Windows Antivirus Pro is a rogue antivirus/antispyware program that uses false scan results and fake alerts as a method of scaring you into buying the software. During installation, Windows Antivirus Pro will be set to start automatically when you start your PC. Once running, it will begin to scan your PC and list a large amount of infections. All of these infections are fake, so you can safely ignore them.
Windows Antivirus Pro disables the ability to run any programs, including MalwareBytes’ Anti-Malware. The following alert will be shown when you try to run any program (files with “exe” extension):
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
While Windows Antivirus Pro is running your computer will display nag screens and fake security alerts that tells you:
Security Warning
Malicious programs that may steal your private information
and prevent your system from working properly are detected
on your computer.
Click here to clean your PC immediately.
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
Warning
Unwanted software (malware) or tracking cookies have been found during
last scan. It is highly recommended to remove it from your computer.
Windows Antivirus Pro
Windows Antivirus Pro has denied
internet access of the program.
Internet Explorer is possible injected with worm Backdoor.Win32.Hupigon.fixn. This worm
attempts to send your personal information to remote host thought Internet Explorer.
Windows Antivirus Pro Alert
Infiltration Alert
Your computer is being attacked by an
Internet Virus. It could be a password-
stealing attack, a trojan-dropper or simular.
Details
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack
Also the program will show fake Windows Security Center that will recommend you use Windows Antivirus Pro. Instead of doing so, use these Windows Antivirus Pro removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe
Use the following instructions to remove Windows Antivirus Pro (Uninstall instructions)
1. Remove Windows Antivirus Pro main components.
Please download OTM by OldTimer from here. Once Save Dialog opens, please rename a file from OTM.exe to OTM.com and click Save button to save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
svchast.exe
Windows Antivirus Pro.exe
:services
AntipPro2009_12
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}]
:files
%windir%\system32\desot.exe
%windir%\system32\dddesot.dll
%windir%\svchast.exe
You will see window similar to the one below.
OTM
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
3. Remove Windows Antivirus Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Antivirus Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Antivirus Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Update: a new version of Windows Antivirus Pro has been released. It is called Windows Police Pro. Read the article: Remove Windows Police PRO (Uninstall instructions).
Windows Antivirus Pro creates the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desot.exe
c:\program files\windows antivirus pro\msvcm80.dll
c:\program files\windows antivirus pro\msvcp80.dll
c:\program files\windows antivirus pro\msvcr80.dll
c:\program files\windows antivirus pro\Windows Antivirus Pro.exe
c:\program files\windows antivirus pro\tmp\dbsinit.exe
c:\program files\windows antivirus pro\tmp\wispex.html
c:\program files\windows antivirus pro\tmp\images\i1.gif
c:\program files\windows antivirus pro\tmp\images\i2.gif
c:\program files\windows antivirus pro\tmp\images\i3.gif
c:\program files\windows antivirus pro\tmp\images\j1.gif
c:\program files\windows antivirus pro\tmp\images\j2.gif
c:\program files\windows antivirus pro\tmp\images\j3.gif
c:\program files\windows antivirus pro\tmp\images\jj1.gif
c:\program files\windows antivirus pro\tmp\images\jj2.gif
c:\program files\windows antivirus pro\tmp\images\jj3.gif
c:\program files\windows antivirus pro\tmp\images\l1.gif
c:\program files\windows antivirus pro\tmp\images\l2.gif
c:\program files\windows antivirus pro\tmp\images\l3.gif
c:\program files\windows antivirus pro\tmp\images\pix.gif
c:\program files\windows antivirus pro\tmp\images\t1.gif
c:\program files\windows antivirus pro\tmp\images\t2.gif
c:\program files\windows antivirus pro\tmp\images\up1.gif
c:\program files\windows antivirus pro\tmp\images\up2.gif
c:\program files\windows antivirus pro\tmp\images\w1.gif
c:\program files\windows antivirus pro\tmp\images\w11.gif
c:\program files\windows antivirus pro\tmp\images\w2.gif
c:\program files\windows antivirus pro\tmp\images\w3.gif
c:\program files\windows antivirus pro\tmp\images\w3.jpg
c:\program files\windows antivirus pro\tmp\images\wt1.gif
c:\program files\windows antivirus pro\tmp\images\wt2.gif
c:\program files\windows antivirus pro\tmp\images\wt3.gif
%UserProfile%\start menu\Programs\windows antivirus pro\Windows Antivirus Pro.lnk
%UserProfile%\Desktop\Windows Antivirus Pro.lnk
c:\WINDOWS\svchast.exe
Windows Antivirus Pro creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f54af7de-6038-4026-8433-cc30e3f17212}
HKEY_CURRENT_USER\SOFTWARE\Windows AntiVirus Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_12
cant get past step two keep saying administrator wont allow have tryed all in post and still no good how can i fix.reg
sinista, ask for help at our Spyware removal forum.
nice fix…good job man
Awesome! I can’t believe I actually found something that worked. I thought I was doomed. Thanks!
As others have said, this worked perfect for me and I found no other website that got rid of it so easily! I too thought I was doomed.
HELP! This didn’t help me I have desote.exe I did everything shown but it doesn’t go away. After I ran OTM it didn’t delete the file because it was looking for desot.exe. What do I do now? I manually removed desote.exe but it keeps coming back!
Ok, I did everything that was stated above but it didn’t work. destoe.exe and svchast.exe keep coming back!
There has to be something that causes this to come back some application or something.
I run the above steps above in safe mode with network and still have the same problem. Even after I run the OTM when the log pops up I get the same debug error (79).
I made sure that windows patrol (the police patrol) files are gone. I am not sure what to do now. 🙁
Ruth, try these steps: http://www.myantispyware.com/2009/08/31/remove-windows-police-pro-uninstall-instructions/
Help!!! I ran OTM and it seemed to work fine. But then I ran the .reg file (which I copied and pasted) and rebooted and now I can’t run any programs. For example, if I try to run msconfig, I get a message \
when i start anti malware it closes down after 30 seconds!! what do i do
Bob, try step 2 again.
jose, make a topic at our Spyware removal forum.
THANK YOU SO MUCH!! this forum was explained very well and clearly! THANK YOU SO MUCH & it saved me a lot of money! i’ve never seen a forum so successful and im truly grateful which is why i had to come on here and thank the person that created this forum! YOU ARE AWESOME & i am truly grateful for your help! THANK YOU SO MUCH!!
I have followed te instructios t the letter and have finally removed this beast from my system, installed the antimalware..BUT NOW I CAN NOT ACCESS THE INTERNET< PLEASE tell me how to repair this last detail…ps Thanks for saving the day!..heck week..
Excellent! Saved a friend’s laptop that her son with a MIS degree said would have to be wiped clean. Thanks…..I’m a hero.
Linda, open the instruction.Scroll down and read additional step 1.
Thank you! Saved my laptop from being wiped clean.
Hello, I am in need of some help with this virus thing as well. I believe that I removed most of the files manually, it wouldnt let me dl any spyware program such as malware byte or AVG, it blocked my NOD32 program from running also.
All I know is last night after doublechecking thru spyware doctor of all the known threats I did remove them. I went back to malware bytes to get it installed and right cliked on it, and put in owner(which is me) and my pass, it then said cant install in safe mode, need to reboot. So, I did.
Once I rebooted I get nothing! It will go to start up and loading settings but logs back off. I tried all the other modes there are ie, safe mode, safe mode with networking, the configurations one, but, it will not let me boot back up. So, I am at a loss, I dont know what else to do, I could stick in the systems recovery disc, but, I will lose all my pictures 🙁 but, I tried to dl the pics onto a cd the other day due to this virus and was unable to dl anything. Thank You for your help,
bella
niceandnaughtybella, make a new topic at our Spyware removal forum.
I have major issues. got rid of most of the files myself..then found this guide…got otm..had malwarebytes…and got hijack this. I can’t run anything unless I change to .com…anything that does run…quits within 10 second of running, and I can’t run it again. I’ve deleted desot the other associatied files…but I replaced my rundll32.exe with a fresh one out of C:\i386…dunno if that caused more issues but I got issues…any thoughts?
It wont work for me some reason it just says the same blackbox C/:windows/system32/desot.exe.No reboot box comes up but these were my results
========== PROCESSES ==========
No active process named svchast.exe was found!
No active process named Windows Antivirus Pro.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver AntipPro2009_12 not found.
Service\Driver AntipPro2009_12 not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}\ not found.
Registry key HKEY_LOCAL_MACHINE\\SOFTWARE\Classes\CLSID\{F54AF7DE-6038-4026-8433-CC30E3F17212}\ not found.
========== FILES ==========
Folder C:\WINDOWSC:\WINDOWS\system32\desot.exe not found.
Folder C:\WINDOWSC:\WINDOWS\system32\dddesot.dll not found.
Folder C:\WINDOWSC:\WINDOWS\svchast.exe not found.
OTM by OldTimer – Version 3.0.0.6 log created on 09102009_211508
Nothing was found and i dont know why but its still doesnt work
Geo, probably your computer also infected with traojan braviax that has replaced a few system files (beep.sys, ntfs.sys). Try these braviax removal instructions or ask for help in our Spyware removal forum.
I am having trouble removing this virus. I am not able to run ANY applications due to a “Cant load MSVCP80.dll” error message. I have tried everything stated in the instructions but i am not able to run any of the necessary programs for removal. Any help would be greatly appreciated. Thanks.
Chris, try step 2. After that follow steps 1 and 3.
thx patrik for your response. I seached for braviax and related files but found nothing. I still can’t get any exe or .com to run correctly. It seems that once it runs…it will run for a bit then just get killed…after its been run, whether I change to .com or back to .exe it won’t run. Spyware Dr needs to connect to inet to work, and its not lettin malware run at all. Access denied bs…..I’m stumped!
I think I forgot to mention it disables my network adapter which makes it a bit tougher to clean out. I’ve burnt otm, mw, spydr, all sorts of stuff on cd to try..but still have the instant kill of apps and updated via inet before scanning
Thank you soo much and i had just about given up hope and was gonna call someone to fix my computer. Just saved me money thank you
Can you please help me, for a month now(not sure what i did)i cannot open any programs on dsektop,start/programs anywhere. The icons have changed and apps all end in .INK. also something about rundll32 has come across too while trying to download antiviruses. I go to run the file, it goes to a file assosciation page, something about page file not found. I go to save it,only to not be able to open it,Ive been told to save the anti virus apps in a different name to trick the bug,also done in safe mode,did not work. I tried to restore, but there is no restoration point. I am going crazy here. Can somebody out there please help me. Desperate…. Thank you.
Allan, make a new topic in our Spyware removal forum.
Hi all. I got this virus on my PC a month ago. Followed the instructions, got rid of it. Somehow today its back, and i didn’t hane a chance to do anything. At this point there is nothing on my desc top, exept my screensaver. Tried Safe mode, nothing, just black screen. Tried ctrl alt delite- nothing, says it’s disabled by the admin. What now? Please help. Dont have money to get a new comp right now and i need it for school.