Rogue software details: Security Antivirus

Security Antivirus is a rogue security application. In order to remove it, find out what files and registry entries to look for below.

Known system changes:

Files
c:\Allusersprofile\Application Data\d[random name]\
SA[random name].exe
c:\Desktop\Security Antivirus.lnk
c:\StartMenu\Security Antivirus.lnk
c:\StartMenu\Programs\Security Antivirus.lnk
c:\StartMenu\Program\Security Antivirus.lnk

Folders
c:\ApplicationData\Security Antivirus

Registry entries
The rogue will add hundreds of new keys within this registrykey:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\XXX

Source: Lavasoft Malware Lab’s Rogue Gallery.