Recently, a number of computer users are being infected by an application referred to as the Green AV virus. For those who want to know what is “green av” , this article aims to provide details about this program. It also gives information on Green AV removal.
What is Green AV?
Green AV Virus, also called Green Antivirus 2009 or green-av, is a kind of rogue antivirus program that tells users that it gives a portion of every Green AV software sold to environmental causes. While the prospect of doing something good for the environment by purchasing the green a v is good and enticing, it is not recommended that you buy the green av program. It is unfortunate but this Green AV software is a bogus antivirus application and users who purchase this AV Green virus are at risk of exposing their credit card information to the fraudster developers of windows green av.
Green AV Causes Unsolicited Pop Ups and Warnings
The green av antivirus will cause a stream of pop ups in the computer that result in slower computer performance. These green virus 2009 pop ups often show bogus scans and alerts and urging the user to buy the av green software. The Green av virus windows can also be very annoying to users who may be disturbed by the av green virus pop ups and warnings. If your PC is infected with the green-av malware, you can prevent further damage to your computer by removing green av ASAP.
How do I Remove Green AV?
Green AV removal can be done without having to purchase the fake green av spyware antivirus application. Thanks to Milton for providing a working solution to manually remove green av virus.
How to Remove Green AV Manually:
Log into Windows Safe Mode. To get to safe mode reboot your computer and start pressing the F8 key repeatedly until the Safe Mode options screen appears. You want Safe Mode which is the first option, not Safe Mode with Networking.
If any user id’s how up select the Administrator, if not don’t worry about it. Once safe mode is up Click on My Computer and open your C: drive. Click on Tools/Folder Options/View. Then click on Show Hidden Files and Folders.
Green AV is normally located by navigating to the following directories: C:\Program Files\Documents and Settings\All Users\Application Data\GAV\gav.exe
1. Delete gav.exe which is the executable module for the virus
2. Delete mgrdll.exe this is the messenger for gav that keeps sending you the messges and popups
3. Delete the folder GAV (just hit your back arrow one time to get back to folder Application Data then you will be able to see and delete folder GAV
4. Right Click on your Recycle Bin and select Empty Recycle Bin or Double Click on your Recycle Bin and select Empty Recycle BinNow reboot your system and you should be rid of the pesky virus
Green AV Remove Option:
One of the free tools that you can use as a green AV remover is Malwarebytes. More information on how to use this application as a green av removal tool can be found in this link:
Malwarebites:
malware removal free tool
Comments below also provide other options in removing the Green AV virus.
Related Post:
Control Center Virus
Eco AV virus
Related posts:
- Fake Green Av disguises as security software with a cause If you are receiving alerts from a so called green antivirus, be advised that the Greenantivirus 2009 does not provide protection to your computer and people who have purchased this program may put their credit card information at risk. This...
- Cyber Protection Center Virus Removal This fake antivirus protection software is not your cyber protection against viruses. This article provides information on how to remove cyber antivirus fake av. ...
- Uninstall Green AV Antivirus The number of rogue anti virus protection applications is increasing this year and among these fake pc security programs is the green av anti virus. Like most other rogue softwares, green av pc security is advertised through unsolicited and oftentimes...
- Privacy Center Virus PrivacyCenter av is a bogus antivirus antispam that causes your system to display system scans that popup to tell you there are system threats in your system. These PrivacyCenter popups will then prompt you to purchase Privacy Center online protection....
- Virus Doctor Removal Virus Doctor Online Protection You will have a hard time using your PC if your computer screen is constantly bombarded by virus doctor online protection pop ups. What is a virus doctor anyway? Is it a legitimate computer virus software?...
- Windows Smart Security Virus Removal Windows Smart Security Virus is a new form of computer infection that displays fake systems scans and alert pop ups to deceive people into purchasing a rogue anti virus protection software called the Windows Smart Security antivirus. If you need...
- Control Center Virus Control Center Antivirus may not be a legitimate antivirus protection software as you may think. Read on and learn about the controlcenter virus and how to remove it from your pc....
September 3rd, 2009 at 6:27 am
[...] fake PC security softwares that attempt to impersonate as legitimate anti virus programs include AV Green and the Police Pro Virus. Keep reading this article to learn how to delete windpc defender virus [...]
September 1st, 2009 at 8:52 am
Spybot doesn’t work for this one anymore. They have sunk it deep in the startup within MSCONFIG. You will need to make sure to kill that piece or it will redownload the whole process again. After running this wonderful tool from Malwarebyte’s. I simply removed the pieces. Rebooting now…. Hopefully you won’t hear from me again.
Malwarebytes’ Anti-Malware 1.40
Database version: 2723
Windows 5.1.2600 Service Pack 3
8/31/2009 8:50:47 PM
mbam-log-2009-08-31 (20-50-47).txt
Scan type: Quick Scan
Objects scanned: 90745
Time elapsed: 11 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{512e801e-2f02-4ade-acaa-58f08a22b2f8} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70fead04-a7fd-4b89-b814-8a8251c90ef7} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
September 1st, 2009 at 7:42 am
Well, I guess I spoke too soon. I’m getting the same bogus web pages again that I noted in my 30 August reply above. Looks like there’s still something I’ve overlooked or missed.
September 1st, 2009 at 4:08 am
Hey Dave, can you tell us which registry file folder(s) you deleted? I’m having the same problem as you. I deleted all of the .exe files, but I’m still getting redirected to the fake “reported attack site” screen. Thanks.
“I finally found the registry file folder containing GAV and gra registry files. Deleted them all and the bogus green av link pages no longer show up! Good riddance!”
Thanks to you too, Milton!
September 1st, 2009 at 12:51 am
Thanks to everyone, especially Chris-doing what you said regarding the Vista method worked like a charm. If i ever got my hands on the dorks that wrote this program…
August 31st, 2009 at 11:20 pm
[...] [1] Green AV Virus Removal [2] Green AV 2009 – CNET Spyware, viruses, & security Forums [3] Green AV – how to remove [4] [...]
August 31st, 2009 at 7:28 am
[...] What is ANG Antivirus 09? The ANG Antivirus 09 is another type of fake spyware detector program that uses fake advertising to entice computer users to buy their fake spyware removal programs. Other types of this fraud PC security software include Windows Police Pro and Green AV. [...]
August 31st, 2009 at 5:00 am
My aunt called me today and she has this infection. She is running Vista. I did what Milton did, except I did not enter Safe Mode. Instead, I went to Start and then Run and then typed in msconfig in the empty field. The window that opens will have various tabs at the top, click on the one that says Startup. You will see a list of items that are starting up with your computer and each item will have a box that is checked. Most items in this list will have actual names, while the virus will have a line of numbers as a name. I found three of these items and they were together in the list. I unchecked the boxes for these three items, then clicked Apply and then Ok and was prompted to reboot. I rebooted then did as Milton did except I deleted the entire folder in the directory. (While you are in msconfig where you uncheck the boxes, you will also be able to see the exact directory where the folder is located!) The folder is hidden, so follow Milton on making this folder viewable.
August 31st, 2009 at 2:48 am
Always, always, always use Safe mode or safe mode with networking, when dealing with malware. Make sure you have Administrative privileges. It helps to have access to a 2nd computer for downloading fixes, programs, instructions, etc. to remedy the problems found on the first computer. Burn them to a CD to transfer them. Do not use a flash-drive, it can become infected and spread the malware.
Safe mode – keep pressing and releasing F8 on the BIOS screen till the menu appears.
August 31st, 2009 at 1:12 am
Great job Milton. I had gone into Program Data and found the virus file as Program File GRA. I couldn’t delete it though, I had to get permission. You told me to go into safe mode and that did the trick! Awesome! You saved me $90.00 I owe you friend, thanks again!!