Software Antivirus
Software Antivirus is a fake security application created to be sold as a legitimate program but it has dishonest objective on one’s computer. Software Antivirus will be promoted on scam online virus scanner website that will automatically scan visitors computer for viruses. Dozens of detected threats will be displayed and asked user to download and install Software Antivirus to remove these infections. As users eager to remove what they thought are valid virus findings, they will follow what was advised. Unknown to them that installing Software Antivirus on computer can poses further danger for the compromised computer. Internet browser can be block, antivirus and security programs can be removed and Windows functions can be disabled. Aside from that, a bunch of annoyances can be experienced such as continuous pop-up alerts and warning messages. Software Antivirus will also exhibit a local virus scan of the computer from time to time.
Rogue program such as Software Antivirus should be eradicated immediately. To remove Software Antivirus, only use legitimate security programs and avoid downloading untrusted applications. If possible, a combination of anti-virus and anti-malware is advised to remove Software Antivirus and all of its associated files.
Screen Shot Image:
Additional Software Antivirus Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Follow this Removal Procedure
Software Antivirus Removal Tool:
For automatic removal of this malware, please download and run Malwarebytes Anti-Malware. There are instances that Software Antivirus Trojan will block the downloading execution of security application. On this situation, please download the file from an uninfected computer and rename it before installing on the infected computer.
Technical Details and Additional Information:
To further convince user that computer is infected, it will display fake warning messages that is a mimic of Windows taskbar alert.
Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Security Antivirus.
Your PC may still be infected with dangerous viruses. Security Antivirus protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.
Suspicious software which may be malicious has been detected on your PC. Click here to remove this threat immediately using Security Antivirus.
Click here to remove all potentially harmful programs found immediately using Security Antivirus.
Malicious Files Added by Software Antivirus:
%UserProfile%\Application Data\Software Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Software Antivirus.lnk
%UserProfile%\Application Data\Software Antivirus\cookies.sqlite
%UserProfile%\Desktop\Software Antivirus.lnk
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\gid.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\tjd.drv
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\Software Antivirus.lnk
%UserProfile%\Start Menu\Programs\Software Antivirus.lnk
c:\Documents and Settings\All Users\Application Data\345d567\
c:\Documents and Settings\All Users\Application Data\345d567\72.mof
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\SA345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\SAV.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\
c:\Documents and Settings\All Users\Application Data\345d567\SAVSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
Software Antivirus Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Software Antivirus”
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala . com/?&uid=195&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala . com/?&uid=195&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =”http://127.0.0.1:2 7777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195″