Remove Green AV | Green AV Removal Guide

Bookmark and Share

Trouble removing this virus? Try Spyware Doctor With Antivirus from PCTools. »Download

Online Virus Removal Guaranteed online virus removal service or you don't pay: www.OnlineComputerRepair.org

Green AV Removal Video
Green AV

» Download Green AV Removal Software

Green AV is a clone of Green Antivirus.  Both are nothing more then scams out to steal your money.  This type of fraud goes by a few different names but a more technical term is called Smitfraud.  This is a rouge security client.  Green AV uses a few of the Windows logos and Security center icon in an effort to give it a legit look and feel.

the whole purpose of this program is to scare and trick the user into making a purchase.  This is done by showing false scan information saying that the computer is infected with all these viruses.  The scan results are 100% false.  However you are infected with a few viruses but not the ones they claim.

In addition to this the user will notice pop-ups and the like that will say something like "Your PC is not protected
Security center reports that 'Green AV' is inactive. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the suggested actions. You system might be at risk now."

This is all part of the scare tactic.  What makes this client a little different then other fake scanners is the SAVE THE EARTH type of message.  They claim to give out 2 bucks for every sale to a green cause.  The only green cause these guys have is stealing your green backs!

Below are the virus removal instructions from our test computer.

If your traces are different then help others out and post a comment letting people know.  Also we will then know it mutated and we can infect anther test computer to provide updated info.

Some symptoms of Green AV:

  • Bogus Scan results
  • Auto Scans on Start-up
  • Warning coming out of a fake shield in the system tray
  • pop-ups and re-directs to the fake software's website
  • constant warnings of being infected as well as false statements of other trojans

Click the image below to see all the screen shots we have of this threat.

Green AV Removal


<a href=Spyware Doctor with Antivirus Downlaod" />

We do recommend you scan your computer with the free trial of Spyware Doctor with Antivirus to see how infected you really are. If it is just this fake security product then follow the manual directions below. If you have other trojans and spyware applications then consider making a purchase of Spyware Doctor with Antivirus Here to remove all other threats and to keep your PC secure. If you follow the link above and use coupon code removevirus10 you will get 10% off. This is an exclusive coupon we got just for our readers.

As well we do recommend this remote computer repair company. They are the leaders in remote computer repair and can have you up and going in no time at all. This option is more for people who don't feel comfortable removing viruses by themselves and just want an expert to do it for them.

Manual removal instructions for Green AV ( Please read our disclaimer below )

Kill Green AV processes: ( Learn How to Kill a Process Here. Opens in new Window )

  • gav.exe
  • rwg.exe  ( This is the latest trace we picked up )  Most likely only one of these processes are running.

We recommend you watch the video to learn how you can identify these running processes.

We do recommend you run a full scan using Spyware Doctor with Antivirus » download. Even if you do not intend on registering the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. If the Windows Task Manager does not open for you then use the Process Killer tool on our side bar.  Also we have a registry fix there to re-enable the Task Manager.  If the gav.exe  or rwg.exe file is not running then your strain has mutated.  Simply run the Spyware Doctor with Antivirus client to find the new trace or watch the video to learn how to identify it.

Delete Green AV registry values: ( Learn How to Edit Registry Here. Opens in new Window )

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5dbd8cb-df8a-4992-a655-b155216f6afb}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\03874569874596
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\37465982736455
  • HKEY_CURRENT_USER\Software\GAV
  • HKEY_CLASSES_ROOT\AppID\WStech.DLL
  • HKEY_CLASSES_ROOT\WStech.WStechB
  • HKEY_CLASSES_ROOT\WStech.WStechB.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\GAV

Delete files: ( Hint ) Most of these files will be in the %Program Files\GAV\ or the C:\Documents and Settings\All Users\Application Data\gwr\ directory.

  • rwg.exe
  • gav.exe
  • C:\Documents and Settings\YOUR USER ACCOUNT\Application Data\Mozilla\Firefox\Profiles\vmax0exd.default\gsl.dll ( Firefox users only )
  • uninstall.exe
  • mgrdll.exe
  • mwrdll.exe
  • rwg.exe v
  • iruses.dat
  • wsav.exe
  • wstech.dll
  • wtds05.exe

Firefox Users need to delete

Look in the below directories for these files.  Most of them will be there.  Also run a scan using SDA to ensure you have none of them left over.

Delete directories: ( Please note that in most cases everything in this folder can be deleted. Just be sure it's the correct folder ;)

  • C:\Program Files\Documents and Settings\All Users\Application Data\GAV
  • C:\Documents and Settings\All Users\Application Data\gwr\
  • C:\Program Files\GAV
  • C:\Documents and Settings\All Users\Start Menu\Programs\Green  AV

Hosts files are most likely infected as well.  Ours were.  Download the auto Host files program on the side bar.  Microsoft gets the credit for making this tool.

Please keep in mind that viruses mutate and change all the time. Do expect the above to change around a little. However this guide should work well for you and any experienced pro will be able to follow it and figure out the traces if they mutate. If you do not feel comfortable deleting files and the like then consider purchasing Spyware Doctor with Antivirus or have www.onlinecomputerrepair.org remove this and all other threats for you.

Vista and Windows 7 users should note that the file structure is a little different. %System%, %Windows% and %Documents and Settings% are variable locations. You should do a search for these folder or files names to determine the exact location.  Also when in doubt download and run a scan using Spyware Doctor with Antivirus to determine the exact location

for instances

Leading Security Clients for you to consider ( Click the Links Below to Learn More )

Virus Removal

There are no comments for "Remove Green AV | Green AV Removal Guide".

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.
Syndicate content