Windows Antivirus Pro is a rogue antivirus/antispyware program that uses false scan results and fake alerts as a method of scaring you into buying the software. During installation, Windows Antivirus Pro will be set to start automatically when you start your PC. Once running, it will begin to scan your PC and list a large amount of infections. All of these infections are fake, so you can safely ignore them.
Windows Antivirus Pro disables the ability to run any programs, including MalwareBytes’ Anti-Malware. The following alert will be shown when you try to run any program (files with “exe” extension):
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
While Windows Antivirus Pro is running your computer will display nag screens and fake security alerts that tells you:
Security Warning
Malicious programs that may steal your private information
and prevent your system from working properly are detected
on your computer.
Click here to clean your PC immediately.
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
Warning
Unwanted software (malware) or tracking cookies have been found during
last scan. It is highly recommended to remove it from your computer.
Windows Antivirus Pro
Windows Antivirus Pro has denied
internet access of the program.
Internet Explorer is possible injected with worm Backdoor.Win32.Hupigon.fixn. This worm
attempts to send your personal information to remote host thought Internet Explorer.
Windows Antivirus Pro Alert
Infiltration Alert
Your computer is being attacked by an
Internet Virus. It could be a password-
stealing attack, a trojan-dropper or simular.
Details
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack
Also the program will show fake Windows Security Center that will recommend you use Windows Antivirus Pro. Instead of doing so, use these Windows Antivirus Pro removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe
Use the following instructions to remove Windows Antivirus Pro (Uninstall instructions)
1. Remove Windows Antivirus Pro main components.
Please download OTM by OldTimer from here. Once Save Dialog opens, please rename a file from OTM.exe to OTM.com and click Save button to save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
svchast.exe
Windows Antivirus Pro.exe
:services
AntipPro2009_12
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}]
:files
%windir%\system32\desot.exe
%windir%\system32\dddesot.dll
%windir%\svchast.exe
You will see window similar to the one below.
OTM
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
3. Remove Windows Antivirus Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Antivirus Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Antivirus Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Update: a new version of Windows Antivirus Pro has been released. It is called Windows Police Pro. Read the article: Remove Windows Police PRO (Uninstall instructions).
Windows Antivirus Pro creates the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desot.exe
c:\program files\windows antivirus pro\msvcm80.dll
c:\program files\windows antivirus pro\msvcp80.dll
c:\program files\windows antivirus pro\msvcr80.dll
c:\program files\windows antivirus pro\Windows Antivirus Pro.exe
c:\program files\windows antivirus pro\tmp\dbsinit.exe
c:\program files\windows antivirus pro\tmp\wispex.html
c:\program files\windows antivirus pro\tmp\images\i1.gif
c:\program files\windows antivirus pro\tmp\images\i2.gif
c:\program files\windows antivirus pro\tmp\images\i3.gif
c:\program files\windows antivirus pro\tmp\images\j1.gif
c:\program files\windows antivirus pro\tmp\images\j2.gif
c:\program files\windows antivirus pro\tmp\images\j3.gif
c:\program files\windows antivirus pro\tmp\images\jj1.gif
c:\program files\windows antivirus pro\tmp\images\jj2.gif
c:\program files\windows antivirus pro\tmp\images\jj3.gif
c:\program files\windows antivirus pro\tmp\images\l1.gif
c:\program files\windows antivirus pro\tmp\images\l2.gif
c:\program files\windows antivirus pro\tmp\images\l3.gif
c:\program files\windows antivirus pro\tmp\images\pix.gif
c:\program files\windows antivirus pro\tmp\images\t1.gif
c:\program files\windows antivirus pro\tmp\images\t2.gif
c:\program files\windows antivirus pro\tmp\images\up1.gif
c:\program files\windows antivirus pro\tmp\images\up2.gif
c:\program files\windows antivirus pro\tmp\images\w1.gif
c:\program files\windows antivirus pro\tmp\images\w11.gif
c:\program files\windows antivirus pro\tmp\images\w2.gif
c:\program files\windows antivirus pro\tmp\images\w3.gif
c:\program files\windows antivirus pro\tmp\images\w3.jpg
c:\program files\windows antivirus pro\tmp\images\wt1.gif
c:\program files\windows antivirus pro\tmp\images\wt2.gif
c:\program files\windows antivirus pro\tmp\images\wt3.gif
%UserProfile%\start menu\Programs\windows antivirus pro\Windows Antivirus Pro.lnk
%UserProfile%\Desktop\Windows Antivirus Pro.lnk
c:\WINDOWS\svchast.exe
Windows Antivirus Pro creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f54af7de-6038-4026-8433-cc30e3f17212}
HKEY_CURRENT_USER\SOFTWARE\Windows AntiVirus Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_12
Hey, when I first opened MBAM and clicked ‘Scan’ it would scan for a second or so and then the entire window would close. This has happened to me on multiple occasions and when I would try to re-open MBAM it would say \
‘you may not have permission to access this path’. Uninstalling and reinstalling MBAM doesn’t work. Could someone help me?
thanks patrik but now when i move to step 2 i get another problem. when i try to run ‘command’ i get a messaged with 3 lines(the slashes are opposite). 16 bit ms-dos subsystem (title); line 1 C:/WINNT/system32/command.com; line 2 C:/WINNT/SYSTEM32/AUTOEXEC.NT. The system file is not suitable for running ms-dos and microsoft windows applications. line 3 choose ‘close’ to terminate application…….when i ignore, the run program closes. please help
I’ve got it to where it will run in install program (finally) but it always freezes when the setup process gets to “finishing installation”. The program shows up as installed on my computer, though I have to open the task manager to end process on the installer. The program is (theoretically) installed, but it simply will not open.
i forgot to mention that i cant run safe mode and also everytime i boot my computer up i get a message ‘windows cannot find ‘logon.exe’. make sure you type name correctly and try again…’
thanks again patrik!
THANKS FOR HELPING ME GET THIS PAIN OUT OF MY ASS!!!!9
Thank you!!! This is an excellent walkthrough and it saved my life!
Thx so much i think that worked fingers crossed
guys need help of this freaking desot.exe it wont let me allow to download anykind of file.. and also i can open exe file. i already tried changng ther names.. and add something but it still doesnt work.. pls help… just send me some information on how to fix this problem,, heres my email.. maiyo_mcp @ ….com
pls help..
thnx….
its making my day so bad… pls… help.. T_T
I followed your instructions to remove Windows AntiVirus Pro and now my computer is completely hosed. I can’t access any files, programs or the internet and my desktop has a restore Active Desktop notice, but when I follow those instructions to look at properties, I get a note that Application is not found. Please help!
I found another way to get on the internet, so I started the process over. When I double click Fix.reg, I never get an opportunity to choose \
Let me try this again. I found another way to get on the internet, so I started the process over.
However, when I double click Fix.reg, I never get an opportunity to choose yes. What should I do?
YOU GUYS KICK A$$. Thank you so much. You made a nightmare a cure all! I cannot thank you enough!!!!!
Sorry about that
In Step 2 when I save the fix.reg (it’s set to “All Files” and I’ve double checked to see if there was any mistakes), up till then everything works fine.
However, when I double click the fix.reg, I get this:
Logon.exe
Application not found
What do I do?
Thank you so much!! Being a Marine you get a big OOOOOOOOORAHH! from me!
I have been fighting with this problem for a week, to no avail. This is the first problem I’ve had that I needed to seek help. Luckily first click I found this site. In 7 minutes, all was fixed.
I sincerely thank you, now to my scheduled coursework! haha, thank you!
AWESOME. Worked the first time. I really appreciate the help guys, you rock!
ftw 😉 Was able to remove in 30mins but I had a problem with “run as…” thing for malwarebytes. All I had to do is change mbamgui.exe to mbamgui.com… LOL
Thanks guys
I couldnt run any EXE or install any of the said anti-spyware software. So here is what I did.
1. On bootup, press F8, boot using “Last known Config”.
2. Install Malware AntiSpyware software. Update for the latest signatures (on 2nd tab)
3. Then Scan using Malware AntiSpyware. It detected 63 spam trojans and windows AntiSpyware spam. Delete them. Let system reboot using normal configuation (not last known or Safe Mode that is).
It removed the desot.exe and other bad stuff I had on my PC. Worked for me.
Thanks! with Vista, I was gettting that OTM.com was not a valid win32 application…so I ran the OTM.exe through command prompt and that launched it….everything went perfect after that.
I’ve tried this many times and it seems no matter what I do I cannot get Malwarebytes to run. I’ve also tried running a disc of Norton 360 but it won’t install either. It is kind of a shame I can’t get anything that will fix my problem to install. Still, this step by step has at least allowed me the use of all programs already existing on my computer, which is nice.
When I run a quick scan it goes for about 20 seconds and then it closes the program. What do I do?
Followed KJ’s advice and it worked perfectly! My computer is 100% okay now!
Thanks!
Michael, ask for help at our Spyware removal forum.
I was just about to format when i thought one last go. So glad i found your article Thanks…….
I can’t run malwarbytes it won’t come up. it is downloaded and I tried Patrick command and that did not work either. I know very little about computers can someone help PLEASE!
my computer is slow but I do not have the antivirus pro pop up any more because I went into task manager and ended the program
OMG, this is amazing. After spending hours of trying to remove Windows Antivirus Pro, I finally came across this page and removed that stupid virus successfully. THANK YOU!!!
Thank you so much! This program made my life a living hell for a week!