Windows Antivirus Pro is a rogue antivirus/antispyware program that uses false scan results and fake alerts as a method of scaring you into buying the software. During installation, Windows Antivirus Pro will be set to start automatically when you start your PC. Once running, it will begin to scan your PC and list a large amount of infections. All of these infections are fake, so you can safely ignore them.
Windows Antivirus Pro disables the ability to run any programs, including MalwareBytes’ Anti-Malware. The following alert will be shown when you try to run any program (files with “exe” extension):
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
While Windows Antivirus Pro is running your computer will display nag screens and fake security alerts that tells you:
Security Warning
Malicious programs that may steal your private information
and prevent your system from working properly are detected
on your computer.
Click here to clean your PC immediately.
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
Warning
Unwanted software (malware) or tracking cookies have been found during
last scan. It is highly recommended to remove it from your computer.
Windows Antivirus Pro
Windows Antivirus Pro has denied
internet access of the program.
Internet Explorer is possible injected with worm Backdoor.Win32.Hupigon.fixn. This worm
attempts to send your personal information to remote host thought Internet Explorer.
Windows Antivirus Pro Alert
Infiltration Alert
Your computer is being attacked by an
Internet Virus. It could be a password-
stealing attack, a trojan-dropper or simular.
Details
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack
Also the program will show fake Windows Security Center that will recommend you use Windows Antivirus Pro. Instead of doing so, use these Windows Antivirus Pro removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe
Use the following instructions to remove Windows Antivirus Pro (Uninstall instructions)
1. Remove Windows Antivirus Pro main components.
Please download OTM by OldTimer from here. Once Save Dialog opens, please rename a file from OTM.exe to OTM.com and click Save button to save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
svchast.exe
Windows Antivirus Pro.exe
:services
AntipPro2009_12
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}]
:files
%windir%\system32\desot.exe
%windir%\system32\dddesot.dll
%windir%\svchast.exe
You will see window similar to the one below.
OTM
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
3. Remove Windows Antivirus Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Antivirus Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Antivirus Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Update: a new version of Windows Antivirus Pro has been released. It is called Windows Police Pro. Read the article: Remove Windows Police PRO (Uninstall instructions).
Windows Antivirus Pro creates the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desot.exe
c:\program files\windows antivirus pro\msvcm80.dll
c:\program files\windows antivirus pro\msvcp80.dll
c:\program files\windows antivirus pro\msvcr80.dll
c:\program files\windows antivirus pro\Windows Antivirus Pro.exe
c:\program files\windows antivirus pro\tmp\dbsinit.exe
c:\program files\windows antivirus pro\tmp\wispex.html
c:\program files\windows antivirus pro\tmp\images\i1.gif
c:\program files\windows antivirus pro\tmp\images\i2.gif
c:\program files\windows antivirus pro\tmp\images\i3.gif
c:\program files\windows antivirus pro\tmp\images\j1.gif
c:\program files\windows antivirus pro\tmp\images\j2.gif
c:\program files\windows antivirus pro\tmp\images\j3.gif
c:\program files\windows antivirus pro\tmp\images\jj1.gif
c:\program files\windows antivirus pro\tmp\images\jj2.gif
c:\program files\windows antivirus pro\tmp\images\jj3.gif
c:\program files\windows antivirus pro\tmp\images\l1.gif
c:\program files\windows antivirus pro\tmp\images\l2.gif
c:\program files\windows antivirus pro\tmp\images\l3.gif
c:\program files\windows antivirus pro\tmp\images\pix.gif
c:\program files\windows antivirus pro\tmp\images\t1.gif
c:\program files\windows antivirus pro\tmp\images\t2.gif
c:\program files\windows antivirus pro\tmp\images\up1.gif
c:\program files\windows antivirus pro\tmp\images\up2.gif
c:\program files\windows antivirus pro\tmp\images\w1.gif
c:\program files\windows antivirus pro\tmp\images\w11.gif
c:\program files\windows antivirus pro\tmp\images\w2.gif
c:\program files\windows antivirus pro\tmp\images\w3.gif
c:\program files\windows antivirus pro\tmp\images\w3.jpg
c:\program files\windows antivirus pro\tmp\images\wt1.gif
c:\program files\windows antivirus pro\tmp\images\wt2.gif
c:\program files\windows antivirus pro\tmp\images\wt3.gif
%UserProfile%\start menu\Programs\windows antivirus pro\Windows Antivirus Pro.lnk
%UserProfile%\Desktop\Windows Antivirus Pro.lnk
c:\WINDOWS\svchast.exe
Windows Antivirus Pro creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f54af7de-6038-4026-8433-cc30e3f17212}
HKEY_CURRENT_USER\SOFTWARE\Windows AntiVirus Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_12
You are the man/or woman!!! I finally got rid of that BS! I hate people who don’t have anything else better to do then to mess with others shit. Thanks for the help…I mean THAAAAANNNNKKKKSSS!
After I saved fix.reg to my desktop, I rebooted.
My desktop icons,start button,task bar disappeared. only my wall paper is left. I can ctrl,alt del and get into task manager. can someone help me?
This guide is awesome~!
Great.. excellent.. thanks a lot…. you made it so simple..
Infact I was searching some other sites and they told to download spydoctor and other tools.. the surprising part is that after downloading this F Windows Antivirus crap is not allowing it to run !!!!
this was really a great information.. please do keep it up.. I am sure that this has helped a lot of ppl around the world…
Thanks!
Step 1 totally wiped out the Windows Virus Pro so I’m very encouraged.
I encountered some problems with step 2, however.
after copying text into notepad and saving it as fix.reg I double-clicked on it to confirm ‘yes’.
error message from registry editor says ‘registry editing has been disabled by your administrator.’
I restarted my computer and it’s says rundll32.exe not found.
also I can’t run any applications without windows asking me what to open it with. I tried to open firefox w firefox but doesn’t seem to work.
What can I do from here? please let me know. Thanks ALOT.
The fix was quick and easy although I my register still isn’t quite right. The pop-ups are gone but I can’t execute a program… my .exe files are still coming up on notepad.
(I submitted before but comments aren’t posted)
Thanks for posting this tutorial! step one was awesome!
In step 2, first I had to enable registry editor and then in trying to open ‘fix.reg’ Error message says “Cannot import…the specified file is not a registry script. You can only import binary registry files from within the registry editor.” What does this mean?
Lee, you can use another computer to download the necessary stuffs or try to download it using Safe mode with networking.
sydney, you should rename OTM.exe to OTM.com before saving.
Jennifer, you should use OTM (rename before saving), then run registry script, look steps above.
Abbi, try run malwarebytes in the Safe mode.
Erica, probably your computer also infected with hidden trojan (rootkit), try to run Malwarebytes in the Safe mode or ask for help at our Spywre removal forum.
Bob, try to run explorer.exe from TaskManager.
Omar, you have fixed malware, but you should also fix “running .exe”. Boot your computer, open Malwarebytes home folder and rename mbam.exe to mbam.com. Run it and perform a full scan.
omar, looks like you have made a mistake in the registry script. Try to make it again (step 2).
Patrik, ThankYou for your help.I tried explorer.exe from task manager. Windows cannot access the specified device,path or file. You may not have the appropriate permissions to access the item. was the response. I was able to install laptop HD in another pc as sec slave and run malware bytes which removed 47 objects. I can use explore to access this HD while mounted as sec slave. Any suggestions will be appreciated.
This Worked Great!! I used this on my daughters Netbook which I thought for sure I’d end up having to take to a tech to figure out, but I followed these instructions and now it works fine. Thanks so much!!
Download AVP tool from avptool.virusinfo.info/en/
and scan your infected HD.
me again. So completed step 1 and 2, but
Now am having a problem with step 3. Malwarebytes crashes within a few seconds and if I try to re-open it, error message says,
“Windows cannot access specified…you may not have appropriate permissions to access the item.”
Arggh. What should I do? Windows Antivirus Pro reappeared and I had to repeat step 1 and 2.
omar, please make a new topic at our Spyware removal forum.
I completed step 1, yet I’m having the same issue as Omar, with registry editing disbled.
Hi Patrik, I’ve already installed Malwarebytes but when I doubleclicked on it, there’s no response. I’ve also tried it under safe mode. Need help..
Thank you!
Thank you!!
Thank you!!!
Great easy to follow steps!! It took a little bit of clicking around but I am all set, all thanks to your work!
David
Kristine and jmarlow, ask for help at our Spyware removal forum.
All steps went good untill step 2, I used windows PE to load the hive and add the entries, but file association to exe’s has been lost trying diffrent things. Will post back if I get it fixed.
Thank you so so much! Finally got my computer back 🙂
Hi, I am trying to run this on Vista Ultimate. When i save the OTM.exe file as OTM.com and try run it, it says that this is not a valid Win32 application, Help.
Mike, try re-download OTM. Also you can try to rename OTM.exe to OTM.scr and run it.
hey patrick wtf! i did the notepad thing & saved it as fix.reg double clicked it but it wont open to confirm dude wth!! i need some help please man i trusted your site 100% until that happenned
I need some help, and sorry ahead of time if this is in the wrong topic.
For some reason, I can’t get into safe mode, my comp will freeze up when I try entering safe mode after selecting start up in safe mode. Also, I can’t run programs from the desktop normally either.
When I do try to start up a program I get that black page message Program too big.
Please help 😮