One of the more notorious rogue anti-malware programs to plague computer users recently, AV Clean uses scare tactics to push users into the purchase of a bogus software license. AV Clean, which also passes under the name of AV-Clean, gets installed on user systems via Trojans that get downloaded from malicious websites. Once installed, AV Clean establishes itself as a startup service. It then proceeds to fabricate a large amount of fake virus scans at the end of which it claims that the computer is infected with myriad of viruses that aren’t really there.
AV Clean is also known to display fake pop-ups from the Windows taskbar as well as to install a Browser Helper Object which redirects the user’s web browser whenever he or she attempts to surf the internet. The aim of all this activity is to try and get the user to pay for the so-called ‘full’ version of AV-Clean by making them believe that the currently installed ‘trial’ version is incapable of cleaning out the detected ‘threats’ to the system. However, it should be kept in mind that no version of AV Clean can scan or properly clean any system.
As soon as you discover that your system is infected with AV Clean, you should initiate AV-Clean removal. In order to delete AV Clean, it is necessary to stop its processes, delete its files and folders and remove its registry entries.
File Removal Procedures
The first step in AV-Clean removal is to stop the following processes from executing:
- avreg.exe
- avclean.exe
The next step in AV-Clean removal is the deletion of the following files and folders from your hard disk:
- %ProgramFiles%\avclean\etc\avreg.exe
- %ProgramFiles%\avclean\etc\avfilterdriver.sys
- c:\DelUS.bat
- %Temp%\AV CLEAN
- %Programs%\AVClean
- %Temp%\AV CLEAN\list_control
- %Temp%\nsu2.tmp
- %ProgramFiles%\AVClean
- %ProgramFiles%\AVClean\db
- %ProgramFiles%\AVClean\etc
- %ProgramFiles%\AVClean\etc\temp
- %ProgramFiles%\AVClean\Lang
- %ProgramFiles%\AVClean\skin
- %ProgramFiles%\AVClean\temp
After the above steps have been completed, AV Clean no longer resides on your hard disk.
Registry Removal Procedures
Removing files alone is not sufficient to get rid of AV Clean completely. To ensure complete AV-Clean removal, you must remove the following keys and settings from the Windows Registry as well:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] AVClean = “”%ProgramFiles%\AVClean\AVClean.exe” /Scan”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVClean] “AVClean”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Ebiz\AV CLEAN] “%ProgramFiles%\AVClean”
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVFMON\0000\Control] “AVFMON”
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVFMON\Security] “\??\%ProgramFiles%\avclean\etc\AVFilterDriver.SYS”
Now it is safe to say that AV Clean no longer exists on your computer. In order to certify this fact it is best advised to scan the entire computer with a genuine antivirus product such as Spyware Doctor with Antivirus. By doing so as part of the AV Clean removal process you will make sure that no additional malicious components reside on your PC.
Conclusion
Manual AV Clean removal is not safe in the case of inexperienced users, as any mistake made during removal could cause some serious damage to the operating system. Therefore inexperienced users are advised to make use of a web-based repair service such as www.onlinecomputerrepair.org or legitimate antivirus software such as Spyware Doctor with Antivirus when attempting to engage in AV-Clean removal.