Description is a misleading domain that promotes the fake security program Antivirus Soft. The trial version of Antivirus Soft may enter a system via a stealthy Trojan. Once inside, Antivirus Soft will run a fake scan that will detect dangerous malware on the system and advise the user to purchase the full version of Antivirus Soft in order to remove the malware. Victims will then be frequently directed to which is the official or payment page for Antivirus Soft. Do not purchase anything on it is a malicious websites

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random]sftav.exe N/A
2 [random]sysguard.exe N/A
3 [random]sftav.exe N/A
4 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random]sysguard.exe N/A

Registry Details creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http="

One Comment

  • Don:

    Research the /Antivirus Soft issue before you do anything.
    1) could not get onto the web because the virus blocked me.
    2)Spydoctor is a paid program, so when you download it, you still have to pay for it before you can try to fix your computer.
    3) Microsoft and Spyblaster did not detect anything so it would not fix the issue.
    4) You cant use the task manager to help because everything you try to run is shut down.
    5) Shuts down regedit and msconfig as well.

    1) Start in safe mode with a copy of hijackthis and run it.
    2) Delete anything you dont recognize. Delete anything with proxy server on it.
    3) Restart your computer
    4) QUICKLY START HIJACK again. before anything else has a chance to boot.
    Run hijack again
    5) Go into browser tools / internet options /connections /LAN settings / uncheck proxy server.

    Several of the recommended fix I found on line did not work. I dont think it was researched to see if it actually worked.

    I have been running ok for 7 hours now.