As you can see, Antivirus Soft is a scam designed with one goal to make you buy what is called the full version of the program. Do not get caught in such scams this is just fooling you so that you will have to buy the fulll version. Simply follow the instructions mentioned in the below guide to remove the Antivirus software and any associated malware from your computer for free.
Symptoms in a HijackThis log
O4 - HKLM \ .. \ Run: [RANDOM]% UserProfile% \ Local Settings \ Application Data \ [RANDOM] \ [RANDOM] lsd.exe
O4 - HKLM \ .. \ Run: [RANDOM]% UserProfile% \ Local Settings \ Application Data \ [RANDOM] \ [RANDOM] lsd.exe
O4 - HKLM \ .. \ Run: [RANDOM]% UserProfile% \ Local Settings \ Application Data \ [RANDOM] \ [RANDOM] ftav.exe
O4 - HKLM \ .. \ Run: [RANDOM]% UserProfile% \ Local Settings \ Application Data \ [RANDOM] \ [RANDOM] ftav.exe
Use the following instructions to remove Antivirus Soft (uninstall instructions)
Step 1:
Download the HijackThis application from the following link HijackThis. Remember to Rename the HijackThis application to iexplore.exe before saving it on your desktop , by default the name will be HJTInstall.exe. Refer the image below:
If you are not allowed to download the application your internet explorer's proxy settings must be repaired.
To Repair the proxy settings of the Internet Explorer Follow the steps which are mentioned below:
- Double click the Internet Explorer browser icon.
- Then click Tools and select Internet options.
- Go to the Connections tab and click LAN setting button.
- Uncheck the "Use a proxy server" box.
- Click OK -> Click Apply -> Click OK.
Run HijackThis on your desktop by double clicking iexplore.exe icon on your desktop. After the installation finishes. HijackThis main menu will appear.
Click the "Do a system scan only button"
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings, ProxyServer = http = 127.0.0.1:5555
O4 - HKLM \ .. \ Run: [arlsknkv] C: \ Documents and Settings \ username \ Local Settings \ Application Data \ lqtwnu \ wqcmsysguard.exe
O4 - HKLM \ .. \ Run: [arlsknkv] C: \ Documents and Settings \ username \ Local Settings \ Application Data \ lqtwnu \ wqcmsysguard.exe
O4 - HKLM \ .. \ Run: [wcspymsu] "C: \ Users \ Owner \ AppData \ Local \ bbenmt \ badwsftav.exe"
O4 - HKLM \ .. \ Run: [ydcqinji] "C: \ Users \ Owner \ AppData \ Local \ rhjimj \ bogjsftav.exe"
Note: list of infected items may be different, but all have "string" lsd.exe in part right and "M4" in the left side.
Select all of the items listed by checking all of them and make it sure that no programs are running in the background. Then hit the "fix checked" button. Finally Exit this application.
Bookmarks