Welcome to remove-malware.net
The ultimate resource for malware removal and virus protection
How to remove CleanUp Antivirus rogue anti-spyware
Malware Description:
CleanUp Antivirus (or Clean Up Antivirus) is a new fraud tool from the creators of Security Antivirus scareware program. CleanUp Antivirus trespasses the line of regular AV software by intruding on computers without any preliminary notice, i.e. it won’t ever ask for user approval before installing onto his/her workstation. This rogue security software gets distributed via the assistance of trojan horses that tend to impudently attack a system by exploiting some vulnerabilities and splits of the potential target OS. As you can see, CleanUp Antivirus does not lack trickeries in terms of propagation methods. Once this scamware successfully downloads onto your PC, it adds a number of files which are meant to be further ‘found’ by CleanUp Antivirus and labeled infections. But the worst part of CleanUp Antivirus activity is its Windows Registry interference which it conducts in order to force your system into running certain executables that are critical to this malware’s deployment. When CleanUp Antivirus is running on your machine, it will be constantly reporting the detection of security threats and other issues. These deemed infections are completely fabricated though; those are predominantly the junk dummy files we mentioned above. Believing that you actually have those hazards on your PC is precisely what hackers want you to do. But you should be on top of things and refrain from taking CleanUp Antivirus ads and scanners for granted. When trying to get rid of CleanUp Antivirus you may run into a couple of complications though. It will not be presented on Add/Remove Programs list; it might as well prevent you from accessing Task Manager and deleting its directory under Program File. This is why we recommend you to enter Safe Mode with Networking by repeatedly hitting F8 key during PC startup; then, please follow the instructions listed under this post.
Malware Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: 
Critical
Advice: Immediately remove and scan for additional malware
CleanUp Antivirus Free Scanner and Remover: 
Download Now
CleanUp Antivirus Screenshot:
How to remove CleanUp Antivirus manually:
Manual removal of CleanUp Antivirus is a feasible objective if you have sufficient expertise in dealing with program files, processes, .dll files and registry entries.
The files to be deleted are listed below:
- %Documents and Settings%\All Users\Application Data\345d567\
- %Documents and Settings%\All Users\Application Data\345d567\46.mof
- %Documents and Settings%\All Users\Application Data\345d567\CU345d.exe
- %Documents and Settings%\All Users\Application Data\345d567\CUA.ico
- %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
- %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
- %Documents and Settings%\All Users\Application Data\345d567\BackUp\
- %Documents and Settings%\All Users\Application Data\345d567\CUASys\
- %Documents and Settings%\All Users\Application Data\345d567\CUASys\vd952342.bd
- %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items
- %Documents and Settings%\All Users\Application Data\CUCAISTUA\
- %Documents and Settings%\All Users\Application Data\CUCAISTUA\CUEWA.cfg
- %Program Files%\Mozilla Firefox\searchplugins\search.xml
- %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus
- %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus\cookies.sqlite
- %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus\Instructions.ini
- %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
- %Documents and Settings%\[UserName]\Desktop\CleanUp Antivirus.lnk
- %Documents and Settings%\[UserName]\Recent\cb.tmp
- %Documents and Settings%\[UserName]\Recent\CLSV.tmp
- %Documents and Settings%\[UserName]\Recent\DBOLE.dll
- %Documents and Settings%\[UserName]\Recent\DBOLE.sys
- %Documents and Settings%\[UserName]\Recent\eb.tmp
- %Documents and Settings%\[UserName]\Recent\exec.tmp
- %Documents and Settings%\[UserName]\Recent\FS.dll
- %Documents and Settings%\[UserName]\Recent\grid.exe
- %Documents and Settings%\[UserName]\Recent\pal.drv
- %Documents and Settings%\[UserName]\Recent\pal.tmp
- %Documents and Settings%\[UserName]\Recent\PE.exe
- %Documents and Settings%\[UserName]\Recent\tempdoc.drv
- %Documents and Settings%\[UserName]\Recent\tempdoc.tmp
- %Documents and Settings%\[UserName]\Recent\tjd.sys
- %Documents and Settings%\[UserName]\Recent\tjd.tmp
- %Documents and Settings%\[UserName]\Start Menu\CleanUp Antivirus.lnk
- %Documents and Settings%\[UserName]\Start Menu\Programs\CleanUp Antivirus.lnk
The registry entries that need to be removed are as follows:
- HKEY_CURRENT_USER\Software\3
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\CU345d.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “Library1.00195″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “CleanUp Antivirus”
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “%Documents and Settings%\All Users\Application Data\345d567\CU345d.exe”
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “%Documents and Settings%\All Users\Application Data\345d567\CU345d.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
Please, be aware that manual removal of CleanUp Antivirus is a cumbersome process and does not always ensure complete deletion of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal CleanUp Antivirus, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.
| Download CleanUp Antivirus Automatic Remover |
Like This Article? Let Others Know!
Related Articles:
How to remove Security Antivirus rogue anti-spyware
How to remove Windows Protection Suite rogue anti-spyware
How to remove Enterprise Suite rogue anti-spyware
How to remove Malware Destructor 2009 rogue anti-spyware
Reader's Comments:
Post a Comment:
Page Info:
-
March 7, 2010 -
2 comments
-
Comments RSS
Make it social:
Latest Removal Guides
Types of Malware
- Adware (6)
- Browser Hijackers (731)
- Fake Security Programs (107)
- Mac Scareware (1)
- Ransomware (3)
- Rogue Anti-Spyware (721)
- Security Alerts (29)
- Spyware (2)
- Toolbars (4)
- Trojan Horses (92)
- Worms (31)
thanks for inventing this remover
i just started to download it i use it in a while,i’ll have to wait and see if it really works, anyway thanks for making such software . . .
ronald santos