Windows Antivirus Pro is a rogue antivirus/antispyware program that uses false scan results and fake alerts as a method of scaring you into buying the software. During installation, Windows Antivirus Pro will be set to start automatically when you start your PC. Once running, it will begin to scan your PC and list a large amount of infections. All of these infections are fake, so you can safely ignore them.
Windows Antivirus Pro disables the ability to run any programs, including MalwareBytes’ Anti-Malware. The following alert will be shown when you try to run any program (files with “exe” extension):
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
While Windows Antivirus Pro is running your computer will display nag screens and fake security alerts that tells you:
Security Warning
Malicious programs that may steal your private information
and prevent your system from working properly are detected
on your computer.
Click here to clean your PC immediately.
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
Warning
Unwanted software (malware) or tracking cookies have been found during
last scan. It is highly recommended to remove it from your computer.
Windows Antivirus Pro
Windows Antivirus Pro has denied
internet access of the program.
Internet Explorer is possible injected with worm Backdoor.Win32.Hupigon.fixn. This worm
attempts to send your personal information to remote host thought Internet Explorer.
Windows Antivirus Pro Alert
Infiltration Alert
Your computer is being attacked by an
Internet Virus. It could be a password-
stealing attack, a trojan-dropper or simular.
Details
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack
Also the program will show fake Windows Security Center that will recommend you use Windows Antivirus Pro. Instead of doing so, use these Windows Antivirus Pro removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe
Use the following instructions to remove Windows Antivirus Pro (Uninstall instructions)
1. Remove Windows Antivirus Pro main components.
Please download OTM by OldTimer from here. Once Save Dialog opens, please rename a file from OTM.exe to OTM.com and click Save button to save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
svchast.exe
Windows Antivirus Pro.exe
:services
AntipPro2009_12
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}]
:files
%windir%\system32\desot.exe
%windir%\system32\dddesot.dll
%windir%\svchast.exe
You will see window similar to the one below.
OTM
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
3. Remove Windows Antivirus Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Antivirus Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Antivirus Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Update: a new version of Windows Antivirus Pro has been released. It is called Windows Police Pro. Read the article: Remove Windows Police PRO (Uninstall instructions).
Windows Antivirus Pro creates the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desot.exe
c:\program files\windows antivirus pro\msvcm80.dll
c:\program files\windows antivirus pro\msvcp80.dll
c:\program files\windows antivirus pro\msvcr80.dll
c:\program files\windows antivirus pro\Windows Antivirus Pro.exe
c:\program files\windows antivirus pro\tmp\dbsinit.exe
c:\program files\windows antivirus pro\tmp\wispex.html
c:\program files\windows antivirus pro\tmp\images\i1.gif
c:\program files\windows antivirus pro\tmp\images\i2.gif
c:\program files\windows antivirus pro\tmp\images\i3.gif
c:\program files\windows antivirus pro\tmp\images\j1.gif
c:\program files\windows antivirus pro\tmp\images\j2.gif
c:\program files\windows antivirus pro\tmp\images\j3.gif
c:\program files\windows antivirus pro\tmp\images\jj1.gif
c:\program files\windows antivirus pro\tmp\images\jj2.gif
c:\program files\windows antivirus pro\tmp\images\jj3.gif
c:\program files\windows antivirus pro\tmp\images\l1.gif
c:\program files\windows antivirus pro\tmp\images\l2.gif
c:\program files\windows antivirus pro\tmp\images\l3.gif
c:\program files\windows antivirus pro\tmp\images\pix.gif
c:\program files\windows antivirus pro\tmp\images\t1.gif
c:\program files\windows antivirus pro\tmp\images\t2.gif
c:\program files\windows antivirus pro\tmp\images\up1.gif
c:\program files\windows antivirus pro\tmp\images\up2.gif
c:\program files\windows antivirus pro\tmp\images\w1.gif
c:\program files\windows antivirus pro\tmp\images\w11.gif
c:\program files\windows antivirus pro\tmp\images\w2.gif
c:\program files\windows antivirus pro\tmp\images\w3.gif
c:\program files\windows antivirus pro\tmp\images\w3.jpg
c:\program files\windows antivirus pro\tmp\images\wt1.gif
c:\program files\windows antivirus pro\tmp\images\wt2.gif
c:\program files\windows antivirus pro\tmp\images\wt3.gif
%UserProfile%\start menu\Programs\windows antivirus pro\Windows Antivirus Pro.lnk
%UserProfile%\Desktop\Windows Antivirus Pro.lnk
c:\WINDOWS\svchast.exe
Windows Antivirus Pro creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f54af7de-6038-4026-8433-cc30e3f17212}
HKEY_CURRENT_USER\SOFTWARE\Windows AntiVirus Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_12
thank you SO MUCH. this worked.
Im using firefox and cant rename before saving help!!
Okay, I must be really stupid, because I can’t even get past step 1. Whenever I change the OTM.exe file to OTM.com it just saves it as OTM.com.exe. Is there any way to prevent this? Thank you.
Okay I got to the fix.reg part but when I try to open it it says that the application is infected and that I should open my antivirus software. Waht do I do? Please help.
Jojo try downloading the file with Interent explorer not firefox then rename it.
jose, save OTM.exe to desktop
Enable “show file extensions for known types option”
Open My Computer, Select the Tools menu, click Folder Options, Select the View tab. Uncheck the Hide file extensions for known types option. Click Ok.
Rename OTM.exe to OTM.com
Jojo, read my previous comment and enable “show file extensions for known types option”, then rename OTM.exe.
Jose, try make reg file again. Don`t forget to select Save as file type: All files in Notepad in the Save dialog.
I have tried everything and got as far as the dos command window. When I got to the mbam.exe entry, it just stopped and would not start. The directory is correct and the file name in that directory is correct, but the program will not run. I was able to do all of the other steps (OTM and fix.reg) to that point with no problems.
hey patrick i need some help please i think i removed antivirus pro from my computer but my desktop is still infected, all the icons are still in red & the warning sign is still in the background, i can use my task manager but i can’t find svchast.exe nor antivirus pro please help me.l
Thank you so so so much!!!! I have to admit i was a little skeptical at first of this site because if the windows antivirus pro was a scam, what else was. Without having any other options I followed your instructions and i am so happy that i did. Everything is back to its original state. Thanks again and i will def refer you to others!!!
KATHY and kenny, make a new topic at our Spyware removal forum.
I ran the entire process EXACTLY as shown. It went perfect and as expected until the final step. After Malware program found 46 infected files and I removed them all. When I clicked restart the computer will NOT LOAD WINDOWS AT ALL!!! I cannot even get it to load in safe mode!! It just reboots over and over!!!
WHAT THE F#@K!!!!!!!
Somebody help please
Tim, looks like virus damaged a few system files. Try boot your PC in last good configuration.
as to the problem i have seen posted that people ran into with windows asking what program should be used to open the program with, i simply pointed it towards c:\windows\system32\cmd.exe
once i did this, the command shell opened, and i was able to open whatever i wanted, including regedit notpad, and malwarebytes. hopefully this works for others and isnt just a freak case i had. anyways good luck and be safe
I am trying to rename the file otm but i can’t because when i goto mycomputer and click the tools tab it only shows Map Network Drive, Disconnect Network Drive, Synchronize
Hi,
Thanks a lot for this help…
I faced a lot of trouble with Windows Anti-Virus Pro…
And still my reg files r not repaired…
for step 2…
I created the fix.reg file and tried to run it but it says that registry changes r disabled by my administrator… I tried right-clicking and using run as option but it does not give any run as option…
The only options i get on a right click are merge and open with…
Please help me with this…
Bhavik
Thanks SOOOO much.. you saved my life…
Thank yuo so much for this guide
Holla.
SO glad I found this tutorial. I was going to end up reformatting or something ridiculous.
Gracias!
I had a few things happen with my computer in the last day. I know I had the desot file on the computer, and followed these instructions. That was the only one found when I used the OTM program. After step2 I went to install the MBAM and the computer now won’t open any exe’s. It brings up a open with window that says “chose a program you want to use to open this file”.
If you can help with a suggestion on how to fix this and get the exe’s to run again, I would greatly appreciate it.
I just tried to run MBAM from safe mode and that didn’t work either. The same windows box came up asking me “chose the program you want to use to open this file” came up. It appears no exe’s will open but the Desot seems to be haulted.
Any suggestions appreciated greatly!
Thanks this walkthrough is a lifesaver.
Thanks, my computer was getting slower and slower and then I could not open any programs, great fix, thank you again
I hadn’t double clicked the notepad on step2 and that is why it hadn’t worked. After doing that, my EXE’s now work. I just want to say thank you so much for having this help out on the internet. I now hope step 3 works.
Thanks, fixed everything, was pulling my hair out for days, but you fixed it in 15 minutes. You are the man!!!
Perfect Thank you, I hate virus setters. Nothing better to do with there lives but mess with other peoples stuff!
Hey, thanks for this great guide. I had already got rid of most of the files but your guide showed me how to get rid of the dlls. Definitely going to fave this and give it to others with the same problem.
EVERYONE CHECK OUT MY VIDEO ON HOW TO REMOVE IT ON YOUTUBE! IT IS RATED 5 STARS AND WORKS!
youtube.com/watch?v=L56km7gu4gQ&eurl=http%3A%2F%2Fwww.youtube.com%2Fuser%2FPTGProductionz&feature=player_profilepage
THERES THE LINK!
I just wanted to tell everyone who has issues opening the software…
Right click the setup icon, select \
Guys, thank you from the bottom of my hard drive. It took a little while but I am back in the saddle!