Geek's Advice

SAntivirus Realtime Protection Lite is basically Segurazo

SAntivirus Realtime Protection Lite (previously known as SEGURAZO) is a fake antivirus that acts as a persistent threat. The program often enters the system alongside other downloads and then “scans” the system only to deliver a variety of false positive results. The only aim of the program is to convince the user to purchase its license key.

The program causes extreme annoyance for computer users as it cannot be uninstalled like any regular program due to its trickeries to stay on the infected host. Besides, since it spreads alongside low-reputation programs such as miners or fake browsers, it slows down the computer system significantly.

This guide explains how to uninstall SAntivirus manually, step-by-step. We can firmly state that this is unique and the most detailed guide for home users.

Previously known as Segurazo Antivirus, the operators behind this unwanted software began its distribution campaign in 2019. However, in 2020 it has changed its name to SAntivirus Realtime Protection Lite. It is believed this was done due to a rising users’ dissatisfaction as well as low reputation of the software (there are hundreds of user-created topics questioning how to remove this fake antivirus from their computers on forums like Reddit).

As mentioned earlier, users find it impossible to uninstall the program via Control Panel or Apps and Features. Moreover, some victims claim that it makes the whole SAntivirus removal process even harder. It is clear that the software tends to root deeply into the system to prevent its elimination. This definitely signals that the program should be trusted and must be removed from the system as soon as possible.

Threat Summary

Name	SAntivirus Realtime Protection Lite
Also known as	Segurazo Antivirus
Type	Potentially Unwanted Program (PUP)
Associated files	SAntivirusService.exe, SAntivirusIC.exe, SAntivirusKD.sys, santivirusclient.exe, SetupS.exe, SAntivirusUninstaller.exe and many others
Detection names	PUA:Win32/Vigua.A (Microsoft)
Activity	Displays fake scan results full of false positives, suggests purchasing its license key to fix non-existent computer issues
Problems	The software is hard to remove – manual uninstall requires deleting its components from Windows Registry and restoring modified values back to default.
Distribution	The software is mainly distributed in software bundles.
Removal	Remove SAntivirus using free instructions provided below, or use RESTORO to remove damage to Windows OS.
Useful details	To ensure safe removal of the unwanted software, we HIGHLY recommend disabling Network Connection and booting your PC in Safe Mode.

Distribution of the fake antivirus

The most suspicious fact about SAntivirus (Segurazo) mainly spreads in software bundles and not via its official website. We have investigated users’ feedback online and have discovered that this program mainly spread via general software download websites, outdated and no longer supported software and old game downloads or ROMs. Some of the programs that users claim to be spreading Segurazo via their installers are:

• NOX Player app;
• VirtualDub;
• various abandonware (outdated and old game downloads) and other sources.

It is also worth mentioning that users who have installed this fake antivirus often report founding versions of Chromium virus installed on their systems. Therefore, we strongly recommend you to check for it as well.

Please share how you downloaded this program in the comments below. This will help others from getting caught in the same trap again.

Remove SAntivirus Realtime Protection Lite (SEGURAZO)

This guide explains how to remove SAntivirus Realtime Protection Lite yourself (without using any tools or software). Please understand that deleting this fake antivirus from your computer requires some time and patience, so if you rather delete it automatically, consider downloading RESTORO.

Now, there are two essential things you need to know in order to complete the program’s removal successfully. First, you need to boot your PC in Safe Mode.

If you do not want to boot your PC in Safe Mode, you must disable network connection first. We will explain how to do everything in this detailed tutorial.

Step 1. Disable Network Connection

Please disable network connection before you begin removing SAntivirus Realtime Protection Lite. Ideally, keep this tutorial opened in a separate window during the unwanted program removal procedure.

We suggest disabling in via Windows Network and Sharing Center as explained below. An alternative way to disable Network Connection is to boot in Safe Mode.

1. Right-click Windows icon in the taskbar and choose Control Panel.
2. Go to Network and Internet > Network and Sharing Center.
3. Click Change adapter settings (on the left pane). Here, right-click on your Ethernet and/or Wi-Fi connection and choose Disable.
4. Now, continue following the removal instructions provided in this tutorial.

If you find that you still can’t delete some unwanted folders and files after disabling network connection, then try booting in SAFE MODE as explained here (includes guide to booting in normal mode as well) and then delete the residue of the unwanted program.

Step 2. Set EnableLUA key value to 0

Users have reported that temporarily disabling User Account Control via Windows Registry helped them to remove stubborn Segurazo folders that couldn’t been removed in a simple way. Please note that disabling UAC is a temporary measure and after performing SAntivirus removal, you should repeat these steps, reverting the EnableLUA value back to 1 (true) value.

1. Press Windows key + R to open Run prompt.
2. Type regedit and press Enter.
3. Use the navigation panel on the left to find the following folder and key.
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
   Please note that you should double-click on System folder and then look on the right pane to find EnableLUA key.
4. Double-click EnableLua key and set its value to 0. This will bypass UAC windows when deleting SAntivirus files.
   

Step 3. Use SAntivirus Uninstaller

Now that Network Connection is disabled, you can run SAntivirus Realtime Protection Lite Uninstaller. It will help to get rid of PART of files. However, we will explain how to perform a manual computer cleanup of Segurazo remains in Windows later. Here’s what you need to do:

1. First, kill SAntivirus proccesses via Windows Task Manager. Press down CTRL+ALT-DEL and choose Task Manager. Here, choose end task for these processes:
   SAntivirusClient;
   SAntivirus IC;
   A n t i v i r u s S e r v i c e;
   Other program-related processes, if you find any.
   
2. Now, right-click on Windows icon in the taskbar and open Control Panel.
3. Now, open File Explorer and go to:
   This PC > Local Disk (C:) > Program Files (x86) > Digital Communications > SAntivirus.
4. Here, double-click to launch SAntivirusUninstaller.exe.
5. The uninstaller will display a prompt saying, “You still have an active subscription.” Click REMOVE PROTECTION to proceed.
6. Now, the uninstaller will ask to restart your computer. Click RESTART LATER.
   
7. Now, go back to Digital Communications folder, right-click on SAntivirus folder and choose Delete. Click Yes to confirm.
8. Folder Access Denied window should appear. Click Continue.

If any files will be left, we will delete them later via CMD.

Step 4. Clean Windows Registry from SAntivirus/Segurazo remains

In this part, we will clean Windows Registry from keys and values associated with SAntivirus Realtime Protection Lite (widely known as Segurazo).

In order to remove SAntivirus Realtime Protection Lite remains from your computer’s registry, we will need to navigate through the registry by expanding folders in given order. Please be extremely careful and double-check what you’re deleting before doing so. Incorrect removal of keys can mess up your computer. In addition, consider backing up registry first.

TIP #1. We strongly suggest dragging the required columns in the Registry (such as name) to expand them so that you can see the key/value names clearly.

TIP #2. You can easily copy and paste given navigation route to the navigation bar in the Windows registry and press Enter to access specific folder faster. Or, you can expand each folder by hand.

TIP #3. If you find that you cannot delete certain values in the registry, simply right-click the key and choose Permissions. Then tap on Administrator, and put a check on Read&Write. Then click Apply and OK. You can see an example below.

Now that you have read all three tips, you can start deleting unwanted values from Windows Registry to completely get rid of SAntivirus Realtime Protection Lite.

1. Launch Regedit by pressing Windows key + R and then type regedit into it. Press OK.
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Here, you should find AT LEAST four keys belonging to SAntivirus. If you find any more, or ones called with Segurazo name, delete them as well. Right-click each of them and choose Delete:
   1. santivirusclient_RASAPI32;
      
   2. santivirusclient_RASMANCS;
      
   3. SAntivirusService_RASAPI32;
      
   4. SAntivirusService_RASMANCS.

   
   

3. Now, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE and delete the following keys:
   
   1. SAntivirus;
      
   2. SAantivirusProduct.

   

4. Next, go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ and delete SAntivirus key here.
   
5. Now, go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\ and delete key named SAntivirus here as well.
   
6. Next, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows and delete SAntivirus key here.
7. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES. Here, delete the following keys:
   1. 1. SAntivirusIC;
      2. SAntivirusKD;
      3. SAntivirusSyc.

   

8. Next, expand the folders in the given order:
   HKEY_LOCAL_MACHINE\SOFTWARE\
   In this section, find SAntivirus and SegOption keys, right-click on them and choose Delete.
   
9. Now, go to HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\ and find key named SAntivirusShellExtension.FileContextMenuExt. Right-click on it and choose Delete.
10. Now, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SYSTEMFILEASSOCIATIONS\*\SHELLEX\CONTEXTMENUHANDLERS\ and delete SAntivirusShellExtension.FileContextMenuExt here.
11. Now, we are going to search for components marked with CLDID associated with SAntivirus, and delete them. That said, click on Computer folder (in the very beginning of the Registry). This helps to start the search function from the beginning of Registry. Click Edit > Find, and paste the given value here –

    7784BE7F-A15C-4A41-ACF5-4CC020154952
    

    Then press Enter.
    You will need to delete the detected keys (on the left side of the Registry) or value on the right side. To find next value, click Edit>Find Next. You should delete the following components:

    1. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{7784BE7F-A15C-4A41-ACF5-4CC020154952};
    2. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{7784BE7F-A15C-4A41-ACF5-4CC020154952}\InprocServer32;
    3. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7784BE7F-A15C-4A41-ACF5-4CC020154952};
    4. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7784BE7F-A15C-4A41-ACF5-4CC020154952}\InprocServer32;
    5. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7784BE7F-A15C-4A41-ACF5-4CC020154952};
    6. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7784BE7F-A15C-4A41-ACF5-4CC020154952}\InprocServer32.
12. Finally, we suggest re-running Registry search via Edit>Find to detect any values related to SAntivirus and Segurazo names. Examples of values you might have to delete:
    \Device\HarddiskVolume5\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusClient.exe;
    \Device\HarddiskVolume5\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe;
    \Device\HarddiskVolume5\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe and similar. You can see an example on how to delete value using Segurazo name:
    
13. Now, run Edit>Find search for a value called SInspector.dll. The full name of it should be \Device\HarddiskVolume5\Program Files (x86)\Digital Communications\SAntivirus\SInspector.dll. Of course, you should delete it.
14. Finally, go to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager and check the Data field in PendingFileNameOperations value. If it has anything to do with SAntivirus or Segurazo, delete the value. Example is shown below.
    

The SAntivirus Realtime Protection Lite removal from Windows registry should now be complete. Next, we are going to delete any remaining values from the computer using Command Prompt.

Step 5. Force delete leftover files in the installation folder

1. Before you begin, you need to copy the path to the installation folder files that refused to be deleted earlier. Here is an example on how you can copy it:
   Tip. Write down the names of files that you can’t delete from this folder for further use. The names might slightly differ from ours.
2. After copying the path, press CTRL+ALT+DEL and open Windows Task Manager. Here, select File Explorer and choose End Task.
3. Now, use Windows search to find cmd. Right-click the Command Prompt result and choose to Run as Administrator. Click Yes to confirm.
   
4. In Command Prompt, type del /f <filename> but instead of <filename>, paste the path you copied earlier, then add one file name that didn’t delete earlier.  Press Enter to execute the command, and repeat this command using different filenames you wrote down earlier from the installation folder.
   Some example of commands we entered to force delete remaining files:
   del /f C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusShell64_v1069.dll
   del /f C:\Program Files (x86)\Digital Communication\SAntivirus\SAntivirusKD.sys.
5. Following that, you can go back to C:\Program Files (x86) and delete Digital Communications folder.
6. To finalise the removal, go to desktop, right-click Recycle bin and choose Empty Recycle bin. This wipes out all deleted files from the system for good.

By now, you should have removed all remains of Santivirus (Segurazo). However, if you’d rather opt for automatic removal of it, or if you’d like to double-check your system and perform PC repair, we suggest downloading RESTORO for this matter.

OUR GEEKS RECOMMEND

Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.