Twitist Forums
Where did the Antivirus Soft virus come from? - Printable Version

+- Twitist Forums (http://twitist.com)
+-- Forum: Facebook forums (/forum-14.html)
+--- Forum: Facebook apps (/forum-22.html)
+--- Thread: Where did the Antivirus Soft virus come from? (/thread-72939.html)



Where did the Antivirus Soft virus come from? - Jenni - 05-11-2013 07:01 PM

I read somewhere that someone picked it up on Facebook. Does anyone know where it came from / where most people have gotten it from?


- Sash - 05-11-2013 07:12 PM

Antivirus Soft looks like a perfectly normal and legitimate anti-spyware, but it is fake program that tries to force you in buying an antivirus program so that they make money.
It is advertised on the web as a good antivirus program that will scan your computer for free and discover any potential infections. Once you allow your computer to be scanned for viruses, Antivirus Soft downloads and installs itself onto your computer. Also, your computer can be infected when you download files that contain Antivirus Soft installation files. The second one is even worse because you're unaware of the infection.

To prevent Antivirus Soft use good antivirus software and Firewall, check this:

http://speed-up-slow-computer.com/comodo-review.html

You can removed by stopping this proicesses:
[random characters]sysguard.exe
[random characters]sftav.exe

Remove this registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random charaters]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random characters]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments​ "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Association​s "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\AvScan

Than remove this Antivirus Soft files:
Windows XP:
%UserProfile%\Local Settings\Application Data\[random characters]\
%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]sysguard.exe
%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]sftav.exe

Windows 7:
%UserProfile%\AppData\Local\[random characters]\
%UserProfile%\AppData\Local\[random characters]\[random characters]sysguard.exe
%UserProfile%\AppData\Local\[random characters]\[random characters]sftav.exe


- Gary - 05-11-2013 07:23 PM

Antivirus Soft is a rogue anti-spyware and ransomware program from the same family as Antivirus Live. These infections are installed on to your computer through the use of malware that installs the program onto your computer without your permission or knowledge. It is also common for this rogue to be installed on your computer through the use of malicious PDF files that exploit known vulnerabilities in older versions of Adobe Reader.