Delete Ghost Antivirus
Having Trouble removing this virus? Try Spyware Doctor With Antivirus from PCTools. » Download
For around 89 bucks www.OnlineComputerRepair.org can remove this threat for you right now.
February 21, 2010 by virus removal man
Filed under virus
Related to Internet Antivirus Pro, Ghost Antivirus acts like any other fake antivirus software, showing various threat warnings in an attempt to get users to pay for a ‘full’ version. It gets installed from websites that claim to perform scans on the user’s computer, showing that there are many viruses installed on the operating system. These websites aggressively promote Ghost Antivirus to the point of blocking users from leaving the website until they have downloaded and installed a copy of the rogue software. If the user accepts and downloads and installs a copy, Ghost Antivirus will then load at startup and start displaying fake pop-ups from the Windows taskbar claiming that the user’s computer is teeming with viruses. It also urges the user to immediately purchase a license to the ‘full’ version of the rogue software, claiming that the ‘trial’ version currently on the user’s computer is incapable of cleaning the fake ‘threats’. Its very authentic-looking GUI also adds to the illusion that this is a legitimate piece of antivirus software. However, it must be noted that as the ‘threats’ were falsely generated in the first place, there is no way that any ‘full’ version of Ghost Antivirus could ever remove these ‘threats’. It is important to remember never to fall for this kind of diabolical ploy.
As soon as you find a copy of this rogue software on your computer, you should take steps to delete it. In order to delete Ghost Antivirus, it is necessary to stop its processes, unregister its DLLs, remove its files and folders and delete its registry entries.
File Removal Procedures
The first step on the way to delete Ghost Antivirus is killing its running processes, which are listed below:
- Processes ending with onin.exe (e.g. 235asrstonin )
- ghostav.exe
- unins000.exe
- services.exe
Then the following DLLs related to Ghost Antivirus should be unregistered:
- WMILib.dll
- [random symbols].dll
The files and folders listed below should then be deleted:
- ghostav.exe
- register.ico
- unins000.dat
- uninst.ico
- web.ico
- working.log
- ghost.sql
- Infected.wav
- listing.cfg
- version.db
- WMILib.dll [random symbols].dll
- Ghost Antivirus.lnk
- Ghost Antivirus Home Page.lnk
- Ghost Antivirus.lnk
- Purchase License.lnk
- settings.ini
- uill.ini
- unins000.exe
- Uninstall Ghost Antivirus.lnk
- links.txt
- times.conf
- Ghost Antivirus.lnk
- iGSh.png iMSh.png
- iPSh.png
- pguard.ini
- services.exe
- [random symbols]onin.exe
- %Program Files%\Ghost Antivirus\
- %Program Files%\Ghost Antivirus\Languages\
- %Program Files%\Ghost Antivirus\lib\
- %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\
- %Documents and Settings%\All Users\Application Data\Ghost Antivirus\
- %Documents and Settings%\[User Name]\Application Data\Ghost Antivirus\lib\
After these steps have been completed, your file system is safe from Ghost Antivirus.
Registry Removal Procedures
To completely delete Ghost Antivirus from your system, the following entries should also be removed from your registry:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ghost Antivirus_is1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
- HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “%Program Files%\Ghost Antivirus\”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “onin”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Ghost Antivirus”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “3P_UDEC”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent “URIAPRO[1.1.3.9]“
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger” = “?”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger” = “?”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “RealLogonType” = “1?
Once these registry keys and settings are removed, your system is completely free from Ghost Antivirus.
Conclusion
Inexperienced users are advised against attempting to manually delete Ghost Antivirus, as it could harm your system should you make a mistake. It would be best to resort to a web-based virus cleaning service such as www.onlinecomputerrepair.org or legitimate antivirus software, such as Spyware Doctor with Antivirus as it ensures that Ghost Antivirus is completely removed while maintaining the integrity of your system.
