a year ago with Live Virus Pro (something like that anyway) and that was such a nightmare I had to get a new computer! I was not about to have that happen again so thank you soo very much, I was able to find each file thanks to the easy directions!!

  • alicia amarilla:

    no puedo abrir mi correo desde mi equipo

  • Horacio :

    no puede abrir mi correo de3sde mi equipo

  • frostwire:

    I was recommended this website by my cousin. I am not sure whether this post is written by him as no one else know such detailed about my trouble. You are wonderful! Thanks!