FrEn

E-mail Print

Free malware removal tool to remove CleanUp Antivirus
Written by Administrator  |  Thursday, 18 March 2010 00:00
AddThis Social Bookmark Button
CleanUp Antivirus is a rogue Antispyware, a scareware, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a fake alarm that there are more malwares on your system. It’s true indeed, there is really a malware in your system but I think the only malware on your system is CleanUp Antivirus. It invites you to purchase a license to remove malware, do not, it's a scam, you need a license for a malware? This so-called Antivirus tries to scam you. Uninstall CleanUp Antivirus immediately from your system.

CleanUp Antivirus

To remove CleanUp Antivirus (Uninstall CleanUp Antivirus)

  • Download this free removal tool for CleanUp Antivirus
  • Extract it
  • Launch
  • Click on the delete button

CleanUp Antivirus will be removed from your system in 10s. Restart your computer when it’s finished.

Alias :

  • Mal/FakeAV-BW, Mal/FakeAV-BW [Sophos]
  • Trojan-Downloader.Win32.FakeVimes [Ikarus]
  • Win-Trojan/Fakeav.330752 [AhnLab]
  • packed with: PE_Patch.UPX [Kaspersky Lab]

Processes :

  • Cleanup.exe
  • CleanUpAV.exe

Files :

  • %Temp%\del.bat
  • %Temp%\[filename of the sample #1]
  • %CommonAppData%\[Random]
  • %AppData%\CleanUp Antivirus
  • %System%\CUASys
  • %System%\Quarantine Items
  • %CommonAppData%\[Random]\[Random].cfg
  • %CommonAppData%\[Random]
  • %CommonAppData%\[Random]\unins000.dat
  • %CommonAppData%\[Random]\CleanUpAV.exe
  • %CommonAppData%\[Random]\CUASys\[Random].bd
  • [%Desktop%]\CleanUp Antivirus.lnk
  • [%StartMenu%]\CleanUp Antivirus.lnk
  • [%Programs%]\CleanUp Antivirus.lnk
  • [%AppData%]\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
  • [%Desktop%]\Cleanup.exe

Registry

Created key :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Created values :

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • CUA = ""%CommonAppData%\e4a12b7\CleanUpAV.exe" /s"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    • CUA = "%Temp%\[filename of the sample #1] /cs:1 "
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
    • IIL = 0x00000000
    • ltHI = 0x00000000
    • ltTST = 0x0000B491
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    • TrialVersion = ""%CommonAppData%\03b8\CleanUpAV.exe" /s"
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
    • CleanUp Antivirus="[%COMMON_APPDATA%]\e7f76a8\CUe7f7.exe" /s /d

 

Download

 
 

Comments  

 
+1 #1 2010-04-15 04:06
Antivirus soft, how to strip out of harddrive, it procreates.
Quote
 

Add comment


Security code
Refresh

Related articles
Latest posts

  • Free malware removal tool for Guard Online

    Written by %s admin 10/10/2011
    Guard Online is a another rogue Antispyware from the OpenCloud and AV Guard Online familly, it's a malware that pretends to be an Antivirus. Guard Online conducts a fake scan of your system; you are…
    Read more...

  • Free malware removal tool to remove AV Guard Online

    Written by %s admin 05/10/2011
    AV Guard Online is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. AV Guard Online conducts a fake scan of your system; you are warned by a…
    Read more...

  • Free removal tool to remove Security Guard 2012

    Written by %s admin 05/10/2011
    Security Guard 2012 is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. Security Guard 2012 conducts a fake scan of your system; you are warned…
    Read more...

  • Free removal tool for Advanced PC Shield 2012

    Written by %s admin 01/10/2011
    Advanced PC Shield 2012 is a another rogue Antispyware, it's a malware that pretends to be an Antivirus. Advanced PC Shield 2012 conducts a fake scan of your system; you are warned by a fake alarm…
    Read more...

  • Security Sphere 2012 Free Removal Tool

    Written by %s admin 01/10/2011
    Security Sphere 2012 is another spyware from the Security Tool family. Security Sphere 2012 is not a legit program; it's a fake, a counterfeit. Security Sphere 2012 claims to fix your system, but…
    Read more...
.
Information | Contact

© All Rights Reserved. net-studio.org 2009