Today let us introduce one of the latest creations in the world of rogue antispyware applications. Its name is Ghost Antivirus. Like a real ghost this infections sneaks easily into your computer and scare you into death. This nasty software is promoted by Trojans that help Ghost Antivirus worm into victims computers and start its destroying work there. Once inside, Ghost Antivirus will begin scanning for different infections. Indeed, all the threats it shows were made up by badware itself and must not be trust in. Ghost Antivirus will never let you remove infections it has detected without special license from their official website. This all is done only for purpose: to scare and influence users to spend their money on absolutely worthless products. Another nasty action from Ghost Antivirus is sending buzz and annoying pop-ups stating about computer’s extremely low security level, about the usefulness of license purchasing, or about new malicious file was detected. Most of notifications consist of the following:
Your PC is still infected with dangerous viruses. It is strongly recommended to activate antivirus protection to prevent data loss and to avoid the theft of your credit card details. Click here to activate protection. Harmfull and malicious software detected Online scanner detected programs that might compromise your privacy or damage your computer
Such bogus notifications, like fake scan results are a part of nasty strategy that all rogue antispyware software promote in their perilous activity. What is more is that very probably you are going to face problems with your Internet usage. The deal is Ghost Antivirus is going to hijack your browser and control your world web traffic. This gives it a chance to prevent itself from being detected with security web pages. Please note that Ghost Antivirus is only pretends to be security tool, but indeed it is just a simple misleading rogue application that has nothing to do with computer protection.
Your PC is still infected with dangerous viruses. It is strongly recommended to activate antivirus protection to prevent data loss and to avoid the theft of your credit card details. Click here to activate protection. Harmfull and malicious software detected Online scanner detected programs that might compromise your privacy or damage your computer
Such bogus notifications, like fake scan results are a part of nasty strategy that all rogue antispyware software promote in their perilous activity. What is more is that very probably you are going to face problems with your Internet usage. The deal is Ghost Antivirus is going to hijack your browser and control your world web traffic. This gives it a chance to prevent itself from being detected with security web pages. Please note that Ghost Antivirus is only pretends to be security tool, but indeed it is just a simple misleading rogue application that has nothing to do with computer protection.
Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:
How to remove Ghost Antivirus manually:
It's possible to remove Ghost Antivirus manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
%Program Files%\Ghost Antivirus\
%Program Files%\Ghost Antivirus\ghostav.exe
%Program Files%\Ghost Antivirus\register.ico
%Program Files%\Ghost Antivirus\unins000.dat
%Program Files%\Ghost Antivirus\uninst.ico
%Program Files%\Ghost Antivirus\web.ico
%Program Files%\Ghost Antivirus\working.log
%Program Files%\Ghost Antivirus\Languages\
%Program Files%\Ghost Antivirus\lib\
%Program Files%\Ghost Antivirus\lib\ghost.sql
%Program Files%\Ghost Antivirus\lib\Infected.wav
%Program Files%\Ghost Antivirus\lib\listing.cfg
%Program Files%\Ghost Antivirus\lib\version.db
%Program Files%\Ghost Antivirus\lib\WMILib.dll
%WINDOWS%\System32\[random symbols].dll
%Documents and Settings%\All Users\Desktop\Ghost Antivirus.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\
%Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk
%Documents and Settings%\All Users\Application Data\Ghost Antivirus\
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\settings.ini
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\uill.ini
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\unins000.exe
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\links.txt
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\properties
%Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\times.conf
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%Documents and Settings%\[User Name]\Local Settings\Application Data\Microsoft\Windows\services.exe
[random symbols]onin.exe
Remove registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ghost Antivirus_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “%Program Files%\Ghost Antivirus\”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “onin”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Ghost Antivirus”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “3P_UDEC”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent “URIAPRO[1.1.3.9]“
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “RealLogonType” = “1″
Please be careful because manual removal of Ghost Antivirus may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “%Program Files%\Ghost Antivirus\”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “onin”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Ghost Antivirus”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “3P_UDEC”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent “URIAPRO[1.1.3.9]“
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “RealLogonType” = “1″
No comments:
Post a Comment