Home » News » Rogue Antispyware » Remove CleanUp Antivirus, CleanUp Antivirus Removal

Remove CleanUp Antivirus, CleanUp Antivirus Removal

By Gina on March 8, 2010 | Rogue Antispyware Remove CleanUp Antivirus, CleanUp Antivirus Removal

CleanUp Antivirus is not a real security program. The application is a fraud made to look like a system protection software in order to make the user purchase CleanUp Antivirus. The malware spreads online and infects poorly protected computers. CleanUp Antivirus is distributed with the help of trojans which download and install the application without the user's permission. It may also be downloaded voluntarily from fake online-scanner websites or those promoting CleanUp Antivirus as a reputable security software.

It is very important that you don't allow this program to access your computer. In order to do so you must either obtain a trustworthy security tool or beware of any applications related to CleanUp Antivirus. However, the last option does not guarantee complete security as is does not protect your system against trojans. Surfing the web with an unprotected computer might be risky and is not recommended. Online security authorities strongly advise internet users to acquire real protection programs in order t ovoid billions of online security threats. Anyhow, if you already have CleanUp Antivirus inside your computer and need to get rid of it, the instructions on how to do this are listed bellow.

New processes created

PE.exe
grid.exe
CU345d.exe Learn how to remove malicious processes

New CleanUp Antivirus registry entries created

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\CU345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Library1.00195"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CleanUp Antivirus"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries

New files and directories created

c:\Documents and Settings\All Users\Application Data\345d567\
c:\Documents and Settings\All Users\Application Data\345d567\46.mof
c:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\CUA.ico
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
c:\Documents and Settings\All Users\Application Data\345d567\CUASys\
c:\Documents and Settings\All Users\Application Data\345d567\CUASys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
c:\Documents and Settings\All Users\Application Data\CUCAISTUA\
c:\Documents and Settings\All Users\Application Data\CUCAISTUA\CUEWA.cfg
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
%UserProfile%\Application Data\CleanUp Antivirus
%UserProfile%\Application Data\CleanUp Antivirus\cookies.sqlite
%UserProfile%\Application Data\CleanUp Antivirus\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
%UserProfile%\Desktop\CleanUp Antivirus.lnk
%UserProfile%\Recent\cb.tmp
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.dll
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\FS.dll
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\pal.drv
%UserProfile%\Recent\pal.tmp
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\tempdoc.drv
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\CleanUp Antivirus.lnk
%UserProfile%\Start Menu\Programs\CleanUp Antivirus.lnk Learn how to unregister malicious DLL files

How to remove CleanUp Antivirus

To remove CleanUp Antivirus manually you must block rogue CleanUp Antivirus related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious CleanUp Antivirus files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.

Scan your computer

More Rogue Antispyware news

Remove Malware Protection Center fraud

Remove Malware Protection Center fraud

Malware Protection Center is designed to look like a decent security program but the looks are deceiving. The tool is actually malicious and fraudulent. If Malware Protection Center reports "infections" on a screen of your PC, it’s Malware Protection Center itself that should be deleted with no hesitation.Malware Protection Center is quite pesky as it loads enormous amounts of counterfeit security alerts. Read more.


News categories

Latest news