If you’re ever feeling overwhelmed by the number of viruses and malware on your computer, it’s time to take a look at some tips to help remove them. Here are four easy ways to remove antivirus live and other rogue/fake antivirus malware:

  1. Start by opening the Control Panel and clicking on Programs and Features. This will show you all of the programs that are installed on your computer. Scroll down to Antivirus and click on Remove.
  2. Open a command prompt window (cmd) and type “netstat -a” to see all of the active connections on your computer. Look for an entry that looks like this: ProtoPort=5678 ProtoName=eth0 protoType=tcp,udp,sip protoAddress=10.0.0.1 The port number in this example is 5678, the name of the network interface that is connected to your computer (eth0), and the address of 10.0.0.1 (the server where you installed antivirus software). The tcp,udp,sip entries indicate that there are three active connections: one from 10.0.0.1 (the server where antivirus software is installed), one from your computer’s network interface eth0, and one from your computer’s own localhost (localhost). To remove all three connections at once, type “netstat -a | grep tcp” instead of just “netstat -a”.
  3. Open a command prompt window (cmd) and type “netsh advfirewall add rule name [rule_name] [action] [parameters]” to add an existing rule to your firewall that will block traffic from 10.0.0.* destinations only if they match the given rule name or parameters (for example “block tcp packets from 10.”). To view all available rules in your firewall, type “netsh advfirewall show”.
  4. Type "

Antivirus Live is one of many fake antivirus applications like Advanced Virus Remover and Internet Security 2010, that are really rogue viruses that take your computer hostage—then they tell you that your computer is infected by viruses, and you have to pay them to get rid of the fake viruses that aren’t really there. It’s a huge problem, and they are not easy to remove, because they block virtually everything you try and run, including real anti-malware tools.

Removing Rogue Fake Antivirus Infections (General Guide)

There’s a couple of steps that you can generally follow to get rid of the majority of rogue antivirus infections, and actually most malware or spyware infections of any type. Here’s the quick steps:

Try to use the free, portable version of SUPERAntiSpyware to remove the viruses. If that doesn’t work, reboot your PC into safe mode with networking (use F8 right before Windows starts to load) If that doesn’t work, and safe mode is blocked, try running ComboFix. Note that I’ve not yet had to resort to this, but some of our readers have. Install MalwareBytes and run it, doing a full system scan. (see our previous article on how to use it). Reboot your PC again, and run a full scan using your normal Antivirus application (we recommend Microsoft Security Essentials). At this point your PC is usually clean.

Those are the rules that normally work. Note that there are some malware infections that not only block safe mode, but also prevent you from doing anything at all. We’ll cover those in another article soon, so make sure to subscribe to How-To Geek for updates (top of the page).

 

Let’s Remove Antivirus Live

The first thing you’ll want to do is reboot your computer, and hit the F8 key right before Windows starts loading (you can hit it a bunch of times). Then select the Safe Mode with Networking option.

Before you do anything else, you’re going to need to fix the internet connection to work, because Antivirus Live changes IE to use a fake proxy server that prevents you from getting to anything else—and will also prevent you from installing and updating a real anti-malware software.

Now you’ll want to install SuperAntiSpyware (linked above), which you have hopefully downloaded via another computer already, but safe mode with networking should allow you to download and install it.

Once you load it up, it’s going to do some analysis…

Then you’ll see the full application screen, where you’ll want to use the Check for Updates button to make sure you have the latest definitions. Once you’ve done that, click the Scan your Computer button.

Select your primary drive at least, though you should pick all the drives, and then click the Perform Complete Scan button.

It’ll run for a long time, detect a bunch of stuff, and then you can proceed through the wizard to actually removing it all…

Once it’s all done, you can reboot the PC again (just make sure to go back into Safe Mode again).

Next you’ll want to install Malwarebytes, make sure to check the Update tab for the latest definitions, and then perform a full scan of your system.

Malwarebytes will find even more malware that SuperAntiSpyware missed (seems like you always need more than one util to get it all). Just be sure to click the Remove Selected button to get rid of the rest.

At this point you’ll want to reboot your system, and then install Microsoft Security Essentials and run another full scan. Can’t hurt to be too cautious!

Note: If you used a thumb drive at any point during this process, you should make sure and scan that as well—I’ve had viruses hop over to the thumb drive, ready to infect the next machine.