Endpoint Protection

how can i remove trojan virus on my pc and stop this green av purpping on my pc?

Hi, we need more info to help you. What does it do to your PC, what does the AV do the the file, what wierd things are happening. If you know the name of the trojan, you may also want to share it. Because the way I understand your statement, you could have a rogue AV in your system.

I agree with mon. Please post the name of the suspecious program along with a screenshot of the message.

Cheers,
Aniket

Can you tell us what Anti-Virus you use? If you use Norton, please contact the North Community Forums.

Hello, I've run across this with two clients lately-nasty thing.

It's a phoney antivirus app that is really a malware infection, supposedly out of China.

I removed it manually in Safe Mode:

C:\Program Files\Documents and Settings\All Users\Application Data\GAV\gav.exe

• 1. Delete gav.exe which is the executable module for the virus
• 2. Delete mgrdll.exe this is the messenger for gav that keeps sending you the messges and popups
• 3. Delete the folder GAV

Added: Oh, one person running Norton AV 2009, the other Norton Internet Security 2009.

Hello, please some one help
I have tried to delete this thing manually as c.a.h . says the problem is that there isn't a gav.exe. There isnt even a gav. there is a gra, mradll, a viriuses DAT file, wstech.dll, and a wsga05. I dont know what to do. thank you foro any help.

more info please...

It would be better if you could post a new thread instead of tagging on to the bottom of a pre-existing one. This allows you to control the thread and post things like screenshots or logs if we need you to. Also when you make this new thread please include these details.

1. What version of SAV/SEP you are running, in SEP you can find out by clicking on the shield in the system tray, and clicking the help button in the top right, and then about. I am doing that from memory (don't have my pc currently) but it is in the help button.

2. What operating system you are running so most likeley either Windows xp or Windows vista.

3. In my opinion manually deleting these files is semi-useless. That users post was misleading and could still leave you infected. Once a virus is on your computer it can create new .exe or registry entries, and with new variants popping up all the time NO ONE can say just delete this file or that file and you are clean. This is misleading and only leads to trouble for standard users. The best thing to do would be to start your computer in safe mode, and then with system restore off run a full system scan. If you need more help with this please make a new post and we can help. Don't forget to include steps 1 and 2 in the post. Also feel free to make a link to this post as a reference.

Thanks,
Grant

So did you submit these components that you removed from the system to Symantec? You could save it to a USB stick. Only this way they can do an investigation on the component itself.
Another hint when you have a component: 
http://www.virustotal.com

Interesting virus. I have seen very little thus far on this one, there is a forum at

This is a new virus, i believe. I have been in touch with Green AV, and they have heard of it, twice. microsoft security , as of this morning, the guy i talked to said he had not heard of it, but instantly recognized it as a virus. He didn't speak real good english, so i couldn't get exacting details. There is a posting on the above link from some guy who claims his cure works. Will probably try it tomorrow.

Anybody know anything about this? How to get rid of it? I have tried a lot of things. I am running windows xp professional on a dell. My email, if this forum allows, is mrfiddlesticks@yahoo.com. And my phone number is 618-383-2875, if this forum allows me to put my phone number in, please call any hour. Thanks.

http://www.symantec.com/connect/search?filters=type%3Asc_forum This is a very pesky thing, What i have is windows security center, a legitimate thing in my windows xp, it has apparently been affected by a virus, i get a balloon popping up with its source showing from the windows security icon. no matter what i do, it wants me to buy something called Green AV. Green AV appears to be a letitimate product that has had good reviews. There is a virus in my computer making windows security demand that i buy Green AV. Freakin bizarre man. It's been there four days, i have learned to live with it and its very annoying attributes. It pops up windows constantly demanding that i buy. It also tells me that my computer is infected. No kidding? I am seeking the cure. The free AVG scan detected something, but was vague as to what it really was. Avast, on its most sensitive and secure setting skips right over it; avast, as of about five oclock tuesday hasn't got a clue.

I did a search on Green AV and the first page all shows removal instructions, not what you'd expect from an antivirus solution.

Green AV is normally located by navigating to the following directories: C:\Program Files\Documents and Settings\All Users\Application Data\GAV\gav.exe
Just make sure that you can see hidden and system files.
1. Delete gav.exe which is the executable module for the virus
2. Delete mgrdll.exe this is the messenger for gav that keeps sending you the messges and popups
3. Delete the folder GAV (just hit your back arrow one time to get back to folder Application Data then you will be able to see and delete folder GAV
4. Right Click on your Recycle Bin and select Empty Recycle Bin or Double Click on your Recycle Bin and select Empty Recycle Bin

You may also want to do a search on the registry and delete any entries using the files mentioned above. Also check what the registry startup contains.

First, I'm suprised the NAV scanner does not detect this one.

My machine is Windows Visa Home Premium.
Second, I've got the same symptoms, first taking me to a web page,
http://piscanner2.info/25/24-050wLzIzLGBzL==
Which tries to fake you out with a screen that looks like a windows firewall screen.  clicking on the screen, or sometimes doing nothing instantiates a  popup/application, deceptively trying to get you to do a download.   X-ing may work, or clicking on the buttons seems hazardous, so I usually just kill the browser.

The file paths listed above do not exist on my machine, nor do the files stated.  This must be a trojan that automatically renames itself and moves itself around.   I can't find it either by visual inspection.

No particular rhyme or reason as to when it starts.  For the record, I use Firefox most of the time.

I don't know if it's moving around or changing, or if it just does things differently in Vista, but I found it by using msconfig and looking at the startup tab. On my machine (Windows Vista Home) it was in C:\ProgramData\gwr.  I had to change the Folder Options (see Control Panel) to view hidden files and folders and then ProgramData was visible and I was able to navigate to the gwr folder. Next I rebooted into Safe Mode, navigated back to the ProgramData\gwr folder and deleted each file in that folder and then the folder itself and emptied the Recycle Bin. I also found and deleted the following registry entries:

HKEY_CURRENT_USER\Software\GAV
HKEY_LOCAL_MACHINE\SOFTWARE\GAV

Rebooted normally and everything was back to normal.  Glad to be rid of that obnoxious thing!