Rogue software details: Security Antivirus
Security Antivirus is a rogue security application. In order to remove it, find out what files and registry entries to look for below.
Known system changes:
Files
c:\Allusersprofile\Application Data\d[random name]\
SA[random name].exe
c:\Desktop\Security Antivirus.lnk
c:\StartMenu\Security Antivirus.lnk
c:\StartMenu\Programs\Security Antivirus.lnk
c:\StartMenu\Program\Security Antivirus.lnk
Folders
c:\ApplicationData\Security Antivirus
Registry entries
The rogue will add hundreds of new keys within this registrykey:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\XXX
Source: Lavasoft Malware Lab’s Rogue Gallery.