Welcome to remove-malware.net

How to remove Groundhogday2.cn hijacker

Malware Description:
Groundhogday2.cn is a part of the malvertising schemes being deployed by the rogue anti-spyware solution generally known as Personal Antivirus. Groundhogday2.cn performs the function of a browser redirect entity because it hijacks a victim’s homepage or/and the search page. Therefore most of the times you are trying to go online you will keep running into hits to Groundhogday2.cn which somehow turns out to look much like My Computer interface, with its disks displayed. Strangely enough, Groundhogday2.cn also appears to scan your PC for viruses. Now, let us reveal the sad truth about this scanner activity implanted by Groundhogday2.cn. This hijacker does not really check your computer for infections, it only pretends to. Groundhogday2.cn is a malicious instrument for distributing Personal Antivirus scareware so all it does is tricking you into believing your PC has problems and then makes you install the ‘featured’ software, i.e. the aggressive Personal Antivirus scam. In case you encounter Groundhogday2.cn domain when surfing the web, make sure to keep yourself from clicking anything on it and please keep in mind that it’s a fake scanner site. To prevent severe system contamination, you need to eliminate the initial problem causing Groundhogday2.cn to redirect your browser, i.e. the Personal Antivirus freeware and the related trojan viruses. Below is a tutorial to help you get rid of Groundhogday2.cn trouble.

Malware Type: Browser Hijackers

Malware Author: Innovagest2000 SL

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

Groundhogday2.cn Hijacker Free Scanner and Remover: Download Now

Groundhogday2.cn Fake Scanner Screenshot:

How to remove Groundhogday2.cn hijacker manually:
Manual removal of Groundhogday2.cn hijacker and attendant malware is feasible if you have sufficient expertise in dealing with program files, system processes, .dll files and registry entries.

The associated files to be deleted are listed below:

• %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
• %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
• %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
• %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
• %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
• %UserProfile%\Application Data\Personal Antivirus
• %UserProfile%\Application Data\Personal Antivirus\settings.ini
• %UserProfile%\Application Data\Personal Antivirus\uill.ini
• %UserProfile%\Application Data\Personal Antivirus\unins000.exe
• %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
• %UserProfile%\Application Data\Personal Antivirus\db
• %UserProfile%\Application Data\Personal Antivirus\db\config.cfg
• %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
• %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
• %Program Files%\Personal Antivirus
• %Program Files%\Personal Antivirus\activate.ico
• %Program Files%\Personal Antivirus\Explorer.ico
• %Program Files%\Personal Antivirus\PerAvir.exe
• %Program Files%\Personal Antivirus\unins000.dat
• %Program Files%\Personal Antivirus\uninstall.ico
• %Program Files%\Personal Antivirus\working.log
• %Program Files%\Personal Antivirus\db
• %Program Files%\Personal Antivirus\db\DBInfo.ver
• %Program Files%\Personal Antivirus\db\ia080614.db
• %Program Files%\Personal Antivirus\db\ia080618x.db
• %Program Files%\Personal Antivirus\Languages
• %Program Files%\Personal Antivirus\Languages\IAEs.lng
• %Program Files%\Personal Antivirus\Languages\IAFr.lng
• %Program Files%\Personal Antivirus\Languages\IAGer.lng
• %Program Files%\Personal Antivirus\Languages\IAIt.lng
• %WINDOWS%\system32\log.txt
• %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
• %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
• %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
• %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
• %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe

The related registry entries to be removed are as follows:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”

Please, be aware that manual removal of Groundhogday2.cn is a cumbersome procedure and does not ensure complete deletion of the malware, due to the fact that some files might be hidden or may automatically reanimate themselves afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of Groundhogday2.cn, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.