Home » News » Rogue Antispyware » Remove CleanUp Antivirus, CleanUp Antivirus Removal

Remove CleanUp Antivirus, CleanUp Antivirus Removal

By Gina on March 8, 2010 | Rogue Antispyware Remove CleanUp Antivirus, CleanUp Antivirus Removal

CleanUp Antivirus is not a real security program. The application is a fraud made to look like a system protection software in order to make the user purchase CleanUp Antivirus. The malware spreads online and infects poorly protected computers. CleanUp Antivirus is distributed with the help of trojans which download and install the application without the user's permission. It may also be downloaded voluntarily from fake online-scanner websites or those promoting CleanUp Antivirus as a reputable security software.

It is very important that you don't allow this program to access your computer. In order to do so you must either obtain a trustworthy security tool or beware of any applications related to CleanUp Antivirus. However, the last option does not guarantee complete security as is does not protect your system against trojans. Surfing the web with an unprotected computer might be risky and is not recommended. Online security authorities strongly advise internet users to acquire real protection programs in order t ovoid billions of online security threats. Anyhow, if you already have CleanUp Antivirus inside your computer and need to get rid of it, the instructions on how to do this are listed bellow.

New processes created

PE.exe
grid.exe
CU345d.exe Learn how to remove malicious processes

New CleanUp Antivirus registry entries created

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\CU345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Library1.00195"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CleanUp Antivirus"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries

New files and directories created

c:\Documents and Settings\All Users\Application Data\345d567\
c:\Documents and Settings\All Users\Application Data\345d567\46.mof
c:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\CUA.ico
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
c:\Documents and Settings\All Users\Application Data\345d567\CUASys\
c:\Documents and Settings\All Users\Application Data\345d567\CUASys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
c:\Documents and Settings\All Users\Application Data\CUCAISTUA\
c:\Documents and Settings\All Users\Application Data\CUCAISTUA\CUEWA.cfg
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
%UserProfile%\Application Data\CleanUp Antivirus
%UserProfile%\Application Data\CleanUp Antivirus\cookies.sqlite
%UserProfile%\Application Data\CleanUp Antivirus\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
%UserProfile%\Desktop\CleanUp Antivirus.lnk
%UserProfile%\Recent\cb.tmp
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.dll
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\FS.dll
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\pal.drv
%UserProfile%\Recent\pal.tmp
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\tempdoc.drv
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\CleanUp Antivirus.lnk
%UserProfile%\Start Menu\Programs\CleanUp Antivirus.lnk Learn how to unregister malicious DLL files

How to remove CleanUp Antivirus

To remove CleanUp Antivirus manually you must block rogue CleanUp Antivirus related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious CleanUp Antivirus files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.

Scan your computer

More Rogue Antispyware news

Remove AV Pipeline, AV Pipeline removal

AV Pipeline is a fake anti-spyware application which enters the system via trojan horse. Trojan comes to your computer via its vulnerabilities and makes a perfect background for parasites to sneak. It downloads and installs automatically without user’s knowledge and consent. Once active it imitates computer scans and shows numerous security alerts and fake warning messages that state about computer infections. Read more.


News categories

Latest news