Mar 05

Remove Securityantivirus.net hijacker (Removal Instructions)

Hijackers Add comments

Threat Description:

Securityantivirus.net is a small yet pretty annoying fragment of a scareware distribution campaign. The similar-sounding rogue anti-spyware solution being promoted with the help of this domain is called Security Antivirus. This scareware enters one’s system bypassing the authentication and usually applies some trojan downloader for that. Securityantivirus.net is a site that gets hit as a result of browser redirect activity being put forward by the rogue we’ve mentioned. As you can judge from the screenshot, Securityantivirus.net offers a downloadable version of its sponsoring crimeware. But it’s not only a distributor of free trial version. Securityantivirus.net has a tab called ‘Buy now’ which prompts you to purchase Security Antivirus’ license for 6 months, 1 year or lifetime, the price varying respectively. It’s quite important to keep oneself from falling for any information Securityantivirus.net provides. That domain is a shortcut to malware invasion. Unless you got some excessive money to support international hacktivism, be sure to abstain from clicking and buying anything on Securityantivirus.net. If it’s annoying browser rerouting that takes you to Securityantivirus.net, you’re recommended to check your system for trojans and get rid of any detected items.

Determine if your system is infected with Securityantivirus.net hijacker and related threats:

Download Securityantivirus.net Hijacker and Security Antivirus Free Scanner with Remover

Securityantivirus.net Screenshot:

Www1.pcsecureshield.in

How to remove this threat manually:

Securityantivirus.net manual uninstall procedure:

Get rid of the related corrupt files:

  • %Documents and Settings%\All Users\Application Data\345d567\
  • %Documents and Settings%\All Users\Application Data\345d567\72.mof
  • %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
  • %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe
  • %Documents and Settings%\All Users\Application Data\345d567\SAV.ico
  • %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
  • %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items\
  • %Documents and Settings%\All Users\Application Data\345d567\SAVSys\
  • %Documents and Settings%\All Users\Application Data\345d567\SAVSys\vd952342.bd
  • %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
  • %Documents and Settings%\[UserName]\Application Data\Security Antivirus
  • %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite
  • %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv
  • %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe
  • %Documents and Settings%\[UserName]\Recent\cid.dll
  • %Documents and Settings%\[UserName]\Recent\CLSV.drv
  • %Documents and Settings%\[UserName]\Recent\DBOLE.sys
  • %Documents and Settings%\[UserName]\Recent\ddv.dll
  • %Documents and Settings%\[UserName]\Recent\ddv.sys
  • %Documents and Settings%\[UserName]\Recent\energy.tmp
  • %Documents and Settings%\[UserName]\Recent\FS.drv
  • %Documents and Settings%\[UserName]\Recent\gid.drv
  • %Documents and Settings%\[UserName]\Recent\PE.drv
  • %Documents and Settings%\[UserName]\Recent\PE.exe
  • %Documents and Settings%\[UserName]\Recent\PE.sys
  • %Documents and Settings%\[UserName]\Recent\PE.tmp
  • %Documents and Settings%\[UserName]\Recent\runddlkey.dll
  • %Documents and Settings%\[UserName]\Recent\std.exe
  • %Documents and Settings%\[UserName]\Recent\tjd.drv
  • %Documents and Settings%\[UserName]\Recent\tjd.sys
  • %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk
  • %Program Files%\Mozilla Firefox\searchplugins\search.xml

Delete the associated registry entries:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =”http://127.0.0.1:27777/?inj=%ORIGINAL%”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Antivirus”

Please note that Securityantivirus.net manual removal is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may cause irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:

Download Securityantivirus.net Hijacker Removal Tool

Leave a Reply