Earth AV
Earth AV is another addition to the list of rogue antivirus program currently populating the Internet. Earth AV virus is propagated similarly to other software of the same kind. A Trojan is being utilized to drop a copy and install it on computer without being detected by antivirus program present on the compromised computer. A malicious and scam website is another means to transfer Earth AV on visitor’s computer. Said web site will pretend as an online virus scanner that will run a virus scan and presents numerous detected threats on the computer. A prompt to buy the registration key of Earth AV is followed and when click, a new browser window will open containing the payment processing method usually via credit card or Paypal.
Just like its predecessor, Green AV and Eco Antivirus, will flood the computer screen with fake alerts and misleading warning messages. A local virus scan will also launch each time the computer is started. Dozens of threats will be displayed and inform users that the only solution to remove Earth AV is by getting the licensed version of it. Ignore this unwanted program and as much as possible, immediately scan a computer with real anti-virus and anti-malware program. This is the only positive way to remove Earth AV completely.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
Malware Behavior
This computer threat will attract victims to purchase the registration key via misleading techniques. Most of the time, Earth AV will create a scene to prove that computer is infected with certain kind of threats. It could launch a fake warnings illustrating imminent attack. Alternatively, it could simulate a virus scan that will detect threats that do not exist at all. As you can see, Earth AV will try every possible thing to push victims into paying for the registration key through their own web site that looks like the image below.
HKEY_LOCAL_MACHINE\SOFTWARE\Earth AV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Earth AV
HKEY_CURRENT_USER\Software\EAV
HKEY_CLASSES_ROOT\AppID\{29256442-2C14-48CA-B756-3EE0F8BDC774}
HKEY_CLASSES_ROOT\AppID\WStech.DLL
HKEY_CLASSES_ROOT\CLSID\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_CLASSES_ROOT\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
HKEY_CLASSES_ROOT\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
HKEY_CLASSES_ROOT\WStech.WStechB
HKEY_CLASSES_ROOT\WStech.WStechB.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\S
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "mxcll"
Associated Files and Folders:c:\Documents and Settings\All Users\Application Data\eav c:\Documents and Settings\All Users\Application Data\eav\Base.dat c:\Documents and Settings\All Users\Application Data\eav\msdl.exe c:\Documents and Settings\All Users\Application Data\eav\msll.exe c:\Documents and Settings\All Users\Application Data\eav\vec.exe c:\Documents and Settings\All Users\Application Data\Microsoft\Machine c:\Documents and Settings\All Users\Application Data\Microsoft\Machine\WStech.dll c:\Documents and Settings\All Users\Start Menu\Programs\ Earth AV c:\Documents and Settings\All Users\Desktop\ Earth AV .lnk %APPDATA%\mozilla\firefox\profiles\\gsl.dll
How to Remove Earth AV
Manual Removal
1. Unload any running Earth AV process by pressing Ctrl+Alt+Del on your keyboard. This will open Task Manager. Look for the following process and click on "End Process."
eav.exe
msdl.exe
vec.exe
2. If there is an antivirus program installed, connect to Internet and update it to have the latest database and pattern files.
3. Thoroughly scan the computer and clean/delete all infected files. Check if there are remnants of virus-related files, delete if found.
4. Edit Windows registry and delete Earth AV entries.[how to edit registry]
5. Close registry editor, changes will be save automatically.
6. Remove Earth AV start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. System Configuration Utility will open. Go to Startup tab and uncheck these Startup items.
eav.exe
msdl.exe
vec.exe
7. Click on Apply and reboot the computer for changes to take effect.