Yesterday my computer was disabled by a program call Antivirus Live (xxxsysguard.exe). I ran my McAfee virus scan for the whole computer and searched the McAfee website for information on how to disable and remove this pernicious software. I also started a chat support session.
None of these actions helped me to identify and learn how to remove the malware.
Finally, I did a Google search and discovered that Antivirus Live is a well-known problem and I found several suggestions on how to remove it. I followed one of these and I think I have rid my computer of this malware.
I am trying to find out if McAfee has information on Antivirus Live to see if there is anything else I need to do. Searching the McAfee website has not helped. The McAfee antivirus software does not appear to rid the computer of this malware!
Also I tried to load the virtual technician on the affected computer and use it. It appears to install, but then will not run. I have made at least 3 attempts.
Someone from McAfee needs to remind me why I continue to subscribe to McAfee antivirus software. It has failed me when I had some evil malware take over my computer.
I don't see any other replies to your post so I'll throw in my 2 cents worth. I just had the same problem(browser hijacker) and McAfee apparently doesn't catch these types of malware. My suggestion is to down load Malwarebytes(the free version is fine) install it, run the update first and then scan your system with the "full scan". After it finishes remove whatever trojans, etc. that it finds. Hope this helps.
I too have experienced the devastation of the Anti Virus Live program. It completely takes over your computer and does overwhelming Pop-Ups and also opens porno sites. DO NOT BUY ANYTHING, IT WILL STEAL YOUR CREDIT CARD INFORMATION AND EMPTY YOUR BANK ACCOUNTS. It will not let you open any Internet files. It will not let you activate antiviral protection and it will not let you open Task Manager so that you can stop Processes. The only way to stop it is to restart your computer in Safe Mode and then run the Malwarebytes Anti-Malware program. You can do the quick scan to get your computer running and then do a full scan later. This program is free. That is not a permanent fix. You will still have your search engines, all three major ones, hijacked when you do a search and then it will redirect you to a site that reinstalls the virus and the whole process starts over again. I have not figured out how to stop this part of the virus. You can cut and paste the web address, instead of clicking on the in the search engine and it does not activate the malicious websites. McAfee is useless against it. I too am beginning to wonder why I have McAfee and am seriously considering doing charge back on my credit card payment and going to another Virus Protections site. There is no excuses for them ignoring this extremely malicious virus.
If some one has more information on how I can keep my search engines from being hijacked, please reply with that information.Message was edited by: somethingsphishy on 12/28/09 3:01:00 AM CST
Here are the instructions for removing Antivirus Live: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-live. As mentioned in the other replies, you'll need to download the Malwarebytes' Anti-Malware program, but there is another file that you'll need to download and run first called rkill.com. (See step 8) This file ends the processes that Antivirus Live has infected.
I was previously attacked by Antivirus System Pro, and now I've been attacked by Antivirus Live. I would like McAfee to convince me why I should continue to use their product when I've now been attacked twice by malicious, well-known malware.
The Bleeping Computer Forum has most of the best removal guides for this sort of thing. They are fake anti-malware applications and as such are not caught by most major anti-virus applications, so you could equally as well be using Norton, Kaspersky, F-Secure, Nod32 or whatever, it would still happen.
The internet is flooded these days by all sorts of ingenious malware designed to foil anti-virus engines or even disable them in some instances, yet having anti-virus installed is essential as that stops the majority of malware.
The best policy to avoid this is use more caution surfing, downloading, file sharing, or whatever you are doing when this sort of thing occurs. Keep your system totally up to date with both critical and non-critical updates, especially the browser(s), even if they are not used, and always have an updated anti-spyware application such as Malwarebytes or SuperAntiSpyware handy. The free versions are fine.Message was edited by: Ex_Brit on 28/12/09 9:27:55 EST AM
Thanks to all who answered. Your suggestions were helpful and I removed the malware from my computer.
Regarding McAfee's inability to detect and remove this type of menace, I can appreciate that the McAfee software is not designed to deal with this type of threat. However, since this is a well-known problem, McAfee subscribers should be able to easily search the McAfee site and find an answer about how to remove it (not just through the online community of users). The addition of such information to the McAfee database would be a low cost service to McAfee subscribers and would have been enough to satify my needs in this case. I hope a staff person from McAfee is reading!
We are working to solve the fakealert/vundo "thing", but in such a way that we do not false as much as the other guys do. It's a fine line, and we don't want to cause more harm than good. More to come.
Kinda weak reply if you ask me. My son's machine had Mcafee "Total Protection" and it was "Totally" worthless in addressing this Antivirus Live issue. It is a very ugly "malware/virus" and I would have expected Mcafee to stop it and if not; quicking jump on a fix to prevent it. The weak response from the company is enough for me to contact my sister, whom I just recommened Mcafee to, to tell her to look elsewhere. AVG (free) was always good for me, and I might go back after this issue. As badbakkaruda says, if the others wont catch it either, then why pay them. I want an answer that says "We are agressively addressing this nasty bug and expect to have a solution soon". "Others wont stop it either" wont restore my sons computer. As others said, as least explain what is known about the problem until you find a solution. Write a cleaner code "cleaner/preventer" later after getting out a sloppy fix now. The longer they wait to address this nasty virus, the more people will lose faith in them to live up to thier word. "Totally asleep at the wheel" if you ask me. As I write this, i am using Malwarebytes (free) to remove the items from my sons machine. I don't like using off name programs because sometimes they, themselves is another trojan or backdoor. Best I can tell, Malwarebytes is legit. My thanks go out to the companies who offer a free solution as my PAID solution sleeps.
Message was edited by: jblantz on 12/31/09 1:45:48 PM CSTMessage was edited by: jblantz on 12/31/09 1:53:52 PM CST
You've made several assumptions here, but I'm not a sales person, and will not argue the detail with you.
"More to come" to me, could just as well meant "We are agressively addressing this nasty bug...." It's all just words until something is downloadable for you. We are working on it.