Green AV is a fake antivirus software that looks like AntvirusBEST. The rogue distributed through the use fake online malware scanners that tells you that your computer infected with a lot of infections and that you must install Green AV in order to clean your computer. During installation, Green AV is set to start automatically when your computer starts. Immediately after launch, the program starts scanning the computer and list a variety of threats that will not be fixed unless you first purchase the scareware. All of these threats are fake, so you can safely ignore them.
Green AV
When Green AV is running your PC will show fake security alerts from Windows taskbar and nag screens. Some of the alerts:
Green AV – Threats detected
Warning 41 infections found
Unwanted software or tracking cookies have been
found during the last scan.
Green AV
Privacy Violation alert!
Green AV detected a Privacy Violation. A program is secretly
sending your private data to an untrusted internet host. click here
to block this activity by removing the threat
(Recomended).
Green AV will install a Internet Explorer BHO module (WStech.dll) that will show warning message “Your system might be at risk, click here to protect your computer with Green AV”. Also the program will show fake Windows Security Center that will recommend you register Green AV.
Like scan fake results, these alerts and warnings are all fake and should be ignored. If your computer is infected with Green AV, then use these removal instructions below, which will remove Green AV and any other infections you may have on your computer for free.
Symptoms in a HijackThis Log
O1 – Hosts: 69.10.51.38 a1.review.zdnet.com
O1 – Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 – Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 – Hosts: 69.10.51.38 reviews.download.com
O1 – Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 – Hosts: 69.10.51.38 reviews.pcmag.com
O1 – Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 – Hosts: 69.10.51.38 reviews.techradar.com
O1 – Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 – Hosts: 69.10.51.38 www.reevoo.com
O1 – Hosts: 69.10.51.38 toptenreviews.com
O2 – BHO: WStechB – {A5DBD8CB-DF8A-4992-A655-B155216F6AFB} – C:\Documents and Settings\All Users\Application Data\gwr\WStech.dll
O4 – HKLM\..\Run: [RANDOM NUMBERS] C:\Documents and Settings\All Users\Application Data\gwr\mradll.exe
O4 – HKLM\..\Run: [RANDOM NUMBERS] C:\Documents and Settings\All Users\Application Data\gwr\rwg.exe
O4 – HKCU\..\Run: [RANDOM NUMBERS] C:\ProgramData\gwr\wsn.bat
Use the following instructions to remove Green AV (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Green AV infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Green AV removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Green AV creates the following files and folders
c:\Documents and Settings\All Users\Start Menu\Programs\Green AV
c:\Documents and Settings\All Users\Application Data\gwr\
c:\Documents and Settings\All Users\Desktop\ Green AV .lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Green AV\ Green AV .lnk
c:\Documents and Settings\All Users\Application Data\gwr\mwrdll.exe
c:\Documents and Settings\All Users\Application Data\gwr\rwg.exe
c:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat
c:\Documents and Settings\All Users\Application Data\gwr\wsav.exe
c:\Documents and Settings\All Users\Application Data\gwr\WStech.dll
c:\Documents and Settings\All Users\Application Data\gwr\wtds05.exe
