A LOT of people coming here looking for information on AVGold/Antivirus Gold



July 21st, 2005

A lot of people seem to be coming here via search engines looking for information on removing the spyware-loaded AVGold/Antivirus Gold program. In fact, it's become the top search engine referrer keyword by far.

I've written a couple of times about it here and here while this page has information on removing it from your system. This tricky piece of software seems to have caught a lot of people out and removing it can be a tricky operation.

The key to preventing it from running is to remove this startup keys (not all of which will pre present) from your Windows Registry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Run]
"Intel system tool" = "C:\WINNT\System32\hookdump.exe"

or

[HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Run]
"Intel system tool" = "C:\WINNT\System32\winnook.exe"

or

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\CurrentVersion\Run]
"AntivirusGold" = "C:\Program Files\AntivirusGold\AntivirusGold.exe /h"

I have created a registry modification file that should automatically delete this key and prevent AVGold from starting up . You can download that here. Download the file, right-click on it and select Merge (you will have to do this if you carried out my registry safety advice here) and confirm that you want the information added to the registry by clicking Yes, followed by OK (some antivirus programs or spyware detectors might also step in the way and ask you to conform the running of the file - this is perfectly safe to do so). This doesn't remove AV Gold but prevents it starting up. If you want you can then delete the file hookdump.exe from C:\WINNT\System32. Hopefully this will help to alleviate your problems.

Here are some more sources of good, reliable information.

F-Secure
Viruslist.com
Mcafee

This entry was posted on Thursday, July 21st, 2005 at 10:36 and is filed under PC Doctor's Useful Links, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.