Cleanup Antivirus
CleanUp Antivirus is nothing but a virus that harms the computer. On endorsements, it clearly indicates about helping user to clean viruses and protect the system from attacks, but it turns out to be all lies. All it does was a complete misleading process. CleanUp Antivirus’ existence on computer was made possible by a visit to malicious web sites. It will make use of software and security weakness to invade a system while keeping itself undetected. When CleanUp Antivirus successfully gains presence, it will start to provide a number of fake alerts and warning messages. Windows registry will be modified so that it can grab a spot on start-up items. Next move is bothersome that makes every installed program to stop responding. This is because, CleanUp Antivirus blocks their execution and state that it was infected with viruses. Removing viruses and other sorts of threats requires the full working version of CleanUp Antivirus. It maintains control of the PC until users will pay for the licensed version.
As observed, all of its actions correspond to sell CleanUp Antivirus. It may look like a legitimate security application but the truth is, none of the detected threats exists. So why will you buy a program that plays trick in order to win your trust.
To be able to remove CleanUp Antivirus from a compromised system, a real anti-malware application is necessary. All you have to do is download, install and thoroughly scan the computer and that will eliminate fake software.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Cleanup Antivirus Removal Procedures
Cleanup Antivirus REMOVAL TOOL:
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart the computer.
Note: ”Cleanup Antivirus” may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.
MANUAL REMOVAL PROCEDURE:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Cleanup Antivirus”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe ie: CU345d.exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the system and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Cleanup Antivirus Virus.
4. Registry entries created by Cleanup Antivirus must also be removed from the Windows system. Please refer below for entries associated to the rogue program.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.
5. Exit registry editor.
6. Get rid of Cleanup Antivirus start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe ie: CU345d.exe
7. Click Apply and restart Windows.
Technical Details and Additional Information:
Malicious Files Added by Cleanup Antivirus
%UserProfile%\Application Data\CleanUp Antivirus\cookies.sqlite
%UserProfile%\Application Data\CleanUp Antivirus\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
%UserProfile%\Desktop\CleanUp Antivirus.lnk
%UserProfile%\Recent\DBOLE.dll
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\FS.dll
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\pal.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\tempdoc.drv
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\CleanUp Antivirus.lnk
%UserProfile%\Start Menu\Programs\CleanUp Antivirus.lnk
c:\Documents and Settings\All Users\Application Data\219f752\46.mof
c:\Documents and Settings\All Users\Application Data\219f752\CU345d.exe
c:\Documents and Settings\All Users\Application Data\219f752\CUA.ico
c:\Documents and Settings\All Users\Application Data\219f752\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\219f752\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\219f752\CUASys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\219f752\Quarantine Items
c:\Documents and Settings\All Users\Application Data\CUCAISTUA\CUEWA.cfg
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
File Location for Windows Versions:
- %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
Cleanup Antivirus Registry Entries:
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\5.0\User Agent\Post Platform “Library1.00195″
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “CleanUp Antivirus”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=195&q={searchTerms}”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Shared Access\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared Access\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List “C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
raja
Mar 15, 2010 @ 04:43:11
cleanup antivirus activation key
srihari
Mar 19, 2010 @ 20:46:17
As my system Effected by virus
asking activation code for Cleanup Antivirus
do the needfull
.unknown
Mar 25, 2010 @ 10:12:02
what if malwarebytes doesn’t update? what should i do ?
iska
Mar 30, 2010 @ 03:36:25
Yo ppl how the hell do i remove cleanup antivirus without the activation code man?
JJ
Mar 30, 2010 @ 21:57:47
.unknown…
Run in safe mode, and go to msconfig, and under boot.ini, check network, so you can have access to the web, and it should then update..
Jay
Mar 31, 2010 @ 01:08:36
whoever the creator of clean up antivirus should go to hell, please clean up your asshole
Derek
Apr 02, 2010 @ 00:26:52
Listen folks, I just had to get rid of this on my girlfirend’s computer. The program you want to get rid of is named “cu799e.exe” and there is a call for it in the registry. You’ll need to delete the registry entry that calls for the program to run, and you’ll need to delete the cu799e.exe file, too.
I did it and all is good. To edit your registry you have to run regedit and you better know what you’re doing. Good luck!
febnar
Apr 04, 2010 @ 10:38:11
what a rude,it needs money,thank goodness I didn’t sign on it!!!!!!!!^_^!!!!!-_-……..
febnar
Apr 04, 2010 @ 10:40:43
do not sign on It when It needs money!!!!!!!!!!!
Max
Apr 04, 2010 @ 18:01:01
MAN! I would give anything to have a hour in a locked room with whom ever is responsible for this or any other virus!
febnar
Jun 05, 2010 @ 07:04:06
Hey!I just know where you can find your ace to get Cleanup antivirus out of your PC!(This depend on a user who uses the Yahoo toolbar)Yahoo toolbar can do the trick!In Yahoo toolbar you may find the Anti-Spy.Click it and then click run anti-spy(depending on the user who install the anti-spy,If you didn,t install it,click run anti-spy.You may see the alert that tells you that you need to install the anti-spy,install it)You may see the title”YAHOO TOOLBAR Anti-spy powered by ca.Click the begin scan and this may find the Cleanup antivirus.Click the Cleanup antivirus and click remove you may see some alerts but don’t mention it,click Yes.You can now enjoy yourself with your PC!
bestregistrypc
Aug 27, 2010 @ 02:17:16
Your PC is still slow after trying what was listed here? If you install and later removing lots of programs this will create empty registry keys in your registry and windows sometimes has to pass through these empty (useless) registry files to find the file or program you want to open. So this slows down your PC very much.
I would advise you to get yourself a registry cleaner or save your files and reinstall windows(better for faster PC) if the registry cleaner does not work. I also recommend regcure as your registry cleaner. Try this and see what happens.
TOLOGY
Oct 08, 2010 @ 10:51:53
Hello Guru, what entice you to post an article. This article was extremely interesting, especially since I was searching for thoughts on this subject last Thursday.