fbpx

SAntivirus Removal


SAntivirus

SAntivirus is a security tool that some researchers regard as potentially unwanted due to its aggressive advertising methods and difficult uninstallation. SAntivirus is commonly found in file bundles with other software and tends to get installed without the users’ knowledge.

 

SAntivirus

SAntivirus is an unwanted program.

Many reports suggest that SAntivirus is associated with Segurazo.exe (another similar unwanted software) and its file location is in C:\Program Files\SAntivirus\santivirusclient.exe.

It is not uncommon for users to get this software installed on their machines without realizing how it happened and to think that they have been targeted by a malicious virus program. However, this is not what SAntivirus is. As we said, it is a regular security program that is actually supposed to keep your system safe from actual threats like Ransomware, Spyware, Trojans, and other malware hazards. The problem is that the free version of SAntivirus – SAntivirus Lite seems to try a bit too hard to get more and more people to install its paid version while, at the same time, providing little to no useful functions to the people who don’t want to upgrade to the paid premium variant of the software.

Santivirus Realtime Protection Lite

SAntivirus Realtime Protection Lite is the free version of the SAntivirus security suite and it is characterized by its constant attempts to persuade its users to purchase the paid variant. Antivirus Realtime Protection Lite is quite difficult to remove so most people think it’s malware.

We already clarified that this program isn’t actual malware and despite some of its unpleasant traits, it won’t harm your computer or try to compromise your virtual privacy and security. This, however, doesn’t make SAntivirus Lite any more desirable. This program would constantly try to get you to subscribe to its paid version by using some rather questionable techniques like, for instance, making you think your computer has been infected by some serious form of malware even when there’s absolutely nothing dangerous in the system. This sort of malware warnings that are false positives intended to lead the user to buy a given paid product is a particularly dishonest form of marketing and the fact that SAntivirus Lite is using it is a major reason to want this software removed from your PC.

What is SAntivirus Realtime Protection Lite?

SAntivirus is a software security suite that uses aggressive and misleading marketing techniques to get more people to pay for its Premium version. SAntivirus often gets installed without getting noticed and can be particularly difficult to remove because it makes unwanted changes in the system.

SAntivirus

SAntivirus is marked by several reliable antimalware scanners as a PUP

The false-positive malware warnings aren’t the only thing that makes SAntivirus potentially unwanted. In addition to that, this program usually gets installed on the computer without people actually wanting it. 

There are several ways you could get SAntivirus on your machine without knowing it. One of the most common ones is the use of software bundling – a popular technique for spreading less-than-desirable apps and programs. The unwanted app is added to a software installer for another program – usually, one that is free but also useful so more people would download it. Once the installation of that other program is complete, the added unwanted app (SAntivirus in this case) is installed as well unless the user remembered to check the custom/advanced settings of the installer and leave the unwanted app out of the installation process. Since most people don’t do that, software like SAntivirus can easily get installed onto millions of PCs.

Another way SAntivirus could get added to your system is after you mistakenly try to install a fake Flash Player update. Usually, fake Flash updates are found on questionable and misleading sites with lots of sketchy ads and banners on them so we advise you to be careful with the sites that you visit to avoid such fake updates. In most cases, in order to reach a certain piece of content, the user would be required to install the fake update to be able to see the content. In reality, it is a simple scam intended to get you to download some unwanted piece of software. Many have reported that this is one of the ways SAntivirus gets distributed.

SAntivirus uninstall

The third reason we and most other security researchers regard this software as unwanted is the fact that it makes a number of system changes that make it really difficult to uninstall SAntivirus Lite. Previous versions of the program had a handy uninstaller that allowed you to quickly rid your PC of the SAntivirus but now you’d have to go through multiple loops to finally free your system of the presence of this app. Below, we have given you a detailed guide with all the steps we could come up with that will allow you to fully uninstall this software and remove all of its files and settings from your computer.

Summary

Name SAntivirus
Type Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms Trojans may slow-down your machine, delete or corrupt your data, cause, errors, freezes, crashes, and so on.
Distribution Method Spam letters, pirated content, and misleading malvertisements are the usual suspects here.
Detection Tool

Santivirus Removal

Note: The guide you will see below will likely require you to restart your computer or close your browser at a certain point. To make finding the current page easier when you open your browser again, we suggest bookmarking it. Alternatively, you can open it on your phone or another device and look at it from there while completing the steps on your PC.

Note: SAntivirus is linked to another similar potentially unwanted program known under the name of Segurazo. The steps to remove those two programs are nearly identical so whenever you see in the following guide to find and delete an item named Segurazo, if you can’t find it, look for one named SAntivirus and delete that one (and vice versa).

  • Step 1

Throughout the next guide it is important to have your PC in Safe Mode. If Safe Mode is not enabled, you may not be able to fully remove Santivirus. To help those of you who don’t know how to enter Safe Mode, we have prepared a separate guide on How to enter Safe Mode on your PC that you can visit by clicking on the provided link.

  • Step 2

  1. Open This PC/Computer from your Desktop (if it isn’t there you can find it in the Start Menu) and navigate to the following folder: (C:)/Program Files (x86)/Segurazo.
    • If your OS is stored in another drive and not (C:), go to that specific drive to find the specified folder.
  2. In that folder, double-click on SegurazoUninstaller.exe/SAntivirusUninstaller.exe and click on the Remove Protection option.
  3. If asked whether you’d like to restart your PC, click on No.
  4. Close everything (programs, folders, files) that’s on your screen and leave open only the Segurazo/SAntivirus uninstaller.
  5. In the uninstaller, put ticks in the checkboxes for Configuration files and Antivirus Protection and then start the uninstallation by selecting Uninstall.
  6. Once the uninstallation process is finished, you will likely be asked once more to restart the computer – click on No again.
  7. See if the Segurazo folder is still present on your computer and if it is, delete it.
    • If you get an error message when you try to delete the folder because one or more of the files stored in it can’t be removed, enter the folder and delete the other files (the one you are allowed to delete). This will typically leave you with two files that you will not be able to remove at that point. If this is your case after you complete the remainder of this guide, come back to the Segurazo folder and make another attempt to delete it – this time you should have no problem removing the folder.
  8. Use the free scanner we’ve included here to quickly check any other suspicious files on your computer for suspicious code. If a scanned file gets flagged as malware, delete it and empty the Recycle bin.
  • Step 3

Warning: The current step involves locating and deleting SAntivirus/Segurazo items from the Registry of your PC. Since many sensitive and important system settings are stored in the Registry, it is crucial that you don’t delete the wrong thing. To ensure that you only remove items related to SAntivirus/Segurazo and not ones that mustn’t be tampered with, we strongly suggest you contact us through the comments section below whenever you are in doubt about the nature of a given Registry item and about whether you should delete it or not.

  1. Press together the Windows key and from the keyboard and when the Run window appears, type in it regedit.
  2. Click on OK or press the Enter key and when asked for Admin confirmation to open the Registry Editor (regedit.exe) click on Yes.
    1 7
  3. From the Edit menu in the Registry Editor, select the Find option and type Segurazo.
  4. Select Find Next to search for items with that name in the Registry. If no results are found, do another search for SAntivirus.
    2 7
  5. The first search result should take you to this directory in the Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store – when in it, you should look at the items in the right panel, find one named C:\Program Files (x86)\Segurazo\SegurazoUninstaller.exe and delete it. If you cannot see the full names of the items in the right panel, drag to the right the name column to make more place for the items’ names.
  6. Search for the next item (Find Next) which should take you to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SegurazoUninstaller_RASMANCS. There, you mus delete the following folders from the left panel:
    • segurazoclient_RASAPI32
    • segurazoclient_RASMANCS
    • SegurazoService_RASAPI32
    • SegurazoService_RASMANCS
    • SegurazoUninstaller_RASAPI32
    • SegurazoUninstaller_RASMANCS.
      3 6
  7. Click on Find Next again – the next folder is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Segurazo and you must delete it.
  8. Find Next > in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager folder, look to the right and find and delete PendingFileRenameOperations.
  9. Repeat the search and delete from the SegurazoSvc item from the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application folder.
  10. Perform another search to find the last Registry folder related to SAntivirus – \Device\HarddiskVolume5\Program Files (x86)\Segurazo\SegurazoUninstaller.exe, and delete that folder.
  11. Go back to the top in the left panel and click on Computer. Then open the search window again and perform one final search for Segurazo and then for SAntivirus to make sure that there’s nothing left in the Registry with those names. In case anything is found, delete it and then close the Registry.
  • Step 4
  1. Return to the folder of SAntivirus/Segurazo ((C:)/Program Files (x86)/Segurazo) and copy the folder path from the address bar at the top.
    5 3
  2. On a piece of paper, write the exact names of the files that are left in the folder – the ones you weren’t able to delete earlier – you will need those names in a moment.
  3. Start the Task Manager by pressing the Ctrl, Shift, and Esc keys at the same time and go to the Processes tab.
  4. There, right-click on the File Explorer process and then click on End Task.
  5. Type cmd in the search box under the Start Menu and right-click on the icon named cmd.exe (should be the first result).
  6. Click on Run as administrator and when asked if you are sure you wish to allow the program to make changes in the PC, select Yes.
    4 5
  7. When the Command Prompt window opens, type del /f *filename* in it, but replace “*filename*” with the folder path for the Segurazo folder that you copied in the first step and then type one of the filenames that you wrote down in step 2.
    • Pasting copied text in the Command Prompt is a bit different – you must click on the title bar of the Command Prompt’s window, click on/hover your mouse over Edit, and select Paste.
      6 4
    • The following are examples of what the final command should look like with the file path and name before you execute it:
      • del /f C:\Program Files (x86)\Segurazo\SegurazoShell64_v1069.dll
      • del /f C:\Program Files (x86)\Segurazo\SegurazoKD.sys.
        Important!: remember to include the spaces between “del“, “/f“, and “C:” while typing the commands.
        7 3
  8. Once you’ve typed the command with the name of the first file, press Enter to execute it.
  9. When the command completes, type it again with the name of the next file and execute it.
  10. Lastly, go to the Segurazo/Santivirus folder and delete the folder now that there are no more files left in it.
  • Step 5

After you have completed the previous steps, the unwanted software should be gone from your PC. However, SAntivirus may have made certain changes in your browser and may have even installed adware or browser hijackers in it. Therefore, it is important to check all of your browsers for unwanted changes and revoke those changes as well as clear the browsing data to ensure that there’s nothing left from SAntivirus in them.

Instructions for any browser

  1. Right-click on the icon of your main browser and select Properties.
    browser-hijacker-taskbar-properties
  2. Open the Shortcut tab and click in the Target field. If there’s anything written in it after “.exe“, delete what’s written there and select OK.
    Browser Hijacker Removal Instructions
  3. Perform the previous two steps for all other browsers on your computer (if you have more than one browser).

Browser-specific instructions:

The following steps are specific to each browser – we will show you how to clean Chrome, IE, and Firefox. However, even if you have another browser on your PC, cleaning it should be very similar so be sure to do it.

ie9-10_512x512Remove SAntivirus from Internet Explorer:

  1. Select the Gear button IE GEAR in IE and go to Manage add-ons.
    pic 3
  2. In the Add-ons page, look for extensions that you do not remember adding to IE yourself or that look unwanted or unneeded and delete them by clicking on their Remove button.
  3. Open the IE menu again (gear icon), select Internet Options, and pay attention to the URL address in the homepage field. If it is one that you think has been added by SAntivirus or another unwanted program, change it to a homepage address that’s from a site you want to be the homepage of your browser.
  4. Click on Apply to save the settings changes.

firefox-512Remove SAntivirus from Firefox:

  1. In Firefox, select the three parallel lines icon in the top-right mozilla menu, go to Add-ons, and then open Extensions
  2.  From the extensions page of Firefox, delete the ones that seem related to SAntivirus and/or that may have been added to the browser by it without your permission. Also, delete any other browser extensions that are unneeded or unwanted so that you are left only with the ones that you actually want to have in the browser.
    pic 6
  3. From the Firefox menu, click on Options, type Clear in the search field in the Options page, and click on Clear Data.
  4. Make sure that both checkboxes have ticks in them and then select Clear and wait for the browser data to be cleared.

chrome-logo-transparent-backgroundRemove SAntvirus from Chrome:

  1. Click on the icon with three dots in the upper-right corner of the Chrome window and go to More Tools > Extensions.
  2. Do the same as with the previous two browsers, deleting any unwanted extensions from Chrome.
  3. Exit the browser and go to the following folder C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/UserData.
  4. In that folder, rename the Default folder to Backup Default and restart your computer.
    Rename the Folder to Backup Default
  5. When your PC starts again, start Chrome, open its menu again, and select Settings.
  6. In the Settings page, click in the search field, type Clear, and click on Clear Browsing Data from the results.
  7. Put ticks in all the boxes except Passwords and Auto-fill data and select Clear Data – if your browsing data hasn’t been cleared recently, this process may take a while so be patient and don’t quit the browser until it is finished.

If the steps from this guide didn’t delete all traces of SAntivirus, you can try using the advanced removal tool we’ve included in this article. We strongly recommend it for users who need quick and easy removal of all kinds of unwanted software and malware. Additionally, it will help keep your system secured and protected against incoming threats in the future.

blank

About the author

blank

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

1 Comment

  • Hi,

    I was attacked by this virus today. I have been trying to clear this from my system using your super helpful guide. But I see some of the residue of the folder (SAntivirus) in HKEY_LOCAL_MACHINE and I a, not able to delete it. Please help asap.

Leave a Comment