fbpx

SAntivirus Removal


SAntivirus

SAntivirus is an unwanted program installed on users’ computers without their knowledge (usually together with other software bundles). SAntivirus can change the settings of your home or work network by using them for its own purposes and make your system vulnerable to other malicious threats.

SAntivirus

SAntivirus is an unwanted program.

A Trojan virus can generally be used for several purposes. First of all, these threats operate very subtly. You may not be aware of the contamination before the virus completes its harmful agenda. In many cases, the actual time of contamination and the time of the attack may not be the same because it is common for the Trojan to wait quietly and patiently until it received commands from its developers. Once that happens, the virus will fulfill its malicious plans and will leave the device corrupted, heavily compromised, or completely destroyed.

At this post, however, we will try to help you avoid these dreadful consequences and remove SAntivirus before it manages to complete its evil plans. Just keep on reading and you will find out how to do that.

Santivirus Realtime Protection Lite

Santivirus Realtime Protection Lite is a potentially harmful program advertised as an anti-virus solution. Santivirus Realtime Protection Lite is a harmful program that can typically be found in C:\Program Files\SAntivirus\santivirusclient.exe and reports suggest that it is associated with SEGURAZO.EXE.

The Santivirus Realtime Protection Lite’s creators want you to believe that SAntivirus can scan your computer and detect security vulnerabilities, remove computer viruses, and protect your system from any web attacks.

The Santivirus Realtime Protection Lite can tamper with the system’s registry, firewall, and Internet settings, cause BSOD crashes and add new startup elements without permission. Santivirusclient.exe could also block your security programs and allow more malware to get downloaded.

The sources of Trojans may vary, but most commonly they can be found inside spam email messages and their malicious attachments or inside some cracked software installers. Another secret location where threats like SAntivirus may hide is in malicious pop-up ads, false on-screen warnings and notifications, and infected web links – you get infected automatically if you click on any of those.

Luckily, such malware can be successfully removed if you carefully follow certain removal steps and scan your computer with a reliable security program. To do that, scroll down and you will see our free detailed removal guide that provides a quick and efficient resolution of your situation.

What is SAntivirus?

SAntivirus is a potentially unwanted program (PUP). SAntivirus penetrates your device, either downloaded in a package with popular programs or included in a file accompanied by other Trojans.

SAntivirus

SAntivirus is marked by several reliable antimalware scanners as a PUP

A Trojan, as we said above, could be programmed to perform different damaging activities on your computer. For instance, the attack of this virus may result in loss of critical data, hard drive formatting, and system file alterations, which can make your PC useless. Sometimes, the hackers may simply have fun by infecting computers with Trojans and destroying them entirely or merely crippling them so that users become helpless and confused.

Such threats, however, could be used for much more “useful” criminal purposes. The distribution of other malware and viruses is one of them. Hackers make extensive use of the Trojans’ ability to hack into a device without being detected and to secretly insert Ransomware or Spyware. For instance, SAntivirus may try to introduce a Ransomware version inside your PC and allow it to encode your information so that the extortionists behind it can demand ransom from you. SAntivirus could also be used to turn your device into a bot and allow hackers to exploit your system’s resources. They can send spam on behalf of your PC or mine cryptocurrencies or do something else, usually illegal, on your PC’s behalf. This is an awkward situation because you could potentially be convicted of something criminal you never did yourself.

Summary

Name SAntivirus
Type Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms Trojans may slow-down your machine, delete or corrupt your data, cause, errors, freezes, crashes, and so on.
Distribution Method Spam letters, pirated content, and misleading malvertisements are the usual suspects here.
Detection Tool

Santivirus Uninstall instructions (Windows)

Note 1: Some of the following steps may require that you close the browser, exiting this page so we suggest you bookmark this page so that you can quickly access it later. You can also open this guide on your phone or on another nearby mobile device/computer so that you can have it open the whole time while you are completing the steps.

Note 2: SAntivirus is closely related to the Segurazo PUP and the steps for removing either of them are usually identical. In the next steps, wherever you are asked to find and delete something that has the name Segurazo, know that if you cannot find it, you should try looking for the same thing but with the SAntivirus name.

  • Step 1

The first thing you ought to do in here is to enter Safe Mode on your PC – this mode will block certain processes that may be intended to keep you from uninstalling SAntivirus because in Safe Mode the only processes that are allowed to start as the computer boots up are ones that are necessary for the stable and normal functioning of the OS. If you don’t know the correct way to enable Safe Mode, the link from above will bring you to a guide that will help you with that.

  • Step 2

  1. From the Start Menu or directly from your Desktop, open Computer/This PC, go to the C: drive (or to whatever drive stores your OS) and then open Program Files (X86)/ Segurazo (or SAntivirus).
  2. Once you are in the specified folder, start the SegurazoUninstaller.exe/SAntivirusUninstaller.exe file.
  3. The Uninstaller will ask you if you are sure you want to remove the protection from your computer – click on the Remove Protection button to confirm that.
  4. You will be also asked if you’d like to restart your computer now – here you must select the Restart Later option.
  5. Close all windows of folders and other programs on your screen, leaving only the Uninstaller window open.
  6. Next, check the Antivirus Protection and the Cofiguration files checkboxes  and finally click on Uninstall.
  7. After the uninstallation completes, the Uninstaller will once again ask you to restart you PC and you must once again deny that by clicking on No.
  8. Now, if there are any files left in the Segurazo folder, use this free online scanner to test them for malware:
    Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is free and will always remain free for our website's users.
    This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
    Drag and Drop File Here To Scan
    Drag and Drop File Here To Scan
    Loading
    Analyzing 0 s
    Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
      This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.
    • If the scan concluded that the files contain malware code, delete them and move on to the next part of the guide.

    After you’ve completed everything from this step, there will usually be only two files from Segaruzo/Santivirus inside the system and you must make sure to delete them too. However, you cannot delete them normally because every time you try to do that, you will be met by an error message. Therefore, there are some preparational steps that you must complete before you could delete those two files. Those steps will be explained to you within the next lines.

    After you complete these steps, there will be only two files related to Segurazo on your computer. They cannot be deleted normally – every time you try to delete them, you will get an error message. To remove them from your computer, you must complete the next two sections from this guide.

    • Step 3

    Important!: The following step will require you to find and delete certain items from your PC’s Registry. Deleting the wrong thing here could mean causing instability and other problems to the computer. Therefore, proceed only if you are sure you can do everything exactly as it is explained. If you have any doubts about whether you are supposed to delete something from the Registry, it is better to first ask us about it by writing us a comment below this post.

    1. Press the Windows key and the key at the same time and in the resulting Run window, type regedit in the small text/search field.
    2. Press the Enter key and then, when asked if you want to allow the Registry Editor to make system changes, select Yes to provide your approval.
      1 7
    3. Inside the Registry Editor, select the Edit Menu, click on the Find option, and type Segurazo in the search field.
    4. Search for Segurazo items in the Registry by selecting Find Next.
      2 7
    5. Typically, the first result should be in this Registry Directory: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store. Once you are there, look at the right panel of the Editor and drag right the line between the Name and Type column so that you can see the full names of the items there.
    6. There should be an item named C:\Program Files (x86)\Segurazo\SegurazoUninstaller.exe – select it and right-click on it, and then select the Delete option. Select Yes to confirm that you want to delete this item.
    7. Repeat Step 4 – the next found Segurazo entry should be in this directory: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SegurazoUninstaller_RASMANCS – here, you must delete the folders listed below:
      • segurazoclient_RASAPI32
      • segurazoclient_RASMANCS
      • SegurazoService_RASAPI32
      • SegurazoService_RASMANCS
      • SegurazoUninstaller_RASAPI32
      • SegurazoUninstaller_RASMANCS.
        3 6
    8. Once you delete those folders, repeat the 4th step again – the directory this time should be: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Segurazo – you must delete this folder.
    9. Search for Segaruzo items again, and this should bring you to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Segurazo, which you must also delete.
    10. Repeat the search, the next folder is HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager – select it and explore the items to the right. The one you must find and delete is named PendingFileRenameOperations.
    11. Search again – this time you must delete an item named SegurazoSvc and it should be located in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application directory.
    12. The final Registry item related to Segurazo is \Device\HarddiskVolume5\Program Files (x86)\Segurazo\SegurazoUninstaller.exe – delete this one too.
    13. Scroll back up to the top of the Registry folders, select the Computer icon, and conduct one final search for items that have Segurazo in their names. If nothing is found, search for SAntivirus. If the search yields any results, delete the items that get found, if not, exit the Registry Editor.
    • Step 4
    1. Go back to the Segurazo/SAntivirus folder you accessed at the beginning of this guide and copy its address in your system by selecting the address bar, highlighting the folder’s address, right-clicking on it, and selecting the Copy button.5 3
    2. Now write down the exact names of the remaining files that cannot yet be deleted – you will need to use them in a moment.
    3. Next, go to the Task Manager (Ctrl + Shift + Esc is the quickest method to open it), and go to Processes,
    4. In there, find a process named File Explorer, select it, and then select the End Task button.
    5. Now, type cmd under the Start Menu, right-click on the cmd.exe icon, and then select Run as administrator. If Windows asks you if you are sure you want to do this, select Yes.
      4 5
    6. This will open the Command Prompts app and in it, you must type this command: del /f *filename*, however, in the place of *filename* you must paste the folder address that you copied in the first step and after it write the exact name of the file you want to delete (the one you wrote down in step 2). To paste copied text in the Command Prompt, right-click with your mouse on the title bar of the Command Prompt’s window, go to Edit, and then you will see the Paste option, which you must click on to paste the text (address) you copied.
      6 4
      • Below, you can see two examples of what the finished command could look like:
        • del /f C:\Program Files (x86)\Segurazo\SegurazoShell64_v1069.dll
        • del /f C:\Program Files (x86)\Segurazo\SegurazoKD.sys.
          Important!: Notice and do not omit the single spaces in between “del“, “/f“, and “C:“.7 3
    7. Once you’ve written the command, hit the Enter key to execute it, and repeat the previous step with the names of any other files related to SAntivirus/Segurazo that you have been unable to delete.
    8. Finally, delete the Segurazo/Santivirus folder itself once there are no more files left in it.
    • Step 5

    If you have completed the previous steps correctly, SAntivirus should no longer be on your PC. However, it may have previously made certain changes to any of your browsers, such as replacing the homepage or adding unwanted new extensions. Therefore, you should check your browsers too and revoke any such changes that may have been made to them so that you can be sure that there’s no trace of SAntivirus left on your computer.

    The first thing you must do in this regard is the following:

    Go to your browser and right-click on its icon. From the context menu, choose Properties and go to the Shortcut section.

    browser-hijacker-taskbar-properties

    In it, take a look at the Target field and see if there’s anything written after “.exe” – of there is, delete what’s written there and click on Ok.

    Browser Hijacker Removal Instructions

    Note that this could be done for any browser – we’ve used Chrome to illustrate this step in the screencaps but you can and should perform this step in the same way with any other browsing program on your computer.

    • Step 6

    The final step the current guide is to open any of your browsers that may have been affected by the unwanted software and revoke any changes made to them without your permission. This step could vary depending on the specific browser so we have shown you how to perform it for IE, Mozilla Firefox, and Google Chrome. If you are using another browser, do not worry, restoring its normal settings should still be done in a somewhat similar way. Besides, if you need help, you can always tell us what browser you need help with by writing us a comment down below.

    Lastly, you must delete any potential remnants of Segurazo from your browsers so here is how to do this for IEFirefox, and Chrome:

    ie9-10_512x512Remove Segurazo from Internet Explorer:

    For IE users, open the browser, click on the gear icon IE GEAR and choose Manage add-ons from the menu.

    pic 3

    Once you are at the Add-ons page of the browser, see if there are any extensions named SAntivirus, Segurazo, or anything similar and uninstall them. Also, see if there are any other suspicious extensions or extensions you don’t use and/or don’t remember installing and remove them too.

    Now go back to the menu IE GEAR of the browser, choose Internet Options and look at the address that is entered as your browser’s homepage. If it seems that the homepage address has been altered without your permission, change it back to what it used to be or to another address that you prefer but do not keep the one that is currently listed as the homepage address.

    Finally, click on the Apply button, exit the browser, and restart the computer.

    firefox-512Remove Segurazo from Firefox:

    For Firefox users, start the browser, click on its menu button mozilla menuchoose Add-ons, and then select the Extensions option.

    pic 6

    Once again, see if there’s an extension named SAntivirus, Segurazo, or anything similar and if there is, remove it. The same should be done with any other odd-looking Firefox extensions that you don’t use or that have been installed without your knowledge or permission. 

    chrome-logo-transparent-backgroundRemove Segurazo from Chrome:

    Once you are in Google Chrome, select the browser’s menu, the More Tools, and then Extensions. Like with the previous two browsers, find any suspicious add-ons that are probably not supposed to be in the browser. Needless to say, anything that carries the name of SAntivirus/Segurazo must be deleted as well.

    After you take care of the extensions of Chrome, close the browser and go to this folder: C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. In there should be a folder named Default – you must rename it to Backup Default. Once you do this, restart the computer and start the browser to see if it behaves normally.

    Rename the Folder to Backup Default

    If this removal guide wasn’t enough to rid you of SAntivirus, we recommend that you download the professional anti-malware tool that has been posted on this page and/or request further assistance by leaving us a comment down below.

    blank

    About the author

    blank

    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    1 Comment

    • Hi,

      I was attacked by this virus today. I have been trying to clear this from my system using your super helpful guide. But I see some of the residue of the folder (SAntivirus) in HKEY_LOCAL_MACHINE and I a, not able to delete it. Please help asap.

    Leave a Comment