Antivirus System PRO is rogue antivirus/antispyware program, new version of Spyware protect 2009. Like other fake antispyware programs, it uses fake alerts and false positives to trick you into buying the software. Antivirus System PRO usually installed itself onto your computer without your permission, through trojans and browser security holes.
During installation Antivirus System Pro configures itself to run automatically every time, when your computer starts. Immediately after launch, Antivirus System Pro starts scanning the computer and list a lot of threats to trick you to buy the paid version of the rogue. All of these threats are fake, so you can safely ignore them.
While the Antivirus System Pro is running, your computer will display fake alerts, an example:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Antivirus System Pro Alert
INFILTRATION ALERT
Your computer is being attacked by a Internet
Virus. It could be a password stealing attack, a
trojan – dropper or similar.DETAILS
Attack from 235.157.169.30, port 40771
Attacked port: 22363
Threat: Win32/Nuqel.EDo you want to block this attack?
Also Antivirus System Pro will install a Internet Explorer BHO module (iehelper.dll) that will hijack Internet Explorer and randomly shows a “Internet Explorer cannot display the webpage. Needed Powerfull PC Protection” warning page (uses fake address security.microsoft.com), instead of the site you are trying to browse to:
Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computerWhat you can try:
– Purchase Antivirus System PRO for secure Internet surfing (Recommended).
– Check your computer for viruses and malware.
– More information
The warning is fake and should be ignored! Antivirus System Pro can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing Antivirus System Pro and any associated malware from your computer is for you.
Symptoms in a HijackThis Log
O1 – Hosts: 209.44.111.57 security.microsoft.com
O1 – Hosts: 209.44.111.57 inetavirus.com
O1 – Hosts: 209.44.111.57 www.inetavirus.com
O1 – Hosts: 91.212.127.227 awareremover2009.microsoft.com
O2 – BHO: BHO – {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} – C:\WINDOWS\system32\iehelper.dll
O4 – HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 – HKLM\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Run: [system tool] C:\Program Files\atkafh\adxlsysguard.exe
O4 – HKCU\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKLM\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe
Use the following instructions to remove Antivirus System Pro (Uninstall instructions)
Step 1
Download HijackThis from here, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.
Doubleclick on the explorer.exe icon on your desktop for run HijackThis.
HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [wpolkxos] C:\Documents and Settings\user\Local Settings\Application Data\ovugbs\rwjrsysguard.exe
Note: list of infected items may be different, but all of them have “sysguard.exe” string in a right side and “O4” in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Antivirus System Pro creates the following files and folders
C:\WINDOWS\system32\iehelper.dll
C:\WINDOWS\sysguard.exe
C:\Windows\system32\servises.Exe
C:\Program Files\[RANDOM]\[RANDOM]guard.exe
Antivirus System Pro creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CURRENT_USER\SOFTWARE\AvScan
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises
EASIER REMOVAL GUIDE:
For Windows:
press Ctrl+Alt+Delete to open Task Manager.
go to “Processes”.
Look for “sysguard.exe”.
press “End Process”.
now go to “C:\WINDOWS\”.
Find the file “sysguard.exe”, and delete it.
Then go to “System 32\”.
You should notice now that the Internet Explorer message occors more often and is the only thing remaining.
Find the file “iehelper.dll”.
Try to delete it. This seems useless because it forbids you but it also allows you to re-name it.
Re-name it “iehcodec.ddl”. You will notice now it no longer lets you use Internet Explorer. This is because it is glitching due to missing it’s two most needed files. It cannot replace these two unlike its other files, thus crashing it.
Restart, and you should notice it is gone!
That’s how I got rid of it. It should work for you too.
Thanks 5 starzzz
unable to find such files having lots of problems pls help
Rosa, please follow these steps.
THANK YOU SO MUCH FOR THIS. i was seriously freaked out of my mind when this horrible thing popped up! your instructions worked perfectly and saved me tons of agony. a friend told me that this rogue program was possibly the virus that killed her laptop; she has a new computer and i gave her your website so that she may be better prepared. thank you for everything!
thanks!! this works!!
I cannot find any of the files that were mentioned in the removal process! help!
goh, you can`t download Avenger and Malwarebytes` Anti-malware ?
This definitely works. Recommended to all users who are experiencing the same problem. The steps may be long but they are the most simplified version for non-tech’s. THANKS!!!
I have worked 3 hours to get rid of this program!
Used your instructions and yep I think it’s gone.
Thanks so much.
Tried to install the Malwarebytes’ Anti-malware through the net but couldn’t. So I download from another computer into my thumbdrive and install it into my Desktop. Still the ASP prevented Malwarebytes’ to run. So I followed a friend\’s advice to restart the computer on SAFE mode (Hit F8 on the restart). Once, it was on SAFE mode, I was able to run the Malwarebytes’ and hey presto! in less than 5 minutes the damn AVP got swallowed. Hope this is of help to others.
Paul, you have tried run Avenger with above script before malwarebytes?
Patrik, Didn’t want to install Avenger cos I couldn’t get any review of it. But Malwarebytes got good reviews (like in Download.cnet.com). So I was pretty confident. Anyway, it worked and I’m a very HAPPY, HAPPY person.
Paul, Avenger very good and free program 🙂 Avenger homepage is here.
– Windows XP system.
– I previously removed the: sysguard.exe, iehelper.dll and AVSCAN files and Registry references. This gets rid of the annoying pop-up’s but IE6 is still being redirected on most search links and also gets redirected when you manually enter web addresses.
– Had to copy Malwarebytes Anti-Malware from another computer since this problem won’t allow you to download any files through IE6.
– Malwarebytes Anti-Malware goes through its installation process OK but when it gets to the “Update Malwarebytes” routine at the end, the program terminates. Whatever this Malware is, it is choking off any ability to download over the internet. If I try to run Malwarebytes Anti-Malware, the program will not start(not even in Safe Mode).
Any advice?
Warren, probably your computer also infected with DNSChanger trojan. Ask for help at our forum.
okay i tried to uninstall anti spyware pro and it said file uninstall.exe is missing will these programs work for me?? and also if i use these will i have to spend any money or are they totally free because i have seen some where you have to purchase the full version for it to completely work any feed back will be helpful thanks guys
this site is a gimick i downloaded avenger and malware program and it WASTED 25 MEGA BYTE of ram to yall this might not sound like a lot but to me it is…i want the administrator to this site to contact me asap
casey, you can ask us for help at our Spyware removal forum.
all i need is to tottally delete avenger and that other program on this site and you will never see me here again
Manually remove Avenger.exe (The program did not have an uninstall procedure).
Go to Add/Remove programs panel and uninstall MalwareBytes Anti-malware.
okay this ISNT a gimick go to filehippo.com and download spy bot search and destroy follow all the steps and when its start downloading and starts up a window will pop up at the left MAKE sure you click these and not press next before doing so after that run scan and wolla the options come up to remove the antispare ware pro and all of its componets so DONT do the steps they tell you in this site because it will be more trouble trust me this works
Has anyone tried the easier method that anonymous suggested??
My inet is totally buggered.
Patrik can you advise if it will work?
And when renaming the “iehelper.dll” anon says to rename it “iehcodec.ddl”… Did he mean “iehcodec.dll” ??
Cheers
Michael, the best way, if instructions above does not help you, ask for help at our Spyware removal forum.
This site helped me get rid off of that AntiVirus PRo spyware. it created havoc on my system.
Finally thanks to this site, it helped me clean up. Followed the instructions and it was great!
Thank you!!!
thank you so much! it’s gone.
Only two words – THANK YOU
Thanks very much got rid of the varment. Computer running slwer than before virus though. Thanks again that was very annoying.
Thanks It worked.
I cannot execute the file because the Antivirus Pro keeps saying it is infected and asks if I want to open the AVP. What can I do to get Avenger to run?