Posts Comments

Earth AV Removal Instructions

By admin on August 6, 2010 Leave a Comment

Description: Earth AV is a rogue anti-malware application that attempts to trick users into making license purchases. It is related to the well-known rogue software Green AV , Eco Antivirus and Earth AV. Earth AV installs itself on user systems through Trojans that get downloaded when the user attempts to download Flash player codec packs, and from fake security websites which exploit vulnerabilities in the system's security to get downloaded and installed without the user's knowledge. Once installed, Earth AV immediately loads up as a Windows service, and proceeds to perform an endless number of fake security scans on the system. As a result of these fake scans, Earth AV will report that there are viruses present on the system which are not really there. It will also generate fake security pop-ups from the Windows Taskbar, trying to convince the user that the system is infected.

The aim of all this activity is to push the user into purchasing the license for the 'full' version of this thratunder the pretext that the currently installed 'trial' version is incapable of performing the cleanup activities needed to save the system. However, you should remember that the viruses that this client detected didn't exist in the first place, and therefore you should never pay for the license of such a fake application.

Earth AV

Earth AV

» Download Earth AV Removal Software

The first thing you should do as soon as you find a copy of this malware on your computer is initiate Earth AV removal. In order to delete tu9s, it is important to stop processes, unregister all malicious DLLs, delete files and folders and remove registry entries.

Earth AV Manual Removal Procedures

The first step you need to take in order to remove Earth AV is to stop the following processes:

  • ergui.exe
  • ErV_paid.exe
  • eav.exe
  • msdl.exe
  • vec.exe

Next, it is necessary to unregister the following DLL files:

  • ergui.exe
  • ErV_paid.exe
  • eav.exe
  • msdl.exe
  • vec.exe

The next step in Earth AV removal is to delete the following files and folders:

Windows XP:

  • %Documents and Settings%\All Users\Start Menu\Programs\Earth AV
  • %Documents and Settings%\All Users\Desktop\Earth AV.lnk
  • %Documents and Settings%\All Users\Application Data\Earth AV
  • c:\Documents and Settings\All Users\Application Data\eav
  • c:\Documents and Settings\All Users\Application Data\eav\Base.dat
  • c:\Documents and Settings\All Users\Application Data\eav\msdl.exe
  • c:\Documents and Settings\All Users\Application Data\eav\msll.exe
  • c:\Documents and Settings\All Users\Application Data\eav\vec.exe
  • c:\Documents and Settings\All Users\Application Data\Microsoft\Machine
  • c:\Documents and Settings\All Users\Application Data\Microsoft\Machine\WStech.dll
  • c:\Documents and Settings\All Users\Start Menu\Programs\ Earth AV
  • c:\Documents and Settings\All Users\Desktop\ Earth AV .lnk
  • %APPDATA%\mozilla\firefox\profiles\\gsl.dll
  • ergui.exe
  • ErV_paid.exe

Windows Vista/Windows 7:

  • %Documents and Settings%\All Users\Start Menu\Programs\Earth AV
  • %Documents and Settings%\All Users\Desktop\Earth AV.lnk
  • %Documents and Settings%\All Users\Application Data\Earth AV
  • %USER%\AppData\eav
  • %USER%\AppData\eav\Base.dat
  • %USER%\AppData\eav\msdl.exe
  • %USER%\AppData\msll.exe
  • %USER%\AppData\av\vec.exe
  • %USER%\AppData\Microsoft\Machine
  • %USER%\AppData\Microsoft\Machine\WStech.dll
  • %USER%\AppData\Start Menu\Programs\ Earth AV
  • c:\Documents and Settings\All Users\Desktop\ Earth AV .lnk
  • %APPDATA%\mozilla\firefox\profiles\\gsl.dll
  • ergui.exe
  • ErV_paid.exe

Earth AV Registry Removal Procedures

In order to properly remove Earth AV it is necessary to delete files, folders and registry keys related to this rogue software product. One of the most complicated aspects of this set of tasks is the proper removal of all registry keys that are part of this malicious product. In order to properly remove Earth AV, the following keys will need to be deleted:

  • HKEY_CURRENT_USER\Software\Earth AV
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “Earth AV”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Earth AV
  • HKEY_CURRENT_USER\Software\EAV
  • HKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
  • HKEY_CLASSES_ROOT\AppID\WStech.DLL
  • HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
  • HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
  • HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
  • HKEY_CLASSES_ROOT\WStech.WStechB
  • HKEY_CLASSES_ROOT\WStech.WStechB.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\S
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "mxcll"

Earth AV Directories:

  • Vista and Windows 7 Users: %USER%\AppData \eav
  • XP Users: c:\Documents and Settings\All Users\Application Data\eav

Outside Resources:

http://www.pcthreat.com/parasitebyid-9603en.html

http://www.spywarevoid.com/remove-earth-antivirus-earthantivirus-removal-help.html

Filed Under: Virus Removal Tagged With: , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.