CleanUp Antivirus

From Wiki-Security, the free encyclopedia of computer security

CleanUp Antivirus Information
Type:   Spyware
Analysis:
 
  Installs & gathers info from a PC without user permission.
Infection:
 
  By downloading freeware & shareware programs.
Symptoms:
 
  Changes PC settings, excessive popups
& slow PC performance.
Detection:   Download SpyHunter's Spyware Scanner.
IE Alert:


  If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

To check your computer for CleanUp Antivirus, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting CleanUp Antivirus and other threats. If you detect the presence of CleanUp Antivirus on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of CleanUp Antivirus.

Contents

Detection of CleanUp Antivirus (Recommended)

CleanUp Antivirus is difficult to detect and remove. CleanUp Antivirus is not likely to be removed through a convenient "uninstall" feature. CleanUp Antivirus, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove CleanUp Antivirus and other spyware, adware, trojans and viruses on your computer.

Run a CleanUp Antivirus scan/check to successfully detect all CleanUp Antivirus files with the SpyHunter Spyware Detection Tool. If you wish to remove CleanUp Antivirus, you can either purchase the SpyHunter spyware removal tool to remove CleanUp Antivirus or follow the CleanUp Antivirus manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with CleanUp Antivirus. CleanUp Antivirus can come bundled with shareware or other downloadable software.

Another method of distributing CleanUp Antivirus involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing CleanUp Antivirus on your system. CleanUp Antivirus installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with CleanUp Antivirus, use this SpyHunter Spyware dectection tool to detect CleanUp Antivirus and other common Spyware infections. After detection of CleanUp Antivirus, the next advised step is to remove CleanUp Antivirus with the purchase of the SpyHunter Spyware removal tool.

Symptoms

CleanUp Antivirus may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of CleanUp Antivirus from your computer.

Remedies and Prevention

CleanUp Antivirus, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. CleanUp Antivirus along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example CleanUp Antivirus, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect CleanUp Antivirus and other types of spyware.

Remove CleanUp Antivirus manually

Another method to remove CleanUp Antivirus is to manually delete CleanUp Antivirus files in your system. Detect and remove the following CleanUp Antivirus files:

Processes

  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\grid.exe
  • c:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe

DLLs

  • %UserProfile%\Recent\FS.dll
  • %UserProfile%\Recent\DBOLE.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll

Other Files

  • %Documents and Settings%\All Users\Application Data\[randomsymbols]\
  • %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus
  • %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
  • %Documents and Settings%\[UserName]\Application Data\CleanUp Antivirus\cookies.sqlite
  • %Documents and Settings%\[UserName]\Desktop\CleanUp Antivirus.lnk
  • %Documents and Settings%\[UserName]\Start Menu\CleanUp Antivirus.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\CleanUp Antivirus.lnk
  • %UserProfile%\Recent\cb.tmp
  • %AppData%\CleanUp Antivirus
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\pal.drv
  • %UserProfile%\Recent\pal.tmp
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Recent\tjd.tmp
  • %UserProfile%\Recent\DBOLE.sys
  • %UserProfile%\Recent\eb.tmp
  • %UserProfile%\Recent\exec.tmp
  • %UserProfile%\Recent\tempdoc.drv
  • %UserProfile%\Desktop\CleanUp Antivirus.lnk
  • %UserProfile%\Start Menu\CleanUp Antivirus.lnk
  • %UserProfile%\Start Menu\Programs\CleanUp Antivirus.lnk
  • %UserProfile%\Application Data\CleanUp Antivirus
  • %UserProfile%\Application Data\CleanUp Antivirus\Instructions.ini
  • %UserProfile%\Application Data\CleanUp Antivirus\cookies.sqlite
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml
  • c:\Documents and Settings\All Users\Application Data\345d567\
  • c:\Documents and Settings\All Users\Application Data\345d567\46.mof
  • c:\Documents and Settings\All Users\Application Data\345d567\CUA.ico
  • c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
  • c:\Documents and Settings\All Users\Application Data\345d567\CUASys\
  • c:\Documents and Settings\All Users\Application Data\345d567\CUASys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\CUCAISTUA\
  • c:\Documents and Settings\All Users\Application Data\CUCAISTUA\CUEWA.cfg
  • c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items
  • CleanUp Antivirus
  • CleanUp Antivirus.lnk

Registry Keys

  • HKEY_CURRENT_USER\Software\CleanUp Antivirus
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "App/7.00195"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CleanUp Antivirus"
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\CU345d.DocHostUIHandler
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=195&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Library1.00195"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Documents and Settings\All Users\Application Data\345d567\CU345d.exe"

Known Variants

VirusBurst is a re-branded variant of other well-known rogue anti-spyware programs, including SpywareQuake, SpyFalcon, SpywareStrike, SpySheriff, SpyHeal and many other pseudonyms.

External links

Spyware infects over 80% of all PCs. Your PC could be infected with Spyware!
Wiki-Security highly recommends SpyHunter's Spyware detection tool to check your PC for Spyware threats.



Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by CleanUp Antivirus or its creators in any way. This website does not advocate the actions or behavior of CleanUp Antivirus and its creators. Our objective is to provide Internet users with the know-how to detect and remove CleanUp Antivirus and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of CleanUp Antivirus in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.
Views