Antivirus Agent Pro is a rogue antivirus/antispyware program that uses scare tactics (display fake alerts and false positives) to trick you into buying the fake software and distributed through the use trojans (trojan Vundo, for example).
During installation, Antivirus Agent Pro configures itself to run automatically every time, when you start your computer. Once running, it will scan your computer and reports false or exaggerated system security threats on the computer that cannot be removed unless you first purchase the software. In addition the program creates a few files:
%programfiles%\microsoft frontpage\ot.dk6
%programfiles%\MSN Gaming Zone\6ehoj.s0
%programfiles%\Outlook Express\7om3.km
%windir%\AppPatch\xvd.cc
%windir%\Installer\7ig.ma
%windir%\msapps\41.ad
%windir%\Offline Web Pages\nfy8o.rk
%windir%\security\h0iw.4c8
These files during the scan will determine as trojans and spyware. For example: %programfiles%\MSN Gaming Zone\6ehoj.s0 labels as Exploit-MSWord.j, %programfiles%\microsoft frontpage\ot.dk6 labels as PWS-Gamania.gen.a!.
Antivirus Agent Pro also generates fake security alerts:
Your computer is infected!
8 virus threat(s) are detected.
Click here to cure and protect your computer from spyware.
and may drastically slow the performance of your computer. Use the free instructions below for removing the Antivirus Agent Pro and any associated malware from your computer.
Symptoms in a HijackThis Log.
O4 – HKLM\..\Run: [guard] C:\WINDOWS\guard.exe
O4 – HKLM\..\Run: [Antivirus Agent Pro] C:\Program Files\Antivirus Agent Pro\aap.exe
Use the following instructions to remove Antivirus Agent Pro(Uninstall instructions).
1. Remove trojan Vundo.
Some variants of Antivirus Agent Pro uses trojan Vundo to install itself.
- Download VundoFix and save the file to your desktop.
- Once it downloaded, double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it’s done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES.
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
2. Remove Antivirus Agent Pro files and registry keys.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Antivirus Agent Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | guardFiles to delete:
%windir%\guard.exeFolders to delete:
%ProgramFiles%\Antivirus Agent ProThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
3. Remove Antivirus Agent Pro associated malware.
Using Malwarebytes Anti-Malware.
- Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
- Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Using SuperAntispyware.
- Download SUPERAntiSpyware.
- Close all programs and Windows on your computer.
- Double Click SUPERAntiSpyware.exe to install the application.This will start the installation of SUPERAntiSpyware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing click on the Finish button.
- You will see a message stating that you should update the program before performing a scan. Click Yes. As SUPERAntiSpyware will automatically update itself.
- You will see SUPERAntiSpyware setup wizard. Follow the prompts. To close the Wizard press Finish.
- Protect home page dialog will be open. Click on the Protect Home Page button.
- You will now be at the main program.
- Click Scan your computer. Click Next.
- The scan may take some time to finish,so please be patient. When the scan is complete, result of scanning will be open, click OK.
- Click Next to start removing the found threats.
- If you are asked to reboot the machine, choose Yes.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Antivirus Agent Pro creates the following files and folders.
%windir%\guard.exe
%DesktopDir%\Antivirus Agent Pro.lnk
%ProgramFiles%\Antivirus Agent Pro 1.00\Antivirus Agent Pro.lnk
%ProgramFiles%\TriTech Software\Antivirus Agent Pro\aap.exe
%ProgramFiles%\TriTech Software\Antivirus Agent Pro\Infected.wav
%ProgramFiles%\TriTech Software\Antivirus Agent Pro\Uninstall.exe
%ProgramFiles%\TriTech Software\Antivirus Agent Pro\Uninstall.ini
%programfiles%\microsoft frontpage\ot.dk6
%programfiles%\MSN Gaming Zone\6ehoj.s0
%programfiles%\Outlook Express\7om3.km
%windir%\AppPatch\xvd.cc
%windir%\Installer\7ig.ma
%windir%\msapps\41.ad
%windir%\Offline Web Pages\nfy8o.rk
%windir%\security\h0iw.4c8
I recently got a list of virus’ for my morning coffee. McAffee snagged 3: Trojan.BrisV.A, Downloader, Infostealer.
Then malware and trojans began popping up.
I tried this guide to no avail.
Vundo fix would not run in any mode (Safe or Net)
Avenger would not complete, and upon execution, another Trojan PWS.Bancos.PWN was intercepted by Spyware Doctor.
Is this some new variant, or is there some newer post to these instructions?
I’m helplessly stuck in reboot in safe mode loops on this one.
Lance, please follow these steps. I will help you at our forum.
This nasty thing popped up on my box after work last night. I made some changes and re-booted, then went to change my clothes. Came back and saw xp trying to shut down. I interrupted it by doing a cold boot. After booting, my firewall was GONE and this brastia thing was in the systray. It started trying to download and install the aap.exe/Antivirus Agent Pro thing. I didn’t trust it so I killed off the installation/download using Enditall(one of my favorite tools, btw; I highly recommend it if you know enough not to shut off the wrong stuff). After killing the download, I searched for associated files and deleted them(except for one), then I went through deleting associated registry keys. Totally sucked. Still had brastia.exe sitting in my system32 folder, not delete-able. Then I figured that since I disabled the stuff in msconfig and deleted the registry keys, then a simple reboot should do the trick. The .exe would still be there, but if it I killed off the registry keys then it shouldn’t be able to boot as a process, which means a re-boot should render it delete-able, right?
Wrong. This thing re-enabled itself and grabbed brand-new registry keys for itself and everything!
That made me think I might be dealing with a rootkit. I used Panda Anti-rootkit to clean it up. As far as I know, Panda did the trick for me.
Of course, I may only have been so fortunate because I interrupted the download of the aap that the brastia set off. Not sure.
This thing is insidious. I’m glad I(knock on wood) got rid of it, but I wish I knew something that could protect me from getting it again. Like I said, this thing chewed up my firewall so now I need to re-install that.
OG, Nothing is working…..I even tried dafe mode, it will not allow any of the programs above to fully execute. Any advice, I am at my wit’s end. I have free versions of SPyware and used to have Norton but can’t open NOrton? I got rid of aap.exe but still infected n getting pop ups.
Igs, i will help you at our Spyware Removal forum.
I tried removing this aap.exe and brastia thing with malwarebytes, but once i restarted my computer it appears to have returned. I do not know what to do any suggestions?
JT, ask help at our forum. I will help you.
I am fighting this thing, too, but I am happily typing away here from Ubuntu, in sunny, virus-free bliss. I found this AAP on my Windows partition, and didn’t even bother, just rebooted into linux. Friends, I recommend it, and shudder at the thought of having to jump out of windows again.
may computer one day eset nod32-4 antvirus date renu that run then adsl probalum then error how can do?