Windows Antivirus Pro is a rogue antivirus/antispyware program that uses false scan results and fake alerts as a method of scaring you into buying the software. During installation, Windows Antivirus Pro will be set to start automatically when you start your PC. Once running, it will begin to scan your PC and list a large amount of infections. All of these infections are fake, so you can safely ignore them.
Windows Antivirus Pro disables the ability to run any programs, including MalwareBytes’ Anti-Malware. The following alert will be shown when you try to run any program (files with “exe” extension):
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
While Windows Antivirus Pro is running your computer will display nag screens and fake security alerts that tells you:
Security Warning
Malicious programs that may steal your private information
and prevent your system from working properly are detected
on your computer.
Click here to clean your PC immediately.
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
Warning
Unwanted software (malware) or tracking cookies have been found during
last scan. It is highly recommended to remove it from your computer.
Windows Antivirus Pro
Windows Antivirus Pro has denied
internet access of the program.
Internet Explorer is possible injected with worm Backdoor.Win32.Hupigon.fixn. This worm
attempts to send your personal information to remote host thought Internet Explorer.
Windows Antivirus Pro Alert
Infiltration Alert
Your computer is being attacked by an
Internet Virus. It could be a password-
stealing attack, a trojan-dropper or simular.
Details
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack
Also the program will show fake Windows Security Center that will recommend you use Windows Antivirus Pro. Instead of doing so, use these Windows Antivirus Pro removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe
Use the following instructions to remove Windows Antivirus Pro (Uninstall instructions)
1. Remove Windows Antivirus Pro main components.
Please download OTM by OldTimer from here. Once Save Dialog opens, please rename a file from OTM.exe to OTM.com and click Save button to save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
svchast.exe
Windows Antivirus Pro.exe
:services
AntipPro2009_12
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}]
:files
%windir%\system32\desot.exe
%windir%\system32\dddesot.dll
%windir%\svchast.exe
You will see window similar to the one below.
OTM
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
3. Remove Windows Antivirus Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Antivirus Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Antivirus Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Update: a new version of Windows Antivirus Pro has been released. It is called Windows Police Pro. Read the article: Remove Windows Police PRO (Uninstall instructions).
Windows Antivirus Pro creates the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desot.exe
c:\program files\windows antivirus pro\msvcm80.dll
c:\program files\windows antivirus pro\msvcp80.dll
c:\program files\windows antivirus pro\msvcr80.dll
c:\program files\windows antivirus pro\Windows Antivirus Pro.exe
c:\program files\windows antivirus pro\tmp\dbsinit.exe
c:\program files\windows antivirus pro\tmp\wispex.html
c:\program files\windows antivirus pro\tmp\images\i1.gif
c:\program files\windows antivirus pro\tmp\images\i2.gif
c:\program files\windows antivirus pro\tmp\images\i3.gif
c:\program files\windows antivirus pro\tmp\images\j1.gif
c:\program files\windows antivirus pro\tmp\images\j2.gif
c:\program files\windows antivirus pro\tmp\images\j3.gif
c:\program files\windows antivirus pro\tmp\images\jj1.gif
c:\program files\windows antivirus pro\tmp\images\jj2.gif
c:\program files\windows antivirus pro\tmp\images\jj3.gif
c:\program files\windows antivirus pro\tmp\images\l1.gif
c:\program files\windows antivirus pro\tmp\images\l2.gif
c:\program files\windows antivirus pro\tmp\images\l3.gif
c:\program files\windows antivirus pro\tmp\images\pix.gif
c:\program files\windows antivirus pro\tmp\images\t1.gif
c:\program files\windows antivirus pro\tmp\images\t2.gif
c:\program files\windows antivirus pro\tmp\images\up1.gif
c:\program files\windows antivirus pro\tmp\images\up2.gif
c:\program files\windows antivirus pro\tmp\images\w1.gif
c:\program files\windows antivirus pro\tmp\images\w11.gif
c:\program files\windows antivirus pro\tmp\images\w2.gif
c:\program files\windows antivirus pro\tmp\images\w3.gif
c:\program files\windows antivirus pro\tmp\images\w3.jpg
c:\program files\windows antivirus pro\tmp\images\wt1.gif
c:\program files\windows antivirus pro\tmp\images\wt2.gif
c:\program files\windows antivirus pro\tmp\images\wt3.gif
%UserProfile%\start menu\Programs\windows antivirus pro\Windows Antivirus Pro.lnk
%UserProfile%\Desktop\Windows Antivirus Pro.lnk
c:\WINDOWS\svchast.exe
Windows Antivirus Pro creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f54af7de-6038-4026-8433-cc30e3f17212}
HKEY_CURRENT_USER\SOFTWARE\Windows AntiVirus Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_12
and how come McAfee let this thing on my computer. Its suppose to be a good antivirus protection…
victoria, you have a few variants (for all of them you need a Windows installation disk).
1. Using recovery console to repair system files (explorer.exe, ntfs.sys, eventlog.dll, beep.sys)
2. Read the article michaelstevenstech.com/XPrepairinstall.htm
Yeah Patrik, but I have one problem, THE DISK :). I don’t have it:(. I was able to open the task manager in safe mode today. I wil try to do something with that. Hope it works, not very sure what i’m doing exactly, but i’ll try. All of the comments here are very helpful. Thank you.
ok, now i think my comp. is done :(. I was able to do everything in safe mode, but when was not able to perform the scan. Tried couple of times, and … got the blue screen that says
\
The blue screen says “a problem has been detected and windows has been shut down to prevent damage to your computer” I think at this point my comp is done, unless you have any suggestions. I don’t have the windows disk anymore, i bought the comp 5 years ago. Help please.
Victoria, then you need ask for help in a local computer service company. Also you can call to Microsoft.
I deleted the Windows Police Program but now my PC just gets a desot.exe needs to be terminated press ok to terminate and it just pops back up after I press ok. I also can’t run any programs.
If you get:
“Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.”
You can circumvent this by creating a DOS batch file (runme.bat), and add DOS commands to it.
I did this to install and run the anti-malware software that killed the “Personal Guard” virus.
For example, if you have a thumb drive, you can download Malwarebytes’ Anti-Malware from another computer, save the install file on a thumb drive, then run the install by creating the batch file.
For those who don’t know what a batch file is, it’s just a text file with dos commands in it with an extension BAT. So to run the install, you create a text file called runme.bat then edit it in notepad and put in something like:
f:\malwarebytes_setup.exe
where f is the drive letter of the thumb drive.
Then double click your BAT file and it will run.
This Was SOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO Much help! THANK YOU SO MUCH…..AN IT WAS EASY! WOW My comp is up and running again! YOur The Best. Im posting this up on Myspace! So Awesome!
Hi!
My icons and desktop have disappeared. Everytime I try to run malwarebytes it starts scanning but then just shuts down. Anyone have any suggestions?
Johnathan, probably your computer also is infected wit a new version of trojan braviax. Ask for help in our Spyware removal forum.
this is a pain in the ass i found that after i ran the otm program and went into safe mode i bsod everytime. So i used HIrens Boot cd and used the malewarebytes and mini xp loaded within the disk to get rid of the bs.
hello..i have the same issue..i actually deleted the folder saying WINDOWS PRO from my Program files..so the OTM says cannot find files svchast.exe…I do not know what to do next…Plzzzzzzzzzzzzzz help me out…
hello..i have the same issue..i actually deleted the folder saying WINDOWS antivirus PRO from my Program files..so the OTM says cannot find files svchast.exe…I do not know what to do next…I am not able to open RUN…or any .exe file or even the web browser….Plzzzzzzzzzzzzzz help me out…
diana, go to step 2.
Hi Patrik thx for all this: but now windows xp will only boot to the trademark screen and the cursor – then it all stops. Cursor can be moved around on black screen but that’s the end. Last good config won’t go past cursor screen either. You told ‘tim’ it might have attacked some system files – how do I fix that?
warren, you need Windows installation disk. Boot from the disk and choose Install Windows, then Recovery Windows option.
Thank you very much for the instructions, tools, and the personal time for working to make things right. Windows Antivirus Pro and others like this need to be legally persecuted to the fullest extent. I have been developing software for over 10 years now and continue to find it repulsive that other developers are trying to take advantage of people with false system cleaning tools.
Thank you again.
Thanks again.
This **** thing came out of nowhere and started to take over my computer. I tried several other solutions posted on the internet without success. Your solution was clear and straight forward – I removed this nasty program in about 1/2 hour. Thank you, thank you, thank you.
Thanks you very much. This helped save work laptop.
rogxsysguard.exe
Ending this process really helped in getting rid of Windows anitviurs pro. After i ended the process I would no longer get the fake alerts.
This stupid virus made me reinstall Windows (of course I had to reinstall everything on my main drive afterwards).
What a waste of a day.
omg!thanks i have been looking for a way to get rid of this thing 4ever.thanks again
I think my notebook is beyond repair. I have this infection, and it’s to the point where no windows will stay open for more then 1 second. If I open the browser it takes me to sysguard2010.microsoft/block.php?r=59.16
The task manager wont stay open for more then 1 second, and neither will OTM.COM
I’ve been working on this thing all day, and I’m really running out of ideas. Anyone have any thoughts as to what I could do? ***@hotmail.com
As a sidebar, thanks to all who helped out with this site. It seems useful to alot of people, and It looks like alot of people needed the help. Keep up the good work.
Dan, make a new account at you PC, then log in to it. Now try run Malwarebytes Anti-malware. If it does not help you, then ask us for help in our Spyware removal forum.
help – antivirus pro invaded me. cant do anything.
kevin, ask for help in our Spyware removal forum.
I lent my father my laptop when i moved out of the house because he said i could have the desktop. He got an ASUS gaming computer so he gave me back the laptop ALONG WITH THE FAKE ASS WINDOWS ANTIVIRUS. I couldn’t do anything, not play UT99, or even burn a cd, not even boot in safemode with networking.
I followed everything step by step and now my laptop is back to normal, THANK YOU SO MUCH FOR POSTING THIS.
please help me i read some websites and they told me to restart and open task manager quickly but now my computer keeps going to a page with the options
safe mode
safe mode with networking
safe mode with c0ommand prompt
back to last working settings
start windows normally
but whichever one i pick it just keeps restarting and going back to that page. =(