How to Remove
   Leading Windows Vista Repair Site on the Web!

www.PCNinja.com securitytoolremoval.net Virus Removal www.smitfraud.net Windows 7
Top Virus Threats

Do You Need Help?

http://www.pcninja.com/ can 100% remove all viruses and spyware online for you. The cost is low and they work fast.

 

Remove Green AV | Green AV Removal

Having Trouble removing Green AV?
Try Spyware Doctor With Antivirus » Download

If you find the removal guide below too hard to follow or just want an expert to remove this for you then consider http://www.pcninja.com/. They are a great company and I know you will be taken care of. It's a very fast way to repair your computer with out you having to do anything.

Special thanks goes to this http://www.removevirus.org/remove-green-av article.

remove Green AV

Green AV Removal Software » Download

What is Green AV?

Green AV is a misleading security client. This program shows false and exaggerated scan results. Once a system is infected the user will notice this program running scans, showing messages about the computer being infected and other symptoms like the browser being re-directed to a sales page for this software.

Make no mistake this is a scam product. The goal of the person who infected you is to scare or trick the user into making a purchase of the program.

How did I get infected with Green AV?

From our testing Green AV has to be manually installed. While this may not always be the case we could not find any source that caused this program to auto install. Many times programs like this get installed by mistake. The user thinks they are installing a video codec or player update and only after the install of the program do they realize they installed a rouge security client. We do recommend Spyware doctor with Antivirus. You can » download the free trial here.

How to Remove Green AV?

Here are the steps we used to remove Green AV from a test computer. Please note that traces will change and mutate. Most of the time it will be similar in nature so the average computer user should be able to figure out what changed. If you are in doubt then just run a full scan with Spyware doctor with Antivirus to see the latest traces of this.

Open up the Windows Task Manager ( ctl+alt+del) now stop and end the following processes.

  • gav.exe
  • rwg.exe  ( This is the latest trace we picked up )  Most likely only one of these processes are running.

These traces will vary. If none of them are currently running then you need to run a scan to find out what these running processes are. Spyware Doctor with Antivirus will be able to pick up this trace so you should run a scan with that.

Now find and delete the Windows Defender trace files..

  • rwg.exe
  • gav.exe
  • C:\Documents and Settings\YOUR USER ACCOUNT\Application Data\Mozilla\Firefox\Profiles\vmax0exd.default\gsl.dll ( Firefox users only )
  • uninstall.exe
  • mgrdll.exe
  • mwrdll.exe
  • rwg.exe v
  • iruses.dat
  • wsav.exe
  • wstech.dll
  • wtds05.exe

Often times these files will be in the below directories

  • C:\Program Files\Documents and Settings\All Users\Application Data\GAV
  • C:\Documents and Settings\All Users\Application Data\gwr\
  • C:\Program Files\GAV
  • C:\Documents and Settings\All Users\Start Menu\Programs\Green  AV

This root file may change over time but it will be similar in name. Delete everything in the folder. Then delete the folder. If a process is still running you may need to end it again. If you can't then try to re-name the file and delete the next time we re-boot.

The harder part. We need to remove the registry keys.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5dbd8cb-df8a-4992-a655-b155216f6afb}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\03874569874596
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\37465982736455
  • HKEY_CURRENT_USER\Software\GAV
  • HKEY_CLASSES_ROOT\AppID\WStech.DLL
  • HKEY_CLASSES_ROOT\WStech.WStechB
  • HKEY_CLASSES_ROOT\WStech.WStechB.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\GAV

We do recommend you run a full scan using Spyware Doctor with Antivirus » download. Even if you do not intend on purchasing the product it will help to stop the virus from re-installing and re-activating while you manually remove the rest of the traces. Also it will inform you of any new changes to the file names. You may need this if it mutates.

That should do it. This worked very well for us. If you are having a ton of trouble the consider hiring a pro to remove it for you. www.onlinecomputerrepair.org has our vote. They are great and a ton of experts out there recommend them to people.