Cleanup Antivirus is a rogue anti-spyware application related to the well-known malicious applications Security Antivirus and My Security Wall. Similarly to its relatives, Cleanup Antivirus tries to trick the user into paying for the license of the software. This malware application gets installed via Trojans that get delivered to users as infected PDF attachments to spam emails or get downloaded from malicious websites along with fake audio or video codec packs. Once installed, the virus blocks useful Windows utilities such as Task Manager and Registry Editor to prevent the user from attempting to remove it. Cleanup Antivirus then begins to perform endless fake security scans on the system, returning results that show that the computer is under threat from many non-existent malicious programs. It also displays and endless stream of fake warning pop-ups from the Windows taskbar warning about how much of the threat the user’s system is facing.
CleanUp Antivirus
» Download CleanUp Antivirus Removal Software
The aim of all this activity is to try and trick the user into purchasing the software license for the ‘full’ version of Cleanup Antivirus by claiming that the currently installed ‘trial’ version is insufficient to completely scan the system. System Security puts this request forward through its very authentic-looking GUI, through the warning pop-ups, and at the end of each fake scan. However, it must be noted that the so-called ‘full’ version is just as incapable of scanning or cleaning out any malware from any computer system as the ‘trial’ version is.
As soon as you find a copy of this malicious software installed on your computer, you should take steps to delete this malware. Cleanup Antivirus removal involves the removal of files and folders and the deletion of registry entries.
CleanUp Antivirus Manual Removal Procedures
The first step you must take in order to delete this threat is to remove the following files and folders:
- %Documents and Settings%\All Users\Application Data\[randomsymbols]\
- %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus
- %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
- %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus\cookies.sqlite
- %Documents and Settings%\[UserName]\Desktop\CleanUp Antivirus.lnk
- %Documents and Settings%\[UserName]\Start Menu\CleanUp Antivirus.lnk
- %Documents and Settings%\[UserName]\Start Menu\Programs\CleanUp Antivirus.lnk
- %Program Files%\Mozilla Firefox\searchplugins\search.xml
CleanUp Antivirus Registry Removal Procedures
In order to completely remove Cleanup Antivirus, it is necessary to remove the following keys and settings from the Windows Registry:
- HKEY_CURRENT_USER\Software\CleanUp Antivirus
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =”http://127.0.0.1:27777/?inj=%ORIGINAL%”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1?
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195?
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “CleanUp Antivirus”
Once the registry has been cleaned, you have completed the malware removal process. However, additional security measures must be taken into account in order to avoid further similar problems.
Delete CleanUp Antivirus Directories:
- %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus
Outside Resources:
http://www.bleepingcomputer.com/virus-removal/remove-cleanup-antivirus
Speak Your Mind