Remove Green AV, GreenAV removal help
By Luciana on August 28, 2009 | Rogue Antispyware, Green AV, GreenAV, Green Antivirus 2009
Green AV is an updated version of Green Antivirus 2009 fraud. GreenAV presents itself as virus remover while it’s actually a poorly disguised computer infection.
Green AV is installed by trojans and it may download additional malware or make the system vulnerable to future infections. Once it gets on board a computer, GreenAV starts generating fabricated security alerts. The misleading warnings are meant to trick users into buying full version of the program. Do not trust messages displayed by Green AV! The paid version doesn’t exist and there’s no chance to get a refund since GreenAV is a scam.
Green AV websites
green-av.comgreen-av-pro.com Learn how to block rogue websites
New processes created
wtds05.exewsav.exe
mwrdll.exe
rwg.exe Learn how to remove malicious processes
New Green AV registry entries created
HKEY_CURRENT_USER\Software\GAVHKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
HKEY_CLASSES_ROOT\AppID\WStech.DLL
HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
HKEY_CLASSES_ROOT\WStech.WStechB
HKEY_CLASSES_ROOT\WStech.WStechB.1
HKEY_LOCAL_MACHINE\SOFTWARE\GAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanServer\Shares\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} "NoExplorer"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "03874569874596"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "37465982736455" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Application Data\gwr\c:\Documents and Settings\All Users\Application Data\gwr\mwrdll.exe
c:\Documents and Settings\All Users\Application Data\gwr\rwg.exe
c:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat
c:\Documents and Settings\All Users\Application Data\gwr\wsav.exe
c:\Documents and Settings\All Users\Application Data\gwr\WStech.dll
c:\Documents and Settings\All Users\Application Data\gwr\wtds05.exe
c:\Documents and Settings\All Users\Desktop\ Green AV .lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Green AV
c:\Documents and Settings\All Users\Start Menu\Programs\Green AV\ Green AV .lnk Learn how to unregister malicious DLL files
How to remove Green AV
To remove Green AV manually you must block rogue Green AV related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Green AV files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.
Scan your computer
More Rogue Antispyware news
Delete Windows Safety Maintenance fraud
Windows Safety Maintenance is a rogue anti-spyware program which spreads via trojan. Once the trojan is released Windows Safety Maintenance stars fake scans and shows fraudulent results. It puts many efforts in trying to trick user into believing their PC is infected. Read more.- System Protection Tools removal guide
- Windows Multi Control System uninstall guide
- How to remove Antispyware Pro 2012 fraud?
- Windows Advanced Security Center removal steps
- Windows Private Shield removal steps
- How to remove Windows Pro Safety fraud?
- Windows Pro Safety Release removal guide
- Delete Windows Safeguard Upgrade malware
- Windows Secure Surfer uninstall steps
- Windows Be-on-Guard Edition uninstall steps
