Green AV Malware???

[deleted]

My dad recently encountered a program called Green AV on his work laptop. Green AV mimics Windows Security Center but I noticed on the AV icon, the bottom two colors of the shield are reversed from normal windows sec. center.... I tried finding the installation file, and was successful, but could not find the UNinstall file. I checked program files but there was nothing there to uninstall. I went to processes and closed the open process for Green AV and had him restart him computer only to have it return on desktop. I think I may have deleted a crucial file for the malware virus software to run effectively. Anyone ever encountered this problem? and if so, how do you get rid of it. He is getting it "fixed" by an IT on Monday via a pc remote controlling tool (meaning someone from another location will be controlling the computer), but he needs to get work done. The only solution I have for now is to close the process, so it doesn't continue.



HELP IS APPRECIATED!!!!

[Sparky]

Googled and found this on serveral sites. Haven't tried it becasue I don't have this problem. Hope it helps your Dad.

http://www.lancelhoff.com/how-to-remove ... irus-2009/


Removing Green Antivirus 2009 (automatically)

1.Download, install, and run Malwarebytes Anti-Malware Software
2.Perform a Malwarebytes Quick Scan to automatically detect and remove Green Antivirus 2009
Malwarebytes Anti-Malware Software will remove this threat for Free. However, if your existing Antivirus solution let this threat through, I highly recommend Purchasing the Pro version of Malwarebytes Anti-Malware to receive live protection in an attempt to prevent future threats from entering your system.

Green Antivirus 2009 (manual removal)

1.Press Ctrl+Alt+Del to start Task Manager and end the following process:

greenav2009.exe

2.Search for and delete the following file:

greenav2009.exe

If all went well, Green Antivirus 2009 should now be removed or uninstalled.

[deleted]

I think it changes frequently, it's not called G AV 2009, it's now like rwg.exe (as said in the processes). I searched for that file and couldn't find it.

[Sparky]

Have you tired to run Malwarebytes? I've had good luck with it in the past.

[dicecca112]

I think it changes frequently, it's not called G AV 2009, it's now like rwg.exe (as said in the processes). I searched for that file and couldn't find it.

That's part of the program

http://htlogs.com/rwg-exe-is-component-of-green-av/

[lordvic]

I've been using Malwarebytes since the news about the "Conficker Worm" this year. Malwarebytes is highly useful, and I'm pretty sure it will destroy the fake anti-virus .

[Velo:Sity]

I've been using Malwarebytes for a year now, running checks now and then. It caught one trojan which slipped past KAV, which is better than nothing.