Author Topic: Can't remove Segorazo Anti Virus (Read 5920 times)

mytimbuk2 · « **on:** July 16, 2019, 11:16:38 PM »

I have read through several different forums and tried multiple methods, including Running full scan with Malwarebytes, Microsoft, Hitmanpro, adwarecleaner... tried uninstalling through control panel, can't find Segorazo files via search, but I can see them withe the file path and cannot delete them. Tried to get into safe mode in windows 10 and no luck. What can I try next? Nothing shows up in the log files as they are all empty now when I scan. These cleaners apparently don't see these related files, unless they are in disguise...

mytimbuk2 · « **Reply #1 on:** July 17, 2019, 03:50:46 AM »

Here are the two requested logs from farbar. I ran Malwarebytes and it found nothing.

Sass Drake · « **Reply #2 on:** July 18, 2019, 01:49:19 AM »

Open Notepad (click Start button -> type notepad.exe -> press Enter)
Copy text from code block below and paste it into Notepad

Code: [Select]

"SegurazoIC" => service was unlocked. <==== ATTENTION
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4630632 2019-07-08] (Digital Communications Inc. -> Digital Communications Inc)
R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [249448 2019-07-08] (Digital Communications Inc. -> Digital Communications Inc)
R3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [132952 2019-02-19] (Rivet Networks LLC -> Rivet Networks, LLC.)
C:\Users\okcba\AppData\Roaming\segurazoclient
C:\ProgramData\Segurazo
C:\Program Files (x86)\Segurazo
C:\Windows\system32\DRIVERS\SmbCo10X64.sys
EmptyTemp:

Go to File -> Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

mytimbuk2 · « **Reply #3 on:** July 18, 2019, 04:42:03 AM »

I appreciate your response. In the meantime, Malwarebytes informed me that the free version had to manually update definitions.. after doing that, it recognized the culprit and removed it. Thanks again

cehisfun · « **Reply #4 on:** June 13, 2020, 12:10:25 PM »

I know that it can be found if you look for Digital Communication in the C:(x86) Program files. Then the subfile is SAntivirus.

Have it now and I'll gone into the Registry and you look for the SA, but after I found it, I can get rid of it, even as Administrator. $:-\$ there's got to be some way to do it.

polonus · « **Reply #5 on:** June 13, 2020, 07:47:29 PM »

Hi cehisfun,

Important to go into that registry without any Internet connection:

Quote

It is extremely important that you disable network connection before trying to remove SEGURAZO antivirus (2020). Otherwise, you might find that it is impossible to delete certain registry remains from your computer. As suggested by Roy Dale in the comments section, the virus sets HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current\Version\Policies\System\EnableLUA to 1. Therefore, you can bypass this either by changing the value to 0, or disabling Internet connection.

Info credits go to Norbert Webb.

So for the faint-of-heart I would advise to do it under guidance of a qualified malware remover as our Sass Drake here.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Pondus · « **Reply #6 on:** June 13, 2020, 11:56:47 PM »

Malwarebytes Removal instructions for Segurazo
https://forums.malwarebytes.com/topic/249582-removal-instructions-for-segurazo/

polonus · « **Reply #7 on:** June 14, 2020, 12:26:29 AM »

Thanks, Pondus, for mentioning these resources.

polonus