Ghost Antivirus - How to remove January 13, 2010 By Giedrius Majauskas Ghost Antivirus is a scam application, coming from the FakeXPA family of security rogueware. It is similar to Internet Antivirus Pro, which caused lots of infections back in 2009. We want to make it clear that here we address the fake version of the legitimate antivirus utility of the same name, which is developed by Norton or Symantec. Ghost Antivirus is a fake security application, a rogue anti-virus, that should be removed once the first signs of the infection have been observed. Its popups, blocked sites and lots of security alerts are the signs that your PC needs to be cleaned from Trojans. This rogue antivirus application has no function of scanning and it does not possess any removal mechanism, so, in other words, its scans are completely fake. Ghost Antivirus uses fake security scan websites as a primary way to infiltrate into the victim’s computer. Most of these websites have interface similar to Windows Explorer and show a number of infections on present on the hard drive. Of couse, these infections are not real. If you try to close these fake websites, a system alert tries to block the exit. However, do not download Ghost antivirus and do not install it on your machine, or you will risk a real infection. Other popular ways Ghost Antivirus infection spreads are fake applications like video codecs or ads you see on infected websites. You should be very careful, if you are greeted with popups and alerts that promote this rogue anti-spyware software or offer to scan your PC for virtual parasites. Actually, it is a sign that you need to remove Ghost Antivirus. This infection and the popups it causes will not go away by itself. Ghost Antivirus keeps the most of the former parasites’ skin. It displays messages, which are quite similar to the typical notifications rendered by rogue anti-spyware applications. For example, Your PC is still infected with dangerous viruses. It is strongly recommended to activate antivirus protection to prevent data loss and to avoid the theft of your credit card details. Click here to activate protection. Harmfull and malicious software detected Online scanner detected programs that might compromise your privacy or damage your computer The parasites that are supposedly detected are the following: Trojan-IM.Win32.Faker.A, Virus.Win32.Faker.A, Trojan.PSW.Bat.Cunter, Trojan.Spy.Win32.WMPatch, Trojan.Bat.AnitV.a, Trojan-Spy.Html.Bankfraud.ra and others. The websites related to the infection are: 93.190.140.165 Softwareanti com 93.190.140.165 Softwarejar com 93.190.140.165 Softwarerising com 93.190.140.165 Softwaresecure net 93.190.140.165 Softwarespyware net 93.190.140.165 Softwarethe net 93.190.140.165 Softwarethreats com 93.190.140.165 Softwarethreats net 93.190.140.165 Softwarexp net 93.190.140.165 Softwarespam net 93.174.95.194 Ghost-antivirus com 93.174.95.194 Ghost-pay com 93.174.95.194 Ghostantivirus com 93.174.95.194 Ghostpays com Ghost antivirus uses a fake payment processor, thesecurebill.com (or thesoftbill.com), which should be avoided as well. These phishing sites might misuse your credit card details, if you provide them. You should remove Ghost antivirus and improve your PC security. We want to thank Bharath M Narayan for some of the information, provided in the article. Automatic Malware removal tools Download Spyhunter for Malware detection(Win) Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Download Combo Cleaner for Malware detection(Mac) Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy , Manual removal Processes: Processes ending with onin.exe (e.g. 235asrstonin ) ghostav.exe unins000.exe services.exe Dll: WMILib.dll [random symbols].dll Files: Files ending with onin.exe (e.g. 235asrstonin ) GhostAV.exe register.ico unins000.dat uninst.ico web.ico working.log ghost.sql Infected.wav listing.cfg version.db WMILib.dll [random symbols].dll Ghost Antivirus.lnk Ghost Antivirus Home Page.lnk Ghost Antivirus.lnk Purchase License.lnk settings.ini uill.ini unins000.exe Uninstall Ghost Antivirus.lnk links.txt times.conf Ghost Antivirus.lnk iGSh.png iMSh.png iPSh.png pguard.ini services.exe Registers: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Ghost Antivirus_is1 HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\taskmgr.exe HKEY_CURRENT_USER\\Software\\Microsoft\\FTP “SearchDir” = “%Program Files%\\Ghost Antivirus\\” HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run “onin” HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run “Ghost Antivirus” HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce “3P_UDEC” HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent “URIAPRO[1.1.3.9]“ HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\taskmgr.exe “Debugger” = “?” HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\taskmgr.exe “RealDebugger” = “?” HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon “RealLogonType” = “1? Removal guides in other languages Ghost Antivirus (de) Ghost Antivirus (fr) Ghost Antivirus facts Type: Rogue Anti-Spyware Download Spyhunter for Malware detection(Win) Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Download Combo Cleaner for Malware detection(Mac) Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy , TOC 2 responses to “Ghost Antivirus” My external was just infected by a virus. All folders inside this external hard drive were block and even hidden. I had to use another antivirus software to refresh for the folders to appear, otherwise they will become ghost folders. How can I rectify this problem? Is this caused by the Ghost antivirus? No, it is not caused by Ghost antivirus. It is caused by some trojan and decent antivirus will solve the problem. Try scanning with Hitman Pro http://www.2-viruses.com/reviews/hitman-pro Leave a ReplyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website
My external was just infected by a virus. All folders inside this external hard drive were block and even hidden. I had to use another antivirus software to refresh for the folders to appear, otherwise they will become ghost folders. How can I rectify this problem? Is this caused by the Ghost antivirus?
No, it is not caused by Ghost antivirus. It is caused by some trojan and decent antivirus will solve the problem. Try scanning with Hitman Pro http://www.2-viruses.com/reviews/hitman-pro