Security Antivirus Removal Guide

Security Antivirus is a rogue anti-virus program, even though the name suggests that it is real. Security Antivirus gains access the compromised computer with the help of Trojans and corrupt video codecs. Once active, Security Antivirus installs itself and changes the system registry to start automatically each time Windows launches. Security Antivirus runs a fake system scan of your computer, which produces false results to scare you into purchasing a useless rogue spyware remover.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
SA83b.exe
SA345d.exe

Unregister DLL Files
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\mozcrt19.dll

Delete Registry
HKEY_CLASSES_ROOT\ReleaseXP.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "986707143803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Antivirus"
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" ="http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"

Remove Folders and Files
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\mozcrt19.dll
%UserProfile%\Desktop\436.mof
%UserProfile%\Application Data\Security Antivirus
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
[System root]\Documents and Settings\All Users\Application Data\SAYSSSys
[System root]\Documents and Settings\All Users\Application Data\61a60