Earth AV Removal

Related to the notorious rogue anti-malware Green AV, Earth AV is a rogue program that attempts to rip off users under the pretext of selling them the full version of a piece of software. Earth AV reaches user systems via Trojans that get downloaded from websites that claim to contain Flash player downloads. Once the Trojan is downloaded and installed on the computer, it downloads and installs Earth AV by exploiting security vulnerabilities in the system. Once installed, Earth AV proceeds to perform fake antivirus scans on the system through which it creates false results and warnings about viruses that don’t exist on the computer. It also creates a large number of fake warning pop-ups from the Windows Taskbar which are totally irrelevant. This is to try and induce the user to purchase the license to the ‘full’ version of Earth AV, by making them feel that the currently installed ‘trial’ version is incapable of saving the system from sure destruction. However, do not make any hasty decisions as Earth AV is a fake application that should not be trusted under any circumstances.

Earth AV

The first thing you should do as soon as you find a copy of this malware on your computer is initiate Earth AV removal. In order to delete Earth AV, it is important to stop processes, unregister DLLs, delete files and folders and remove registry entries.

File Removal Procedures

The first step you need to take in order to remove Earth AV is to stop the following processes:

  • ergui.exe
  • ErV_paid.exe
  • eav.exe
  • msdl.exe
  • vec.exe

Next, it is necessary to unregister the following DLL files:

  • ergui.exe
  • ErV_paid.exe
  • eav.exe
  • msdl.exe
  • vec.exe

The next step in Earth AV removal is to delete the following files and folders:

Windows XP:

  • %Documents and Settings%\All Users\Start Menu\Programs\Earth AV
  • %Documents and Settings%\All Users\Desktop\Earth AV.lnk
  • %Documents and Settings%\All Users\Application Data\Earth AV
  • c:\Documents and Settings\All Users\Application Data\eav
  • c:\Documents and Settings\All Users\Application Data\eav\Base.dat
  • c:\Documents and Settings\All Users\Application Data\eav\msdl.exe
  • c:\Documents and Settings\All Users\Application Data\eav\msll.exe
  • c:\Documents and Settings\All Users\Application Data\eav\vec.exe
  • c:\Documents and Settings\All Users\Application Data\Microsoft\Machine
  • c:\Documents and Settings\All Users\Application Data\Microsoft\Machine\WStech.dll
  • c:\Documents and Settings\All Users\Start Menu\Programs\ Earth AV
  • c:\Documents and Settings\All Users\Desktop\ Earth AV .lnk
  • %APPDATA%\mozilla\firefox\profiles\\gsl.dll
  • ergui.exe
  • ErV_paid.exe

Windows Vista/Windows 7:

  • %Documents and Settings%\All Users\Start Menu\Programs\Earth AV
  • %Documents and Settings%\All Users\Desktop\Earth AV.lnk
  • %Documents and Settings%\All Users\Application Data\Earth AV
  • %USER%\AppData\eav
  • %USER%\AppData\eav\Base.dat
  • %USER%\AppData\eav\msdl.exe
  • %USER%\AppData\msll.exe
  • %USER%\AppData\av\vec.exe
  • %USER%\AppData\Microsoft\Machine
  • %USER%\AppData\Microsoft\Machine\WStech.dll
  • %USER%\AppData\Start Menu\Programs\ Earth AV
  • c:\Documents and Settings\All Users\Desktop\ Earth AV .lnk
  • %APPDATA%\mozilla\firefox\profiles\\gsl.dll
  • ergui.exe
  • ErV_paid.exe

After the above steps have been completed, Earth AV no longer resides on your hard disk. Even if this is true in most cases, due to the complex nature of this threat it is still recommended to run a full system scan of the entire PC using genuine antivirus software such as Spyware Doctor with Antivirus.

Registry Removal Procedures

File deletion alone is not sufficient to completely remove Earth AV. The following registry entries should be deleted as well in order to ensure complete Earth AV removal:

  • HKEY_CURRENT_USER\Software\Earth AV
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “Earth AV”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Earth AV
  • HKEY_CURRENT_USER\Software\EAV
  • HKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
  • HKEY_CLASSES_ROOT\AppID\WStech.DLL
  • HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
  • HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
  • HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
  • HKEY_CLASSES_ROOT\WStech.WStechB
  • HKEY_CLASSES_ROOT\WStech.WStechB.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\S
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “mxcll”

Conclusion

Manual Earth AV removal is not recommended for novice users, as any mistake made during removal could result in damage being caused to the operating system of the computer. Therefore, inexperienced computer users are asked to make use of a web-based repair software such as www.onlinecomputerrepair.org or legitimate antivirus software such as Spyware Doctor with Antivirus.