How to Remove Antivirus Live [Removal Guide]

This guide will give you easy instructions on how to remove Antivirus Live for free.


What is Antivirus Live? (Information)

Antivirus Live is a fake security software which uses fraudulent strategies by displaying false or exaggerated security issues on your computer rather than any legitimate ones to coerce you into purchasing their software.

Antivirus Live is a new malicious specimen from the same group of fake antivirus software as Antivirus System Pro.


Antivirus Live Screenshot




HijackThis Lines Present:

O4 - HKLM\..\Run: [[random file name]] C:\Documents and Settings\GeekPolice VM\Local Settings\Application Data\[random file name]\[random file name]sysguard.exe


Antivirus Live items:

C:\Documents and Settings\GeekPolice VM\Local Settings\Application Data\[random file name]\[random file name]sysguard.exe
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random file name]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random file name]"

---

Follow these instructions to continue:

You have to start computer in Safe Mode by doing the following:

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, keep tapping F8.
  
• Instead of Windows loading as normal, a menu should appear
  
• Select the first option, to run Windows in Safe Mode with Networking.

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.

• Now click on the Connections tab and then the Lan Settings button
  
• Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN.
  
• Click the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

---

1. Please download this removal tool: Malwarebytes' Anti-Malware.



2. Install Malwarebytes' Anti-Malware by double clicking on mbam-setup.exe

3. Follow the prompts. Make sure that Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware are checked. Then click finish.

4. Malwarebytes' Anti-Malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

If you are having problems with the updater, you can use this link to manually update Malwarebytes' Anti-Malware with the latest database

Spoiler:

• Malwarebytes' Anti-Malwares' latest database
  

Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Malwarebytes' Anti-Malware is closed before installing the update.

5. Close ALL open Windows, Programs, File or Folders.

6. Make sure you are on the Scanner tab. Select Perform quick scan then click the Scan button as shown above.

7. Malwarebytes' Anti-Malware will now start scanning your computer for infected files as shown below.



8. When the scan is finished a message box will appear, click Ok to continue.

9. Click Show Results.


10. You will now be presented with a screen showing you the malware infections like shown below. Yours may look different depending on the infection you have.

11. Click on Remove selected


12. When removing the files, Malwarebytes' Anti-Malware may require you to restart the computer in order to do a complete removal. If it dȋsplay a message stating that it needs to restart, please allow it to do so.

13. After that you can close the Malwarebytes' Anti-Malware window, your computer is now cleaned.

To protect your computer from future threats like this, you may want to consider purchasing the Pro version of Malwarebytes' Anti-Malware with real-time protection from this link.

---

If you are still experiencing problems or difficulties following this guide or require any assistance removing this software, please post your questions in our Virus, Spyware & Malware Removal forums for free help.

You have to be logged in to post questions. Registration is free. By registering you are privileged to other virus removal resources in future.

Works a charm, thank you.

OMG! Thank you so much it works! It totally removed that annoying Antivirus Live.

am i really supposed to pay for the Anti-Malware? i have no way of paying for this

ChicagoTed wrote:am i really supposed to pay for the Anti-Malware? i have no way of paying for this

Hello,

Malwarebytes Anti-Malware is free. Simply download and run it.

Awesome, your removal guide worked a charm. I registered here to say thank you!

So i downloaded it, ran it, and now its gone! Thanks dude.

Cheers

I followed the instructions on my XP computer, but the Antivirus Live virus now actually prevents me from apply the change to LAN settings. I also tried to use my task manager, but it stopped me from opening it up.

Any suggestions?

thanks, gm

I went into safe mode before following the instructions above. I downloaded 'Malwarebytes' Anti-Malware' via another PC and transferred it to the infected PC with a USB stick. This has worked fine for me.

Thanks!

OMGosh! Thank you so freaking much for this guide, the fake Antivirus Live is killing me. But I'm glad it now gone.

You will need to run in safe mode for the above procedures to work because the malware will not let you use most commands.

This guide worked as promised, many thanks.

First of all, thank you for all your help.

After running the scan, A couple of the problems detected say :Disables.Security..." Under the Vendor column, and "Registry Data" under the Catagory column. Is it really safe to hit "Remove Selected"?

Jamesruglia wrote:First of all, thank you for all your help.

After running the scan, A couple of the problems detected say :Disables.Security..." Under the Vendor column, and "Registry Data" under the Catagory column. Is it really safe to hit "Remove Selected"?

Yeah, that line is sometimes caused by your actual AV making that setting, but malware has also been known for that same key too, so MBAM removes it.
If it comes back, your AV has restored it and it's legit. You can set it to the ignore list in MBAM.

YES! Thank you so much for your clear and prompt help! It seems to be all fine again! I had somewhat recently had to re-install Windows because of that Police Pro garbage and I went and found another of these stupid things. Thank you again!

I too had the problem of the pop-up stopping me from doing anything. I re-booted in safe mode and was then able to access the geekpolice site, download the malware and implement the cleanup program. Worked like a charm! Thank you!