Gharath M. Narayan, mastermind behind Ghost Antivirus has created a program very similar to Internet Antivirus Pro which frustrated users to no end in 2009. Dangerous and aggressive, GhostAntivirus will first attempt to compel you to try the trial version of the program. After you have done this, a “scan” will run and you will be presented with a result that contains a series of “infected files.” These files are not infected. In fact, they are placed there exactly by GhostAntivirus and if removed may affect other legitimate applications that require the use of those files.
In addition to the phony results, GhostAntivirus will disable your Task Manager making it nearly impossible to end the processes of this pest. It will also prevent you from accessing sites that would enable you to remove it.
Type: Rogue Security Application
Related file contents:
[random symbols]onin.exe, services.exe, pguard.ini, iPSh.png, iMSh.png, iGSh.png, times.conf, links.txt, Uninstall Ghost Antivirus.lnk, unins000.exe, uill.ini, settings.ini, Purchase License.lnk, Ghost Antivirus Home Page.lnk, Ghost Antivirus.lnk, [random symbols].dll, wmilib.dll, version.db, listing.cfg, Infected.wav, ghost.sql, working.log, web.ico, uninst.ico, unins000.dat, register.ico, ghostav.exe
Manual Removal Instructions:
In theory, it is possible to manually remove GhostAntivirus from a computer. However, if you lack the sufficient expertise required for the process, you may cause more harm than good. For those with experience in removal, proceed with the following:
Delete the following processes thoroughly:
Processes ending with onin.exe (e.g. 235asrstonin )
Then, disable these GhostAntivirus dlls:
Next, you must delete the following registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “%Program Files%\Ghost Antivirus\”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Ghost Antivirus”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent “URIAPRO[22.214.171.124]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger” = “?”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “RealLogonType” = “1?
Finally, be sure to remove each of the following files:
Files ending with onin.exe (e.g. 235asrstonin )
Ghost Antivirus Home Page.lnk
Uninstall Ghost Antivirus.lnk
Manual removal requires meticulous precision if you are to remove the program properly. If you have less than an exacting hand, then perhaps trying a program that removes the program for you is a better option. ZookaWare PC Cleaner, created by programming experts at ZookaWare, have provided an excellent choice in spyware removal.
ZookaWare PC Cleaner offers, in addition to a stellar anti-virus application, free and unconditional customer support if you have any questions. Now, that’s a deal you can live with! For solid and fast results, try ZookaWare PC Cleaner.
My computer was infected with GhostAntivirus last week. For me it was easy to get rid of it with SpyZooka 🙂 Sorry for the ones that are buying the license. It’s better to be informed by reading this posts.