Antivirus Live is a rogue anti-spyware and ransomware program from the same family as Antivirus System Pro. This infection is installed on your computer through Trojans that install it automatically without your permission. Once installed, Antivirus Live will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the scan results it detects are all fake and do not actually exist on your computer.
This program is also very aggressive in how it protects itself from being removed. While the Antivirus Live process is running it will terminate almost all programs that you launch stating that they are infected. It will also change the Proxy settings in Internet Explorer so that you can not browse to any site other than the Antivirus Live site so that you can purchase the program. Using these two methods, the program essentially ransoms the normal use of your computer until you purchase the program or use the guide below to remove the infection.
Restart your pc go into Safe Mode with Networking rather than just Safe Mode. When the computer reboots into Safe Mode with Networking make sure you login with the username you normally use.
Kill the processes first: (random)sysguard.exe
Start Windows Task Manager
Press the following key combination: CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open the Windows Task Manager.
Once the Windows Task Manager is started, click on the Processes tab. The name of all the processes that are currently running are shown in the left column under Image Name. Using your mouse left click on the process you want to kill(sysguard.exe); the process will now be highlighted.
With the process now highlighted, press the “End Process” button on the Windows Task Manager. The process will now be killed.(if you can't open the taskbar,read below for more info)
The infection changes your Internet Explorer settings to use a proxy server that will not allow you to browse any pages on the Internet. Therefore, if you only have Internet Explorer installed,you need to fix this problem so that you can download the utilities needed to remove this infection.
Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.Click on the Connections tab, now click on the Lan Settings button.Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.
Download this Malwarebytes anti-malwware:
http://www.malwarebytes.org/
If you are unable to connect to the site to download Malwarebytes', please go back to proxy setting in the internet option again and make sure the infection has not reenabled the proxy settings.
After you download and install,run an update before you do a full scan of your system.Just delete or remove anything being found.If you can't insta it or having problem to install it.Just change the name of the setup file from mbam-setup.exe to xxx.exe
For manual Antivirus Live removal:
Kill processes: (random)sysguard.exe
Start Windows Task Manager
Press the following key combination: CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open the Windows Task Manager.
Once the Windows Task Manager is started, click on the Processes tab. The name of all the processes that are currently running are shown in the left column under Image Name. Using your mouse left click on the process you want to kill(sysguard.exe); the process will now be highlighted.
With the process now highlighted, press the “End Process” button on the Windows Task Manager. The process will now be killed. If you can’t open Windows Task Manager or if it closes immediately after you open it.
Try this:
Open up C:\WINDOWS\System32 and look for the file named taskmgr.
Make a copy of taskmgr by first clicking on it to highlight it and then press CTRL + C and then CTRL + V. Once this is down you will have a new file named taskmgr - Copy.
Rename taskmgr - Copy to iexplore by right-clicking on it and choosing “Rename.”
Double-click on the iexplore file and the task manager will run without being shutdown.
Delete these registry keys:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "(random)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(random)"
Delete this files:
%UserProfile%\Local Settings\Application Data\(random)\(random)sysguard.exe
Delete this folders:
%UserProfile%\Local Settings\Application Data\(random)\
Or the easier way is to reinstall your OS