Green AV
August 28, 2009 Threat level:
(7 / 10)
Green AV description
Green AV is an updated version of Green Antivirus 2009 fraud. GreenAV presents itself as virus remover while it’s actually a poorly disguised computer infection.
Green AV is installed by trojans and it may download additional malware or make the system vulnerable to future infections. Once it gets on board a computer, GreenAV starts generating fabricated security alerts. The misleading warnings are meant to trick users into buying full version of the program. Do not trust messages displayed by Green AV! The paid version doesn’t exist and there’s no chance to get a refund since GreenAV is a scam.
Green AV websites
green-av.comgreen-av-pro.com Learn how to block rogue websites
New processes created
wtds05.exewsav.exe
mwrdll.exe
rwg.exe Learn how to remove malicious processes
New Green AV registry entries created
HKEY_CURRENT_USER\Software\GAVHKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
HKEY_CLASSES_ROOT\AppID\WStech.DLL
HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
HKEY_CLASSES_ROOT\WStech.WStechB
HKEY_CLASSES_ROOT\WStech.WStechB.1
HKEY_LOCAL_MACHINE\SOFTWARE\GAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanServer\Shares\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} "NoExplorer"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "03874569874596"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "37465982736455" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Application Data\gwr\c:\Documents and Settings\All Users\Application Data\gwr\mwrdll.exe
c:\Documents and Settings\All Users\Application Data\gwr\rwg.exe
c:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat
c:\Documents and Settings\All Users\Application Data\gwr\wsav.exe
c:\Documents and Settings\All Users\Application Data\gwr\WStech.dll
c:\Documents and Settings\All Users\Application Data\gwr\wtds05.exe
c:\Documents and Settings\All Users\Desktop\ Green AV .lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Green AV
c:\Documents and Settings\All Users\Start Menu\Programs\Green AV\ Green AV .lnk Learn how to unregister malicious DLL files
How to remove Green AV
To remove Green AV manually you must block rogue Green AV related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Green AV files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.