Wednesday, August 11, 2010


Earth AV

Earth AV is another addition to the list of "rogue antivirus program" currently populating the internet AV virus is propagated similarly to other software of the same kind. A Trojan is being utilized to drop a copy and install it on computer without being detected by antivirus program present on the compromised computer. A malicious and scam website is another means to transfer Earth AV on visitors computer.

It will pretend as an online virus scanner that will run a virus scan and presents numerous detected threats on the computer. A prompt to buy the registration key of Earth AV is followed and when click, a new browser window will open containing the payment processing method usually via credit card or Paypal.

Just like its predecessor, Green AV and Eco Antivirus, will flood the computer with fake alerts and misleading warning messages. A local virus scan will also launch each time the computer is started. Dozens of threats will be displayed and inform users that the only solution to remove Earth AV is by getting the licensed version of it. Ignore this unwanted program and as much as possible, immediately scan a computer with real anti-virus and anti-malware program. The only positive way to remove Earth AV completely is by the above method.

Caution Level: Medium

Affected systems: Windows 9x, 2000, XP, Vista, Windows 7

Removal Procedures

Manual Removal:


1. Unload any running Earth AV process by pressing Ctrl+Alt+Del on your keyboard. This will open Task Manager. Look for the following process and click “End Process”:
eav.exe
msdl.exe
vec.exe

2. If there are antivirus programs installed, connect to Internet and update it to have the latest database and pattern files.

3. Sscan the computer and clean/delete all infected files thoroughly. Check if there are remnants of virus-related files, delete if found, if found please delete it.

4. Edit Windows registry and delete Earth AV entries.

5. Close registry editor, changes will be save automatically.

6. Remove Earth AV start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open.

7.Go to Startup tab and uncheck the following Startup item(s):
eav.exe
msdl.exe
vec.exe

7. Click on Apply and reboot the computer for changes to take effect.

Earth AV Removal Tool:
For automatic removal of this malware, please download and run Malwarebytes Anti-Malware. There are instances that Earth AV Trojan will block the downloading execution of security application. On this situation, please download the file from an uninfected computer and rename it before installing on the infected computer.

Download Now (5.87MB)
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Technical details :

Malicious Files Added by Earth AV:


HKEY_LOCAL_MACHINE\SOFTWARE\Earth AV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Earth AV
HKEY_CURRENT_USER\Software\EAV
HKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
HKEY_CLASSES_ROOT\AppID\WStech.DLL
HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
HKEY_CLASSES_ROOT\WStech.WStechB
HKEY_CLASSES_ROOT\WStech.WStechB.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\S
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “mxcll”


For Further Reading,
Tips

0 comments:

 

Computer Tips & Tricks

Geekyard

Man Behind This Blog

Well i did my B.E(EIE) in Velammal Engineering College in Chennai.Now I am pursuing my M.Tech(Power Electronics & Drives) in SRM university. My character is to make everyone happy.Looking in things in different manner....