How to Remove CleanUp Antivirus Rogue Anti-Spyware?
CleanUp Antivirus Information:
CleanUp Antivirus is a bogus anti-spyware program from the same family as My Security Wall. This fake program comes from fake online scanners, bogus video sites or malicious PDF files. Once installed, it will pretend to run a system scan and report a list of infections or system security threats that can’t be removed unless you pay for its full version of this rogue program. However, the fact is that CleanUp Antivirus is nothing but a scam. It persuades you to pay for a full version of the program to remove the infections which don’t even exist. There is no doubt that you should remove CleanUp Antivirus from your computer upon detection. Please follow the removal guide below.
CleanUp Antivirus Screenshot:
Manual Removal
Note: If you are not proficient with computer, it’s suggested that you backup your registry before manually removing CleanUp Antivirus Rogue Anti-Spyware. And double check the entries that you are going to delete, or your computer can’t work for missing some files.
The files you need to delete:
%Documents and Settings%\All Users\Application Data\345d567\
%Documents and Settings%\All Users\Application Data\345d567\46.mof
%Documents and Settings%\All Users\Application Data\345d567\CU345d.exe
%Documents and Settings%\All Users\Application Data\345d567\CUA.ico
%Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
%Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
%Documents and Settings%\All Users\Application Data\345d567\BackUp\
%Documents and Settings%\All Users\Application Data\345d567\CUASys\
%Documents and Settings%\All Users\Application Data\345d567\CUASys\vd952342.bd
%Documents and Settings%\All Users\Application Data\345d567\Quarantine Items
%Documents and Settings%\All Users\Application Data\CUCAISTUA\
%Documents and Settings%\All Users\Application Data\CUCAISTUA\CUEWA.cfg
%Program Files%\Mozilla Firefox\searchplugins\search.xml
%Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus
%Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus\cookies.sqlite
%Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus\Instructions.ini
%Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
%Documents and Settings%\[UserName]\Desktop\CleanUp Antivirus.lnk
%Documents and Settings%\[UserName]\Recent\cb.tmp
%Documents and Settings%\[UserName]\Recent\CLSV.tmp
%Documents and Settings%\[UserName]\Recent\DBOLE.dll
%Documents and Settings%\[UserName]\Recent\DBOLE.sys
%Documents and Settings%\[UserName]\Recent\eb.tmp
%Documents and Settings%\[UserName]\Recent\exec.tmp
%Documents and Settings%\[UserName]\Recent\FS.dll
%Documents and Settings%\[UserName]\Recent\grid.exe
%Documents and Settings%\[UserName]\Recent\pal.drv
%Documents and Settings%\[UserName]\Recent\pal.tmp
%Documents and Settings%\[UserName]\Recent\PE.exe
%Documents and Settings%\[UserName]\Recent\tempdoc.drv
%Documents and Settings%\[UserName]\Recent\tempdoc.tmp
%Documents and Settings%\[UserName]\Recent\tjd.sys
%Documents and Settings%\[UserName]\Recent\tjd.tmp
%Documents and Settings%\[UserName]\Start Menu\CleanUp Antivirus.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\CleanUp Antivirus.lnk
The registry entries you need to delete:
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\CU345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “Library1.00195″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “CleanUp Antivirus”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “%Documents and Settings%\All Users\Application Data\345d567\CU345d.exe”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “%Documents and Settings%\All Users\Application Data\345d567\CU345d.exe”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
Please, be aware that manual removal of CleanUp Antivirus Rogue Anti-Spyware is a cumbersome task and can not always ensure complete removal of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, lack of the required skills and even the slightest deviation from the instructions may lead to irreparable system damage. That’s why it’s strongly recommended automatic removal of CleanUp Antivirus Rogue Anti-Spyware, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.
Automatic CleanUp Antivirus Rogue Anti-Spyware Removal:
1. Restart your computer and keep pressing F8 Key before Windows launches. Use the arrow keys to select the “Safe Mode with Networking” option, and then hit ENTER Key to continue.
2. Download Spyware Cease (Spyware Cease review), install it and update its database to the latest. After that, restart your computer so as to make Spyware Cease fully functional. Repeat Step 1 into Safe Mode and run an Online Scan of your computer so that Spyware Cease can detect all potential malware in your system.
NOTE: If you have problem installing Spyware Cease, you can download this correction script, unzip it and then double click to run it. It will correct your registry settings that the virus has modified. Then double click the program and finish the installation.
3. After the Online Scan finishes, click “Details” for the malware detected to make sure that your important data are not infected and removed. Ignore or select the scan result and click “Remove” to remove the threats. Reboot your computer and let Spyware Cease delete all detected virus.
4. Click to repair your corrupted registry
Why should you need to repair the registry?
As we all know, virus and Trojans modify and destroy system registry and make the computer malfunction so that the computer will not perform normally. Even if the virus and Trojans are removed, the registry is still destroyed or modified, so the computer still has problems. That’s the very reason why you need to repair the registry. At the meanwhile, some virus and Trojans leave some DLL files in the registry and this will cause strange DLL errors and affect the computer performance.
To make your computer run as perfectly as before or much faster than before:
1. Download and install Multi-Awarded Registry Tool.
2. Run a full scan of your registry.
3. Click “Repair Problems” and repair all errors detected.
After these 3 easy steps, your computer will run much faster than before within minutes!
Related posts: