Ms-antivirus.net
Ms-antivirus.net (or Ms-antivirus.microsoft.net) is a rogue website which comes armed with a browser hijacker. Ms-antivirus.net is designed to promote the Antivirus Live rogue anti-spyware program. Internet users will encounter Ms-antivirus.net when they get diverted to the website unwillingly. Ms-antivirus.net uses Trojan viruses that can imperceptibly inject a random computer system and distort the Internet usage functionality. Ms-antivirus.net can change Hosts file and browser configuration settings to produce a default homepage. Ms-antivirus.net tells the computer user that Antivirus Live has detected malicious activity on the PC and recommends the installation of its full version for PC defense. Ms-antivirus.net will claim that Antivirus Live is a cutting-edge spyware remover. Having Antivirus Live software on your computer will render your Operating System useless. Do not fall for this trickery and remove ms-antivirus.net immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\[RandomSymbols]\[Random4Symbols]sysguard.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows ScriptHKEY_CURRENT_USER\Software\Microsoft\Windows Script\SettingsHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AssociationsHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
I had to do the above in SAFE mode. The MS-Antivirus wouldn't allow opening any files. Also check the task manger in safe mode and disable anything containing 'sysguard'.exe to prevent it from running on rstart up.
great