Recently, a number of computer users are being infected by an application referred to as the Green AV virus. For those who want to know what is “green av” , this article aims to provide details about this program. It also gives information on Green AV removal.
What is Green AV?
Green AV Virus, also called Green Antivirus 2009 or green-av, is a kind of rogue antivirus program that tells users that it gives a portion of every Green AV software sold to environmental causes. While the prospect of doing something good for the environment by purchasing the green a v is good and enticing, it is not recommended that you buy the green av program. It is unfortunate but this Green AV software is a bogus antivirus application and users who purchase this AV Green virus are at risk of exposing their credit card information to the fraudster developers of windows green av.
Green AV Causes Unsolicited Pop Ups and Warnings
The green av antivirus will cause a stream of pop ups in the computer that result in slower computer performance. These green virus 2009 pop ups often show bogus scans and alerts and urging the user to buy the av green software. The Green av virus windows can also be very annoying to users who may be disturbed by the av green virus pop ups and warnings. If your PC is infected with the green-av malware, you can prevent further damage to your computer by removing green av ASAP.
How do I Remove Green AV?
Green AV removal can be done without having to purchase the fake green av spyware antivirus application. Thanks to Milton for providing a working solution to manually remove green av virus.
How to Remove Green AV Manually:
Log into Windows Safe Mode. To get to safe mode reboot your computer and start pressing the F8 key repeatedly until the Safe Mode options screen appears. You want Safe Mode which is the first option, not Safe Mode with Networking.
If any user id’s how up select the Administrator, if not don’t worry about it. Once safe mode is up Click on My Computer and open your C: drive. Click on Tools/Folder Options/View. Then click on Show Hidden Files and Folders.
Green AV is normally located by navigating to the following directories: C:\Program Files\Documents and Settings\All Users\Application Data\GAV\gav.exe
1. Delete gav.exe which is the executable module for the virus
2. Delete mgrdll.exe this is the messenger for gav that keeps sending you the messges and popups
3. Delete the folder GAV (just hit your back arrow one time to get back to folder Application Data then you will be able to see and delete folder GAV
4. Right Click on your Recycle Bin and select Empty Recycle Bin or Double Click on your Recycle Bin and select Empty Recycle BinNow reboot your system and you should be rid of the pesky virus
Green AV Remove Option:
One of the free tools that you can use as a green AV remover is Malwarebytes. More information on how to use this application as a green av removal tool can be found in this link:
Malwarebites:
malware removal free tool
Comments below also provide other options in removing the Green AV virus.
Related Post:
Control Center Virus
Eco AV virus
Related posts:
- Fake Green Av disguises as security software with a cause If you are receiving alerts from a so called green antivirus, be advised that the Greenantivirus 2009 does not provide protection to your computer and people who have purchased this program may put their credit card information at risk. This...
- Cyber Protection Center Virus Removal This fake antivirus protection software is not your cyber protection against viruses. This article provides information on how to remove cyber antivirus fake av. ...
- Uninstall Green AV Antivirus The number of rogue anti virus protection applications is increasing this year and among these fake pc security programs is the green av anti virus. Like most other rogue softwares, green av pc security is advertised through unsolicited and oftentimes...
- Privacy Center Virus PrivacyCenter av is a bogus antivirus antispam that causes your system to display system scans that popup to tell you there are system threats in your system. These PrivacyCenter popups will then prompt you to purchase Privacy Center online protection....
- Virus Doctor Removal Virus Doctor Online Protection You will have a hard time using your PC if your computer screen is constantly bombarded by virus doctor online protection pop ups. What is a virus doctor anyway? Is it a legitimate computer virus software?...
- Windows Smart Security Virus Removal Windows Smart Security Virus is a new form of computer infection that displays fake systems scans and alert pop ups to deceive people into purchasing a rogue anti virus protection software called the Windows Smart Security antivirus. If you need...
- Control Center Virus Control Center Antivirus may not be a legitimate antivirus protection software as you may think. Read on and learn about the controlcenter virus and how to remove it from your pc....
August 8th, 2009 at 10:41 pm
In truth, immediately i didn’t understand the essence. But after re-reading all at once became clear.
August 17th, 2009 at 4:55 am
This happened to me this weekend. Not sure how the Green AV ended up on my PC.
I ran Spybot S&D, it removed it immediately.
August 19th, 2009 at 12:05 am
Log into Windows Safe Mode. To get to safe mode reboot your computer and start pressing the F8 key repeatedly until the Safe Mode options screen appears. You want Safe Mode which is the first option, not Safe Mode with Networking.
If any user id’s how up select the Administrator, if not don’t worry about it. Once safe mode is up Click on My Computer and open your C: drive. Click on Tools/Folder Options/View. Then click on Show Hidden Files and Folders.
Green AV is normally located by navigating to the following directories: C:\Program Files\Documents and Settings\All Users\Application Data\GAV\gav.exe
1. Delete gav.exe which is the executable module for the virus
2. Delete mgrdll.exe this is the messenger for gav that keeps sending you the messges and popups
3. Delete the folder GAV (just hit your back arrow one time to get back to folder Application Data then you will be able to see and delete folder GAV
4. Right Click on your Recycle Bin and select Empty Recycle Bin or Double Click on your Recycle Bin and select Empty Recycle Bin
Now reboot your system and you should be rid of the pesky virus
August 23rd, 2009 at 6:32 am
Milton’s solution worked for me. After struggling
with this thing for a few hours today, getting rid
of it was like Ripley ejecting the Alien from the
spacecraft. What a vicious piece of malware; it
even hijacked my Google functions and also made
some web pages suddenly unusable. An awful thing.
Apparently it deleted my Windows Defender, the only
permanent damage that I’m aware of, so I’ll have to
find a way to get that back.
August 23rd, 2009 at 6:37 am
i need to know how to removal green av off my
August 24th, 2009 at 1:41 am
Sorry to desapoint you i have try all you solutions specially the one deleting the exe and no go .also when i try to scan with any spyware removal the virus shut it down same with hijack this it wont let me run it
August 24th, 2009 at 2:53 am
[...] Green AV Virus RemovalRecently, a number of computer users are being infected by an application referred to as the Green AV virus. This article provides details about this program and gives information on Green AV removal. Green AV Virus, also called Green …Read More [...]
August 24th, 2009 at 2:13 pm
[...] deleting the exe and no go .also when i try to scan with any spyware removal the virusRead more at http://cantalktech.com/2009/08/04/green-av-removal/ var addthis_pub = ''; var addthis_language = 'en';var addthis_options = 'email, favorites, [...]
August 24th, 2009 at 2:30 pm
[...] 16% – San Antonio, TX 5% – Boulder, CO Green AV Virus Removal Aug 3, 2009 The Green av virus windows can also be very annoying to users who may be disturbed by [...]
August 24th, 2009 at 11:08 pm
to temporarily stop it hit task manager find gav.exe and end it. then scan for it. this will end the annoying pop ups etc etc. mbam hasnt picked it up yet though
August 25th, 2009 at 12:02 pm
Milton you are an angel! For anyone battling with the Green AV virus… try Milton’s resolution — IT WORKS!!!
August 26th, 2009 at 4:10 am
Miltons solution is not working for me, I am trying. I cant get it into safe mode. Also, there is no Tools/Options/View button. I cannot access the Hidden Folders section. Spybot and Malawarebites is not picking up this Green AV. I tried to look for it by going to Program Files but my computer wont let me access the Document and Settings tab. I am really frustrated, someone please help!
August 26th, 2009 at 5:16 am
I helped a friend take care of this, I used Malware Bytes, and it caught the problem, and was able to get rid of it, however it had hijacked internet explorer making it unable download any apps. It also caused problems with windows installer, I tried to install AVG and Spybot’s Teatimer but they would not allow me to install and update correctly thus they did not work. I finally had to restore the PC to a point prior to the appearance of GAV. Luckally there was such a point on this PC.
August 27th, 2009 at 3:42 am
Thanks Milton, your instructions worked perfectly!
August 30th, 2009 at 5:09 am
I’ve tried to download 3 of the different progs to get this stupid thing off and it didn’t work. So I tried to do as Milton wrote to do, but I found when I got to: C:\Program Files\Documents and Settings\All Users\Application Data\GAV\gav.exe
I don’t have the docs and setting, so I had to go to Prog Data\ GRA
From there I was able to delete:
MRADLL
Viruses.dat
WSAV
WSGA05
But I wasn’t able to delete GRA, it told me I need permission. I also tried to just delete the GRA folder, but that also told me I need permission.
Anyone know know the heck to get this darn thing off my computer.
Thanks
August 30th, 2009 at 7:04 am
I used Milton’s instruction- thank you very much. But the name has changed since he posted. The files I deleted were mradll.exe, and gra.exe.
August 30th, 2009 at 7:06 am
Thank you so much Milton… I have been trying to fix my step-mothers computer for the last 5 hrs and finally found this site and did everything you said and it worked… I couldn’t thank you enough!!!
August 30th, 2009 at 9:16 am
My aunt called me today and she has this infection. She is running Vista. I did what Milton did, except I did not enter Safe Mode. Instead, I went to and then and then typed in msconfig in the empty field. The window that opens will have various tabs at the top, click on the one that says Startup. You will see a list of items that are starting up with your computer and each item will have a box that is checked. Most items in this list will have actual names, while the virus will have a line of numbers as a name. I found three of these items and they were together in the list. I unchecked the boxes for these three items, then clicked then and was prompted to reboot. I rebooted then did as Milton did except I deleted the entire folder in the directory. (While you are in msconfig where you uncheck the boxes, you will also be able to see the exact directory where the folder is located!) The folder is hidden, so follow Milton on making this folder viewable.
August 30th, 2009 at 9:17 pm
I had this garbage show up on my PC yesterday after logging in. I could find no gav.exe programs running, but I did locate the same bogus program named gra.exe in a folder of the same name located in the same area as the gav.exe file Milton and others have noted already. I was able to delete the folder and its contents (gra.exe, uninstall.exe, mgrdll.exe, etc.). The pop ups for the bogus Green AV are gone, but the saga isn’t over yet! Arrggg! I’m still getting a substitute web page that sporadically replaces a web page I’m actually trying to go to. This bogus web page comes at random and includes this text on a gray background: “Reported Attack Site! This web site has been reported as an attack site and has been blocked based on your security preferences.
Attack sites try to install programs that steal privat information, use your computer to attack others, or demadge your system. Some attack sites intentionally distribute harmfull software, but many are compromised without the knowledge or permission of their owners.” (the 3 misspelled words shown are as they appeared. Apparently the jack a$$ who wrote that page can’t spell either!). Two hot buttons are also shown “Get me out of here” and “How can i be protected?” and another link “Resolve this warning”. All three are links that direct you to the following web address: http://green-av-pro.com/presale.html
I haven’t found what’s causing this bogus web page to come up, but I guess that has to do with the registry files and I haven’t located the one causing this. Anyone have help for fixing that area?
August 30th, 2009 at 10:08 pm
I finally found the registry file folder containing GAV and gra registry files. Deleted them all and the bogus green av link pages no longer show up! Good riddance!
August 31st, 2009 at 1:12 am
Great job Milton. I had gone into Program Data and found the virus file as Program File GRA. I couldn’t delete it though, I had to get permission. You told me to go into safe mode and that did the trick! Awesome! You saved me $90.00 I owe you friend, thanks again!!
August 31st, 2009 at 2:48 am
Always, always, always use Safe mode or safe mode with networking, when dealing with malware. Make sure you have Administrative privileges. It helps to have access to a 2nd computer for downloading fixes, programs, instructions, etc. to remedy the problems found on the first computer. Burn them to a CD to transfer them. Do not use a flash-drive, it can become infected and spread the malware.
Safe mode – keep pressing and releasing F8 on the BIOS screen till the menu appears.
August 31st, 2009 at 5:00 am
My aunt called me today and she has this infection. She is running Vista. I did what Milton did, except I did not enter Safe Mode. Instead, I went to Start and then Run and then typed in msconfig in the empty field. The window that opens will have various tabs at the top, click on the one that says Startup. You will see a list of items that are starting up with your computer and each item will have a box that is checked. Most items in this list will have actual names, while the virus will have a line of numbers as a name. I found three of these items and they were together in the list. I unchecked the boxes for these three items, then clicked Apply and then Ok and was prompted to reboot. I rebooted then did as Milton did except I deleted the entire folder in the directory. (While you are in msconfig where you uncheck the boxes, you will also be able to see the exact directory where the folder is located!) The folder is hidden, so follow Milton on making this folder viewable.
August 31st, 2009 at 7:28 am
[...] What is ANG Antivirus 09? The ANG Antivirus 09 is another type of fake spyware detector program that uses fake advertising to entice computer users to buy their fake spyware removal programs. Other types of this fraud PC security software include Windows Police Pro and Green AV. [...]
August 31st, 2009 at 11:20 pm
[...] [1] Green AV Virus Removal [2] Green AV 2009 – CNET Spyware, viruses, & security Forums [3] Green AV – how to remove [4] [...]
September 1st, 2009 at 12:51 am
Thanks to everyone, especially Chris-doing what you said regarding the Vista method worked like a charm. If i ever got my hands on the dorks that wrote this program…
September 1st, 2009 at 4:08 am
Hey Dave, can you tell us which registry file folder(s) you deleted? I’m having the same problem as you. I deleted all of the .exe files, but I’m still getting redirected to the fake “reported attack site” screen. Thanks.
“I finally found the registry file folder containing GAV and gra registry files. Deleted them all and the bogus green av link pages no longer show up! Good riddance!”
Thanks to you too, Milton!
September 1st, 2009 at 7:42 am
Well, I guess I spoke too soon. I’m getting the same bogus web pages again that I noted in my 30 August reply above. Looks like there’s still something I’ve overlooked or missed.
September 1st, 2009 at 8:52 am
Spybot doesn’t work for this one anymore. They have sunk it deep in the startup within MSCONFIG. You will need to make sure to kill that piece or it will redownload the whole process again. After running this wonderful tool from Malwarebyte’s. I simply removed the pieces. Rebooting now…. Hopefully you won’t hear from me again.
Malwarebytes’ Anti-Malware 1.40
Database version: 2723
Windows 5.1.2600 Service Pack 3
8/31/2009 8:50:47 PM
mbam-log-2009-08-31 (20-50-47).txt
Scan type: Quick Scan
Objects scanned: 90745
Time elapsed: 11 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{512e801e-2f02-4ade-acaa-58f08a22b2f8} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70fead04-a7fd-4b89-b814-8a8251c90ef7} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
September 3rd, 2009 at 6:27 am
[...] fake PC security softwares that attempt to impersonate as legitimate anti virus programs include AV Green and the Police Pro Virus. Keep reading this article to learn how to delete windpc defender virus [...]
September 7th, 2009 at 10:10 am
[...] of other rogue anti virus protection softwares besides the advanced virus removal 2009 include the AV Green and the windows police pro [...]
September 13th, 2009 at 5:38 am
They changed the names of the files so they are harder to find. the files name is now gwr and all the files in there are the ones you are suppose to delete.
September 14th, 2009 at 6:39 am
Ok,I found the new file named gwr,but i cant delete one of the files,named rwg,that is located inside gwr.
September 17th, 2009 at 10:11 am
[...] from your PC and you do not have to worry about spending money if you do not know how to remove green av pop up alerts. There are free tools online that you can use to get rid green av and one of these is [...]
September 19th, 2009 at 12:45 am
Thank you for your help! Great work.
September 19th, 2009 at 9:21 am
JUST GO TO FILE HIPPO and download AD-AWARE
it is free and works great!
September 24th, 2009 at 1:27 am
Thank you Milton for your detailed explanation how to get rid of the Green AV virus. That worked for me perfectly. I really appreciate your time in publishing here these steps!
September 25th, 2009 at 8:34 am
[...] How to remove green antivirus 2009: You can remove the annoying green.av pop ups without having to purchase the rogue green a/v spyware antivirus program. For details on free removal of green av , please read this related post on green av virus removal . [...]
October 6th, 2009 at 8:21 am
[...] is in fact, just another version of many other fake antivirus antispam softwares that include the green av, alpha av and the security tool [...]
October 7th, 2009 at 11:21 am
[...] another version of many other rogue pc security programs that include secure warrior, alpha av, green av and the security tool [...]
January 5th, 2010 at 3:59 pm
[...] people via the internet. Similar other clones of the security tool antivirus scam include the green av virus, aka the green antivirus, the av live virus and the great defender virus. You must remove security [...]
January 5th, 2010 at 4:00 pm
[...] protection programs. Their previous releases have included the Registry Defender Platinum 2010, the green av and the security tool. st_go({blog:'2218808',v:'ext',post:'6521'}); var load_cmc = [...]
January 7th, 2010 at 9:54 am
[...] other fake anti virus protection softwares include the green av and the platinum soft 2010. Delete PC Protectar Getting rid of PC Protectar is recommended [...]