How to Remove Ghost Antivirus



Ghost Antivirus is a rogue antivirus application that is the successor to Antivirus Pro. This rogue is pushed through trojan horse activity and aggressive advertising tactics. It makes things very challenging to remove this rogue because it disables task manager, as well as any security programs that it detects. It also installs other malware on your system and terminates explorer.exe which makes the desktop unusable. It is possible to remove this rogue and you need to reboot into safe mode (with networking) in order to do so. Read on for how to remove ghost antivirus.


First you should boot up in safe mode with networking. In order to access the menu to choose how to boot you will need to press F8 when your computer boots up (yet just before the Windows splash screen.) After you have made it into safe mode then you should be able to download and install malwarebytes antimalware. (From the virus removal toolkit page.)

After it is installed, update and perform a full scan. Make sure to remove anything that it finds. For your reference the following files and folders are associated with Ghost antivirus and should be deleted for a manual removal of ghost antivirus. However, due to the nature of the rogue manual removal is not suggested.

If you do delete the following files to remove ghost antivirus then you should follow that up with a scan of your computer by malwarebytes antimalware or superantispyware and then follow that up with a scan with a trusted antivirus application. The files associated with this rogue are:

%docs%All UsersDesktopGhost Antivirus.lnk
%docs%All UsersStart MenuProgramsGhost Antivirus
%docs%All UsersStart MenuProgramsGhost AntivirusGhost Antivirus Home Page.lnk
%docs%sAll UsersStart MenuProgramsGhost AntivirusGhost Antivirus.lnk
%docs%All UsersStart MenuProgramsGhost AntivirusPurchase License.lnk
%user%Application DataGhost Antivirus
%user%Application DataGhost Antivirussettings.ini
%user%Application DataGhost Antivirusuill.ini
%usere%Application DataGhost Antivirusunins000.exe
%user%Application DataGhost AntivirusUninstall Ghost Antivirus.lnk
%user%Application DataGhost Antiviruslib
%user%Application DataGhost Antivirusliblinks.txt
%user%Application DataGhost Antiviruslibproperties
%user%Application DataGhost Antiviruslibtimes.conf
%user%Application DataMicrosoftInternet ExplorerQuick LaunchGhost Antivirus.lnk
%user%Local SettingsApplication DataMicrosoftInternet ExploreriGSh.png
%user%Local SettingsApplication DataMicrosoftInternet ExploreriMSh.png
%user%Local SettingsApplication DataMicrosoftInternet ExploreriPSh.png
%user%Local SettingsApplication DataMicrosoftWindowspguard.ini
%user%Local SettingsApplication DataMicrosoftWindowsservices.exe
RANDOMRANDOMonin.exe
%progfiles%Ghost Antivirus
%progfiles%Ghost AntivirusGhostAV.exe
%progfiles%Ghost Antivirusregister.ico
%progfiles%Ghost Antivirusunins000.dat
%progfiles%Ghost Antivirusuninst.ico
%progfiles%Ghost Antivirusweb.ico
%progfiles%Ghost Antivirusworking.log
%progfiles%Ghost AntivirusLanguages
%progfiles%Ghost Antiviruslib
%progfiles%Ghost Antiviruslibghost.sql
%progfiles%Ghost AntiviruslibInfected.wav
%progfiles%Ghost Antivirusliblisting.cfg
%progfiles%Ghost Antiviruslibversion.db
%progfiles%Ghost AntiviruslibWMILib.dll
%win%system32RANDOM.dll
%win%system32RANDOM.dll

Remember to keep scanning with your malware removal tools and antivirus until the system comes up clean!

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Eco Antivirus 2010 | Eco Antivirus 2010 Removal Guide Eco Antivirus 2010 is a slight twist (renaming) of the recent Eco Antivirus rogue that has made the rounds. These rogues pretend to be antivirus, or antispyware software, but in reality are not much more than a scam trying to squeeze money out of unsuspecting computer users. These rogue applications......
  • How to Remove Windows Enterprise Defender (Removal Guide) Windows Enterprise Defender is a rogue antivirus application that uses the name of Windows Defender and the similarities of their name to appear as an official product or add on to windows. Of course, the real Windows Defender is a legitimate application, but Windows Enterprise Defender is a rogue antivirus......
  • How to Remove Antivirus Live | Antivirus Live Removal Guide Antivirus Live is a rogue antivirus application that usually is installed without the permission of the owner of the computer. Simple web browsing may be enough when visiting the wrong site for this to introduce itself onto the machine via a trojan or even aggressive advertising within the page that......
Blog Traffic Exchange Related Websites
  • How Can Marketplace Samurai Aid Your Organization Increase? On the web marketplace is often a extremely competitive marketplace currently where surviving for any online company just isn't quick. Today a number of web sites are launched each and every now and then either to promote items or services of companies. Right way of marketing is critical for your......
  • Black Hat // Webcast 28 - HTTP Parameter Pollution Vulnerabilities in Web Applications HTTP Parameter Pollution Vulnerabilities in Web Applications // Marco Balduzzi http://links.covertchannel.blackhat.com/ctt?kn=4&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0 ----------------------------------- OVERVIEW: While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded......
  • Web Application Security: An Overview An area of information security that has been gaining a lot more focus in recent years is the security of web applications.   This area is of particular interest because of the growing complexity of websites which makes them a strong target for those with malicious intent.  Websites are attractive to......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site