How To Remove Antivirus Live and Other Rogue/Fake Antivirus Malware

If you’ve got a PC infected by the Antivirus Live virus, you’ve got a tough job ahead of you to remove it. And we’ve got the instructions to help.
Antivirus Live is one of many fake antivirus applications like Advanced Virus Remover and Internet Security 2010, that are really rogue viruses that take your computer hostage—then they tell you that your computer is infected by viruses, and you have to pay them to get rid of the fake viruses that aren’t really there. It’s a huge problem, and they are not easy to remove, because they block virtually everything you try and run, including real anti-malware tools.

Removing Rogue Fake Antivirus Infections (General Guide)
There’s a couple of steps that you can generally follow to get rid of the majority of rogue antivirus infections, and actually most malware or spyware infections of any type. Here’s the quick steps:

• Try to use the free, portable version of SUPERAntiSpyware to remove the viruses.
• If that doesn’t work, reboot your PC into safe mode with networking (use F8 right before Windows starts to load)
• Try to use the free, portable version of SUPERAntiSpyware to remove the viruses.
• Reboot your PC and go back into safe mode with networking.
• If that doesn’t work, and safe mode is blocked, try running ComboFix. Note that I’ve not yet had to resort to this, but some of our readers have.
• Install MalwareBytes and run it, doing a full system scan. (see our previous article on how to use it).
• Reboot your PC again, and run a full scan using your normal Antivirus application (we recommend Microsoft Security Essentials).
• At this point your PC is usually clean.

Those are the rules that normally work. Note that there are some malware infections that not only block safe mode, but also prevent you from doing anything at all. We’ll cover those in another article soon, so make sure to subscribe to How-To Geek for updates (top of the page).

Let’s Remove Antivirus Live
The first thing you’ll want to do is reboot your computer, and hit the F8 key right before Windows starts loading (you can hit it a bunch of times). Then select the Safe Mode with Networking option.

Before you do anything else, you’re going to need to fix the internet connection to work, because Antivirus Live changes IE to use a fake proxy server that prevents you from getting to anything else—and will also prevent you from installing and updating a real anti-malware software.

Now you’ll want to install SuperAntiSpyware (linked above), which you have hopefully downloaded via another computer already, but safe mode with networking should allow you to download and install it.
Once you load it up, it’s going to do some analysis…

Then you’ll see the full application screen, where you’ll want to use the Check for Updates button to make sure you have the latest definitions. Once you’ve done that, click the Scan your Computer button.

Select your primary drive at least, though you should pick all the drives, and then click the Perform Complete Scan button.

It’ll run for a long time, detect a bunch of stuff, and then you can proceed through the wizard to actually removing it all…

Once it’s all done, you can reboot the PC again (just make sure to go back into Safe Mode again).

Next you’ll want to install Malwarebytes, make sure to check the Update tab for the latest definitions, and then perform a full scan of your system.

Malwarebytes will find even more malware that SuperAntiSpyware missed (seems like you always need more than one util to get it all). Just be sure to click the Remove Selected button to get rid of the rest.

At this point you’ll want to reboot your system, and then install Microsoft Security Essentials and run another full scan. Can’t hurt to be too cautious!