Removal Tool: Remove Fake Antivirus. (Download it here.)
Removal Guide
Kill Process
(How to kill a process effectively?)
SA83b.exe
SA345d.exe
Unregister DLL Files
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\mozcrt19.dll
Delete Registry
HKEY_CLASSES_ROOT\ReleaseXP.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "986707143803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"
Remove Folders and Files
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\mozcrt19.dll
%UserProfile%\Desktop\436.mof
%UserProfile%\Application Data\Security Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
[System root]\Documents and Settings\All Users\Application Data\SAYSSSys
[System root]\Documents and Settings\All Users\Application Data\61a60
Removal Guide
Kill Process
(How to kill a process effectively?)
SA83b.exe
SA345d.exe
Unregister DLL Files
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\mozcrt19.dll
Delete Registry
HKEY_CLASSES_ROOT\ReleaseXP.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "986707143803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"
Remove Folders and Files
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\mozcrt19.dll
%UserProfile%\Desktop\436.mof
%UserProfile%\Application Data\Security Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
[System root]\Documents and Settings\All Users\Application Data\SAYSSSys
[System root]\Documents and Settings\All Users\Application Data\61a60