How to Remove Ghost Antivirus

Posted on Tuesday, 19th January 2010 by Bob

Delete Ghost Antivirus Right Now!

How Did I Get Infected With Ghost Antivirus ?

Ghost Antivirus and badware just like it commonly end up on your computer due to the following causes. You will need to uninstall Ghost Antivirus if you think you’re infected:

Freeware or shareware: Many times freeware or shareware is secretly bundled with spyware. It is how the developers earn money for the time they spent. It’s a sneaky, but it’s fairly common.
Peer-to-peer software: Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for mistakenly downloading an infected file, including software like Ghost Antivirus .
Questionable websites: Malicious or questionable websites can install programs such as Ghost Antivirus through security holes and automatic downloads, such as video codecs. If you feel your browser is unsafe, consider using the newest version of Mozilla Firefox, Google Chrome, or Internet Explorer.

Automatically Detect & Remove Ghost Antivirus - Click Here to Download Spyware Doctor

What are Common Signs of Ghost Antivirus Infection?

Slow Computer Performance
Annoying Pop-Ups
Taskbar Warnings
Strange new icons and desktop backgrounds
Internet Browsing Re-directs and Hijacks
System Crashes
High Pressure Marketing Tactics to "Purchase Full Version" of software
You will receive phony alerts such as "Spyware Alert! Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of Ghost Antivirus and remove spyware threats from your PC."

How Do I Remove Ghost Antivirus ?

How to remove Ghost Antivirus : There are two methods. The manual way and the automatic way. First – if you want to try and remove it manually (and I only recommend this to IT Professionals!) you must disable all related system processes, adjust all related system DLL files and registry files in the LOCAL_HKEY_USER folder, block all related websites, and delete all program files with the Ghost Antivirus name. Below are the Ghost Antivirus Removal Instructions.

Ghost Antivirus Manual Removal Instructions:

Stop Ghost Antivirus Processes:

GhostAV.exe
unins000.exe
services.exe
[random]onin.exe

Get Rid of Ghost Antivirus DLLs:

c:\Program Files\Ghost Antivirus\lib\WMILib.dll
c:\WINDOWS\system32\[random].dll
c:\WINDOWS\system32\[random].dll

Remove Ghost Antivirus Registry Keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ghost Antivirus_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “c:\program files\Ghost Antivirus\”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “onin”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Ghost Antivirus”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “3P_UDEC”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent “URIAPRO[1.1.3.9]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger” = “?” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “RealLogonType” = “1″

Remove Ghost Antivirus Files and Folders:

c:\Program Files\Ghost Antivirus\GhostAV.exe
c:\Program Files\Ghost Antivirus\register.ico
c:\Program Files\Ghost Antivirus\unins000.dat
c:\Program Files\Ghost Antivirus\uninst.ico
c:\Program Files\Ghost Antivirus\web.ico
c:\Program Files\Ghost Antivirus\working.log
c:\Program Files\Ghost Antivirus\lib\ghost.sql
c:\Program Files\Ghost Antivirus\lib\Infected.wav
c:\Program Files\Ghost Antivirus\lib\listing.cfg
c:\Program Files\Ghost Antivirus\lib\version.db
c:\Documents and Settings\All Users\Desktop\Ghost Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk
%UserProfile%\Application Data\Ghost Antivirus\settings.ini
%UserProfile%\Application Data\Ghost Antivirus\uill.ini
%UserProfile%\Application Data\Ghost Antivirus\unins000.exe
%UserProfile%\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk
%UserProfile%\Application Data\Ghost Antivirus\lib\links.txt
%UserProfile%\Application Data\Ghost Antivirus\lib\properties
%UserProfile%\Application Data\Ghost Antivirus\lib\times.conf
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
\onin.exe
c:\Program Files\Ghost Antivirus\
c:\Program Files\Ghost Antivirus\Languages\
c:\Program Files\Ghost Antivirus\lib\
c:\Documents and Settings\All Users\Start Menu\Programs\Ghost Antivirus\
%UserProfile%\Application Data\Ghost Antivirus\
%UserProfile%\Application Data\Ghost Antivirus\lib\

Note: In any Ghost Antivirus files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Ghost Antivirus removal, go ahead and leave a comment.

How to delete Ghost Antivirus files in Windows XP and Vista:

Click your Windows Start menu, and then click “Search.”
A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
Type a Ghost Antivirus file in the search box, and select “Local Hard Drives.”
Click “Search.” Once the file is found, delete it.

How to stop Ghost Antivirus processes:

Click the Start menu, select Run.
Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
Click Processes tab, and find Ghost Antivirus processes.
Once you’ve found the Ghost Antivirus processes, right-click them and select “End Process” to kill Ghost Antivirus .

How to remove Ghost Antivirus registry keys:

Warning! Your registry is a vital key to your Windows system. If you plan on making any edits to your registry, you absolutely must backup your registry first in case anything goes wrong. Be forewarnd that a mistake when editing your registry can result in a computer that no longer boots up. These instructions are designed for IT Professionals and PC Experts.

Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
To find a registry key, such as any Ghost Antivirus registry keys, select “Edit,” then select “Find,” and in the search bar type any of Ghost Antivirus ’s registry keys.
As soon as Ghost Antivirus registry key appears, you can delete the Ghost Antivirus registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”

How to delete Ghost Antivirus DLL files:

First locate Ghost Antivirus DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Ghost Antivirus DLL file is located. If you’re not sure if the Ghost Antivirus DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
When you’ve located the Ghost Antivirus DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.

If you wish to restore any Ghost Antivirus DLL file you deleted, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and hit the “Enter” key.

Did Ghost Antivirus change your homepage?

Click Windows Start menu > Control Panel > Internet Options.
Under Home Page, select the General > Use Default.
Type in the URL you want as your home page (e.g., “http://www.google.com”).
Select Apply > OK.

Ghost Antivirus Removal in 10 Minutes:

deleteit

Download Spyware Doctor to get rid of Ghost Antivirus in 10 minutes, automatically.

Automatic Removal. It’s What I Choose.

The risks of manual removal make automatic removal an easy decision for me. I don’t have enough time in the day to manually remove every infection that I come across; it’s way too time consuming, and risky. It’s easy to miss a file if you’re not careful, and it’s easy to adjust the wrong file and be left with a paperweight for a computer.

Posted in Threat Removal | Comments (0)

Spyware Review

Remove Spyware Quickly and Easily.

Looking for something?