Author Topic: Can't remove Segorazo Anti Virus II and is there a way to block it?  (Read 314 times)

0 Members and 1 Guest are viewing this topic.

Offline ineuw01

  • Newbie
  • *
  • Posts: 14
I was hit with this virus some weeks ago, (Windows 10) and tried to remove it with Revo Uninstaller but it didn't work. So, rebooted into Safe mode and deleted all files manually. To find all folders and files related to Segorazo, I used the free app "Everything".

What I don't understand is why did Avast not block this software?

Offline polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 31949
  • malware fighter
Re: Can't remove Segorazo Anti Virus II and is there a way to block it?
« Reply #1 on: November 19, 2019, 11:23:07 PM »
Most anti-virus solutions consider SEGURAZO Anti Virus II as a so-called PUP, a potentially unwanted program,
also avast that then detects it when run into PUP-mode.

It is advised to get the last remnants of this unwanted half-baked av tool off, using MBAM,
after a run of Open Geek Uninstaller.

But I understood you already performed the uninstall procedure.

Sometimes Segurazo comes in piggibacking on malware so an additional malware scan could also be advisable.

Wait for a qualified malware remover here to come and assist you, whenever you need assistance.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ineuw01

  • Newbie
  • *
  • Posts: 14
Re: Can't remove Segurazo Anti Virus II and is there a way to block it?
« Reply #2 on: November 20, 2019, 12:14:15 AM »
@polonus, thanks for supplying additional software names. AdwareCleaner and MBAM found nothing after I removed Segurazo. Piggybacking is the reason why I asked if there is a way identify and block the app that carried Segurazo.


Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2704
  • Volunteer
Re: Can't remove Segorazo Anti Virus II and is there a way to block it?
« Reply #3 on: November 20, 2019, 12:33:07 AM »
Can you post your MBAM/Adwcleaner logs here? Also, please run the FRST scan found here.

https://forum.avast.com/index.php?topic=194892.0
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline ineuw01

  • Newbie
  • *
  • Posts: 14
Re: Can't remove Segorazo Anti Virus II and is there a way to block it?
« Reply #4 on: November 20, 2019, 02:20:22 AM »
Polonus attached are the requested reports. Pls, let me know what is the status.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2704
  • Volunteer
Re: Can't remove Segorazo Anti Virus II and is there a way to block it?
« Reply #5 on: November 20, 2019, 04:27:54 AM »
I'm not your expert (I'm not certified in Malware Removal).

>> 2019-11-18 19:40 - 2019-11-18 19:40 - 000020298 _____ C:\Users\ineuw\Documents\Vivaldi Passwords.csv

Edit: Derp - is this a plain text CSV that you've chosen to import into Vivi? If so, remove the CSV file, no need to keep it around. If it's been generated by the application, it's encrypted, right? If not, get rid of it and drop the program.
« Last Edit: November 20, 2019, 04:29:46 AM by Michael (alan1998) »
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline ineuw01

  • Newbie
  • *
  • Posts: 14
Re: Can't remove Segorazo Anti Virus II and is there a way to block it?
« Reply #6 on: November 20, 2019, 04:30:47 AM »
I am sure that Windows and files are clean. I use Keepass.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 767
Re: Can't remove Segorazo Anti Virus II and is there a way to block it?
« Reply #7 on: November 20, 2019, 07:52:30 PM »
Can you make screenshot of that Segorazo?


  • Open Notepad (click Start button -> type notepad.exe -> press Enter)
  • Copy text from code block below and paste it into Notepad
Code: [Select]
cmd: type C:\Users\ineuw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startuporder.bat
  • Go to File -> Save As
  • Make sure that  UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.