Antivirus Live

HI, I was able to get Antivirus Live from popping up on my screen after startup. You need to go into “msconfig”, before AV Live starts, in the “startup” tab disable “gxqwssysguard” from starting. Then you will be able to go in and uninstall Antivirus Live’s components.

HI, I followed jefs instrustions with great results. everyone should folllow these steps

Hey guys, i did what Jeff (above) suggested and it got rid of the programs pop-us and i can now use all my programs. However, now my Internet Explorer acts as if I have no connection and I know that I do. This virus only effects individual user accounts, and while I can connect on one account, the previously infected account will not connect. WHATS GOING ON! PLEASE HELP?

Check your Internet Explorer Proxy settings. The program modifies them.

The virus changes internet explorer settings to run on a proxy. You will need to change the settings to not use the proxy.

i was unable to find that specific file in startup. might it be under a different name?

I too was not able to find that specific file in startup. Do you know of any other names it could be. And once you do, where do you go to uninstall the program? Thanks!

It was called yumksysguard.exe for me. Just disable it and you should be able to work on getting it cleaned out.

I just took care of this problem using the help on this page. Thank you, thank you, thank you. Only thing I had to figure out was how to load msconfig on Vista, which was difficult. When you start up, click on the Vista icon before the virus starts, type in msconfig and hit enter.

Where are these people .. I would like to hire some folks and ask them to find out why the good folks try and destroy other people’s computers and lives.

My solution is go to your last windows restore .. then do a Norton vurus scan.

Does anyone know where these scumbags operate from?

How can Mastercard accept payment for their product?

well i have the same exact problem and i cant even get my msconfig (start up) to load. it blocks that. but however i was able to transfer all my memory and such to my external hard drive. anyone have any other ideas for me to get onto start up other then msconfig? thanks

Jeff’s comment is a great 1st step (and there are only 2). It was called “jbjnsysguard” for me. Looks like they come in varying forms and all end in “sysguard”. I saw it in “msconfig” -> “startup” several times, so you may want to scroll thru the whole list and disable all of them. You need to do this pretty quickly when your desktop loads, before the “Live Antivirus” loads. After it’s disabled, all you need to do is a System Restore back to a most recent date where you know you didn’t have this virus.

the secret to success is all in the timing. After you turn on your computer and windows boots up, wait just until the desktop appears and icons start loading in the systray. (look in the bottom right corner of the desktop) Now queue the task manager (Ctrl+Alt+Del) and it should open before Antivirus live kicks in. In task manager, click on the processes tab and wait until you see a program called XXXXsysguard.exe start. (The XXXX refers to random letters, e.g qtlssysguard.exe or fdtpsysguard.exe) Highlight that program and right click. choose “end program” and then “yes.” That’s step #1. Now click start->search->files and folders and search for “sysguard.exe” (be sure to enable “search hidden files and folders”) Just delete all the entries that show up. Make sure to empty the recycle bin, and you’re done with step #2. There’s only one more step, but I must warn you, it’s dangerous. Like open heart surgery, one misstep and you’ll have a big problem. This virus make changes to the registry files, which are the heart and soul of the computer. if you want to go ahead with it, first backup your registry files and then start->run and type “regedit.” Now look for a folder called “HKEY_CURRENT_USER” and click the little plus next to it. Navigate to the folder labeled “Software” and click that little plus. Look for a folder called “AvScan” and delete it. There are a few more files to go, but they require the alteration of registry values, not the deletion of files. I strongly suggest letting a professional do this part, but if you want to do it yourself, google the phrase “delete antivirus live registry keys” and click a link.

Need help where is msconfig and task manger

for ms config go to start, click on run and type in msconfig click ok. For task manger, all at the same time hold down control, alt, and delete and you task manger will appear

It was under uvlmsysgaurd on my computer..It seems that the prefix changes, but always ends in sysguard. deleting that process at startup, before the program kicks in worked for me but now I have to do the proxy connection thing because I cannot connect to the internet.

I got the virus last night and couldn’t do much so I shut down. I just followed Greg’s advice above for step 1 and 2 and everything seems to be working fine.
My question is regarding the registry keys…. is that a step that needs to be done or will my antivirus that I use (ESET Smart Security) pick up anything else that’s wrong?
Like you mentioned I don’t want to screw anything up so wondering if I should take it to someone to perform this task or if it’s straight forward enough to do myself and again whether it definitely needs to be done.
Thanks…

Hey greg< thanks for the info…..got the virus this morning and was lucky to find this info on the web….but tim had a good question, does that registry key step need to be done?? cuz my computer seems to be working fine, but what ’s really goin on inside?? Thx……

U can run msconfig in safemode and save yourself some headache.

tim and chris:
the registry keys are like instructions for the computer’s operating system. Each key has a value that tells the system to do something. But like gears in a clock, each key has a purpose. Move one clock gear a tiny bit, and the clock could be ruined. That’s why it’s very risky to make changes unless you know exactly what you’re doing. In my first message, I added that last bit about registry keys to be thorough, plus the deletion of HKEY_CURRENT_USER\Software\AvScan is pretty straightforward. While it is true for the most part that the step about revaluing the other registry keys isn’t always neccessary, in some cases they can cause the computer to act up. (slow boot times, error messages popping up) If you followed steps 1 and 2, and afterward your computer worked fine, then I wouldn’t worry about the registry keys.

Thanks all everything worked out great! I did have the problem where I cound not get my internet exploer to work saying I had no connection but I did. Go into Interenet Exploer/Tools/Connection/Lan Settings/ and turn off using proxy server.

I too got infected with AntiVirus Live last week. However, I did not have an AVScan folder in my registry file. The only way I could get rid of it was to boot into Safe Mode w/Networking. Next, go to Internet Explorer > Tools>Internet Options>Connections. Go down to the LAN Settings button > click and then uncheck the Proxy check box. This Malware makes this change and sets you Internet settings so that you can only get to their site to buy a “solution” to the infection. Change the Proxy settings and now you should be able to get to the web in Safe Mode w/networking and then download rkill.com (Google it and there are a number of reputable sites where you can download it for free). Run this file in Safe Mode and it will kill the underlying processes of the malware that prevents you from browsing folders, accessing Regedit, Task manager etc. but will only work in Safe Mode or the malware will kill it. Since the Malware files are in “Hidden Folders”, you’ll need to be able to see them in order to get rid of them. Therefore, open Control Panel then go to Tools from the menu bar and Folder Options> View. Check “Hidden Files and Folders” and Uncheck “Hide Extensions for Known File Types” and “Hide Protected Operating System Files” and then OK.
Then, go to My Computer>Documents and Settings>[your profile]>Local Settings>Application Data. Look for a folder with a random file name (mine was ak3gh) and check the create date on it. If it is in line or close to when you started noticing problems, it’s probalbly one of the culprits. Open the folder and look for an .exe file (usually the only file in there). If you’re not sure whether this is oe of the offending files, Google the file name to ensure it is not a known executable associated with a valid program or update. Make a note of the create date and, if Google does not indicate it is a know file, then delete it.

Then go to My Computer>Documents and Settings>[your profile]>Local Settings>Temp. Sort those files by Create Date and look for any strange .exe file names with a Create Date/Time similar to the file you deleted previously (again, Google the file name if unsure). This is evidently a beakon file that is created incase the original file is deleted. It will contact infected web servers and will ultimately re-infect your system. I also cleaned my registry but as I said before, I did not have the AVScan folder. What I did have was a registry entry under HKEY_CURRENT_USER>Software>Microsoft>Windows> Run. There I found an entry for starting and running the .exe file I had deleted in my Applications folder under my profile in Documents and Settings. Right Click and delete the ENTRY (not the Run folder).

I also had a few other Registry entries pertaining to my Internet Explorer settings that I changed but unless you know what you’re doing, I wouldn’t suggest making those changes. There are free Anti-Malware programs out on the net that will clean the rest of the registry settings and other ancillary files that may be hanging around once the main files have been deleted.