Remove Ghost Antivirus

Ghost Antivirus is a malware tool designed to look like a computer security program. The software runs a fake security scan and prompts users to input a credit card in order to properly remove the threats from a system. Ghost Antivirus charges $94.95 for a full license; do not fall for this scam. The program seeks to prevent removal by disabling the Task Manager, and requires following the removal instructions below carefully in order to securely remove it from your system. The longer Ghost Antivirus remains on your computer, the more difficult it will be for manual removal since it installs additional malware over time. In addition, it generates random names for some of it files as another attempt to make removing it difficult. A screenshot of this fake security program is shown here:

Ghost Antivirus Screenshot
Automatic Ghost Antivirus removal:

Download Ghost Antivirus Remover

Ghost Antivirus Remover

Manual Ghost Antivirus removal:

Kill processes: ghostav.exe, unins000.exe, [variable]onin.exe, services.exe
(Learn how to kill processes)

Unregister DLLs:
C:\Program Files\Ghost Antivirus\lib\WMILib.dll
C:\Program Files\Ghost Antivirus\lib\ [variable].dll
(Learn how to unregister DLLs)

Delete registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ghost Antivirus_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “%Program Files%\Ghost Antivirus\”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “onin”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Ghost Antivirus”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “3P_UDEC”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent “URIAPRO[1.1.3.9]“
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “RealLogonType” = “1"
(Learn how to delete registry keys)

Delete files:
C:\Program Files\Ghost Antivirus\GhostAV.exe
C:\Program Files\Ghost Antivirus\register.ico
C:\Program Files\Ghost Antivirus\unins000.dat
C:\Program Files\Ghost Antivirus\uninst.ico
C:\Program Files\Ghost Antivirus\web.ico
C:\Program Files\Ghost Antivirus\working.log
C:\Program Files\Ghost Antivirus\lib\ghost.sql
C:\Program Files\Ghost Antivirus\lib\Infected.wav
C:\Program Files\Ghost Antivirus\lib\listing.cfg
C:\Program Files\Ghost Antivirus\lib\version.db
C:\Program Files\Ghost Antivirus\lib\WMILib.dll
C:\WINDOWS\system32\[variable].dll
C:\WINDOWS\system32\[variable].dll
C:\Documents and Settings\All Users\Desktop\Ghost Antivirus.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk
%UserProfile%\Application Data\Ghost Antivirus\settings.ini
%UserProfile%\Application Data\Ghost Antivirus\uill.ini
%UserProfile%\Application Data\Ghost Antivirus\unins000.exe
%UserProfile%\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk
%UserProfile%\Application Data\Ghost Antivirus\lib\links.txt
%UserProfile%\Application Data\Ghost Antivirus\lib\properties
%UserProfile%\Application Data\Ghost Antivirus\lib\times.conf
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
[variable path]\ [variable]onin.exe
(Learn how to delete files)

Delete folders:
C:\Program Files\Ghost Antivirus\
C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Antivirus\
C:\Documents and Settings\All Users\Application Data\Ghost Antivirus\
%UserProfile%\Application Data\Ghost Antivirus\

Once you have removed Ghost Antivirus from your computer using either the automatic or manual method, make sure to block it and other malicious software using a HOSTS file. Please note that with the auomatic method, your computer should be protected from future spyware threats since you now have a spyware blocker program installed. We recommend downloading the HOSTS file from here, which contains a complete, up-to-date list of malicious websites especially if you used the manual method.


If this article has helped you, please take this time to share it with Digg using the Digg button (see Digg share button to the left) or retweet it using Twitter (see retweet button to the left). You may also want to follow us on Twitter to keep up-to-date with the latest spyware prevention tips and spyware threats. If you'd rather follow us from your Facebook account, please join our Facebook fan page.

Recommended Spyware Blocker Download
January 16th, 2010 | Tags: , , , , | Category: Threats

What's your opinion?

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>