Can't remove Segorazo Anti Virus

I have read through several different forums and tried multiple methods, including Running full scan with Malwarebytes, Microsoft, Hitmanpro, adwarecleaner… tried uninstalling through control panel, can’t find Segorazo files via search, but I can see them withe the file path and cannot delete them. Tried to get into safe mode in windows 10 and no luck. What can I try next? Nothing shows up in the log files as they are all empty now when I scan. These cleaners apparently don’t see these related files, unless they are in disguise…

Here are the two requested logs from farbar. I ran Malwarebytes and it found nothing.

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
"SegurazoIC" => service was unlocked. <==== ATTENTION
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4630632 2019-07-08] (Digital Communications Inc. -> Digital Communications Inc)
R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [249448 2019-07-08] (Digital Communications Inc. -> Digital Communications Inc)
R3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [132952 2019-02-19] (Rivet Networks LLC -> Rivet Networks, LLC.)
C:\Users\okcba\AppData\Roaming\segurazoclient
C:\ProgramData\Segurazo
C:\Program Files (x86)\Segurazo
C:\Windows\system32\DRIVERS\SmbCo10X64.sys
EmptyTemp:
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

I appreciate your response. In the meantime, Malwarebytes informed me that the free version had to manually update definitions… after doing that, it recognized the culprit and removed it. Thanks again

I know that it can be found if you look for Digital Communication in the C:(x86) Program files. Then the subfile is SAntivirus. ::slight_smile:

Have it now and I’ll gone into the Registry and you look for the SA, but after I found it, I can get rid of it, even as Administrator. :-\ there’s got to be some way to do it.

Hi cehisfun,

Important to go into that registry without any Internet connection:

It is extremely important that you disable network connection before trying to remove SEGURAZO antivirus (2020). Otherwise, you might find that it is impossible to delete certain registry remains from your computer. As suggested by Roy Dale in the comments section, the virus sets HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current\Version\Policies\System\EnableLUA to 1. Therefore, you can bypass this either by changing the value to 0, or disabling Internet connection.
Info credits go to Norbert Webb.

So for the faint-of-heart I would advise to do it under guidance of a qualified malware remover as our Sass Drake here.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Malwarebytes Removal instructions for Segurazo
https://forums.malwarebytes.com/topic/249582-removal-instructions-for-segurazo/

Thanks, Pondus, for mentioning these resources. :wink:

polonus