How to Remove Ghost Antivirus



Ghost Antivirus is a rogue antivirus application that is the successor to Antivirus Pro. This rogue is pushed through trojan horse activity and aggressive advertising tactics. It makes things very challenging to remove this rogue because it disables task manager, as well as any security programs that it detects. It also installs other malware on your system and terminates explorer.exe which makes the desktop unusable. It is possible to remove this rogue and you need to reboot into safe mode (with networking) in order to do so. Read on for how to remove ghost antivirus.


First you should boot up in safe mode with networking. In order to access the menu to choose how to boot you will need to press F8 when your computer boots up (yet just before the Windows splash screen.) After you have made it into safe mode then you should be able to download and install malwarebytes antimalware. (From the virus removal toolkit page.)

After it is installed, update and perform a full scan. Make sure to remove anything that it finds. For your reference the following files and folders are associated with Ghost antivirus and should be deleted for a manual removal of ghost antivirus. However, due to the nature of the rogue manual removal is not suggested.

If you do delete the following files to remove ghost antivirus then you should follow that up with a scan of your computer by malwarebytes antimalware or superantispyware and then follow that up with a scan with a trusted antivirus application. The files associated with this rogue are:

%docs%\All Users\Desktop\Ghost Antivirus.lnk
%docs%\All Users\Start Menu\Programs\Ghost Antivirus\
%docs%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk
%docs%s\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk
%docs%\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk
%user%\Application Data\Ghost Antivirus\
%user%\Application Data\Ghost Antivirus\settings.ini
%user%\Application Data\Ghost Antivirus\uill.ini
%usere%\Application Data\Ghost Antivirus\unins000.exe
%user%\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk
%user%\Application Data\Ghost Antivirus\lib\
%user%\Application Data\Ghost Antivirus\lib\links.txt
%user%\Application Data\Ghost Antivirus\lib\properties
%user%\Application Data\Ghost Antivirus\lib\times.conf
%user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk
%user%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%user%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%user%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%user%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%user%\Local Settings\Application Data\Microsoft\Windows\services.exe
RANDOM\RANDOMonin.exe
%progfiles%\Ghost Antivirus\
%progfiles%\Ghost Antivirus\GhostAV.exe
%progfiles%\Ghost Antivirus\register.ico
%progfiles%\Ghost Antivirus\unins000.dat
%progfiles%\Ghost Antivirus\uninst.ico
%progfiles%\Ghost Antivirus\web.ico
%progfiles%\Ghost Antivirus\working.log
%progfiles%\Ghost Antivirus\Languages\
%progfiles%\Ghost Antivirus\lib\
%progfiles%\Ghost Antivirus\lib\ghost.sql
%progfiles%\Ghost Antivirus\lib\Infected.wav
%progfiles%\Ghost Antivirus\lib\listing.cfg
%progfiles%\Ghost Antivirus\lib\version.db
%progfiles%\Ghost Antivirus\lib\WMILib.dll
%win%\system32\RANDOM.dll
%win%\system32\RANDOM.dll

Remember to keep scanning with your malware removal tools and antivirus until the system comes up clean!

   Send article as PDF   

Similar Posts