Windows Police PRO is a rogue antispyware program. It updated version of Windows Antivirus Pro. Windows Police PRO detects fake infections, displays fake security alerts and nag screens, prevents execution of any programs as a method of scaring you into buying the software. The scareware does not offer any protection to computer! During installation, Windows Police PRO will be set to start automatically when you start your PC. Once running, it starts scanning the computer and found a lot of infections, but all these infections do not exist on your computer, so you can safely ignore them.
Windows Police PRO
Windows Police PRO contains file desote.exe that disables the ability to run any programs, including MalwareBytes’ Anti-Malware and other antivirus and antispyware software. The following alert will be shown when you try to run any program (files with “exe” extension):
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
While Windows Police PRO is running your computer will display nag screens and fake security alerts that tells you:
Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack
Security Warning
Your computer continues to be infected with harmful viruses.
In order to prevent permanent loss of your information and
credit card data theft please activate your antivirus software.
Click here to enable protection.
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
Warning!
Unwanted software (malware) or tracking cookies have been found during
last scan. It is highly recommended to remove it from your computer.
Windows Police Pro has found infected documents or programs.
You can lose your personal data and infect other network computers.
Windows Polics Pro Alert
Infiltration Alert
Your computer is being attacked by an
Internet Virus. It could be a password-
stealing attack, a trojan-dropper or simular.
Details
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Also the program will display fake Windows Security Center that will recommend you use Windows Police Pro. Instead of doing so, use these Windows Police Pro removal instructions below in order to remove this infection and any associated malware from your computer for free.
More Windows Police PRO screen shoots
Symptoms in a HijackThis Log
O2 – BHO: ICQSys (IE PlugIn) – {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} – C:\WINDOWS\system32\dddesot.dll
O23 – Service: AntipPro2009_100 (AntipyProex) – Unknown owner – C:\WINDOWS\svchasts.exe
Use the following instructions to remove Windows Police Pro (Uninstall instructions)
1. Remove Windows Police Pro main components.
Please download OTM by OldTimer from here. Once Save Dialog opens, please rename a file from OTM.exe to OTM.com and click Save button to save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
svchasts.exe
windows Police Pro.exe
:services
AntipPro2009_100
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76DC0B63-1533-4ba9-8BE8-D59EB676FA02}]
:files
%windir%\system32\desote.exe
%windir%\system32\dddesot.dll
%windir%\svchasts.exe
%ProgramFiles%\Windows Police Pro
You will see window similar to the one below.
OTM
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
3. Remove Windows Police Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Police Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Police Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Windows Police Pro creates the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desote.exe
c:\program files\windows police pro\msvcm80.dll
c:\program files\windows police pro\msvcp80.dll
c:\program files\windows police pro\msvcr80.dll
c:\program files\windows police pro\Windows Police Pro.exe
c:\program files\windows police pro\tmp\dbsinit.exe
c:\program files\windows police pro\tmp\wispex.html
c:\program files\windows police pro\tmp\images\i1.gif
c:\program files\windows police pro\tmp\images\i2.gif
c:\program files\windows police pro\tmp\images\i3.gif
c:\program files\windows police pro\tmp\images\j1.gif
c:\program files\windows police pro\tmp\images\j2.gif
c:\program files\windows police pro\tmp\images\j3.gif
c:\program files\windows police pro\tmp\images\jj1.gif
c:\program files\windows police pro\tmp\images\jj2.gif
c:\program files\windows police pro\tmp\images\jj3.gif
c:\program files\windows police pro\tmp\images\l1.gif
c:\program files\windows police pro\tmp\images\l2.gif
c:\program files\windows police pro\tmp\images\l3.gif
c:\program files\windows police pro\tmp\images\pix.gif
c:\program files\windows police pro\tmp\images\t1.gif
c:\program files\windows police pro\tmp\images\t2.gif
c:\program files\windows police pro\tmp\images\up1.gif
c:\program files\windows police pro\tmp\images\up2.gif
c:\program files\windows police pro\tmp\images\w1.gif
c:\program files\windows police pro\tmp\images\w11.gif
c:\program files\windows police pro\tmp\images\w2.gif
c:\program files\windows police pro\tmp\images\w3.gif
c:\program files\windows police pro\tmp\images\w3.jpg
c:\program files\windows police pro\tmp\images\wt1.gif
c:\program files\windows police pro\tmp\images\wt2.gif
c:\program files\windows police pro\tmp\images\wt3.gif
%UserProfile%\start menu\Programs\windows police pro\Windows Police Pro.lnk
%UserProfile%\Desktop\Windows Police Pro.lnk
c:\WINDOWS\svchasts.exe
Windows Police Pro creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_100
Been working on this thing since last night. Machine was pretty hosed by the time I got to it. Everything has worked great up until actually running MBAM. It doesnt ever actually launch it just sits in the task bar for about 5 minutes using between 2,250b and 2,500b before it drops out and dissapears. Ran Dr.Web and killed some trojans and that seemed to help the machines performance a bit. Also tried running HijackThis. Could only run the installation after renaming it to a .com and then it died about 10 seconds into the scan without generating a log and I am now getting a not sufficient permissions error when I try to re-launch the program. Any advise at all would be appreciated as my next anti virus tool might possably be a hammer.
can only access internet through firefox cannot change .exe to .com how do i fix
I can do all but run a malware scan… It closes in the early part of scanning and takes ownership of that antivirus program with the shared icon in corner. I can take ownership back but each time i try to scan it will stop it.
and geez that security code is hard to read when commenting!
Thanks! Everything worked except the fixing the registry part. To fix that, I used http://support.microsoft.com/kb/555067 .
Tony, looks like your PC infected with a trojan thta blocks MalwareBytes. Ask for help at our Spyware removal forum.
Matt, download OTM.exe to your desktop. Enable “show file extensions”. For it: Click Start, Open My Computer, Select the Tools menu and click Folder Options, Select the View tab, Uncheck the Hide file extensions for known types option, Click Yes to confirm, Click OK.
Then right click to OTM.exe, select Rename. Type a new name – OTM.com and press Enter. Run it.
Wonderful solution, thanks a lot, it worked: I got rid of it
Greetings from Germany!
I cannot get online evey with firefox, can someone explain step by step for me how to put OTM and Malware Bytes on a disk and get them renamed so maybe I can get them onto the infected PC to run?
I thought I had Malware Bytes, got it to set up and install, but it’s blocked from running, so maybe renaming it would work?
I am going to lose a lot of pictures if I have to reinstall on this one:( Would sure appreciate any help.
Karen133, ask for help at our Spyware removal forum.
Hello all, I am also suffering from this Windows Police Pro my problem is that I have a completely black screen and cannot access anything except for the task manager. I cannot even get a hijack log, nor can I use Malware. I really need someone to help me. I am able to get into the registry and can see the items listed above, but cannot delete them. I am running Windows XP. Thank you for any help.
Jean, go to our Spyware removal forum.
Patrik, the instructions worked beautiful. I can now get into all my applications including able to run Regedit. My PC in mine once again
Forgot – Thank you.
Patrik,
Getting an error when I double-click the notepad file.
“Registry editing has been disabled by your administrator.”
Suggestions?
Thanks so much on all the detail of how to remove this crappy Police Pro that is driving me crazy, only problem is that I can’t download the OTM in the first step on the infected computer because it won’t let me get online. Please tell me what I need to do (and is it safe to download to my uninfected PC)to save it on a disk and open on the infected PC. ANY HELP WILL DO!!!! Thank you so much before hand!
Niko, make a new topic at our Spyware removal forum.
Julie, yes you can move files from uninfected to infected PC. Only use CD disk or set write protection on USB drive.
ok so I was able to copy and paste with another disc onto the OTM finally, but when I hit move it gave me the info under results and then an Error box came up saying Error creating Log file! Then another came up saying Error creating Restore file!
So i hit ok on both those errors and then it asked me about if I wanted to reboot and I hit yes, but it didn’t reboot on its own, so I went to the start and hit restart computer, but it restarted and all the 34 error boxes popped up as always…so I continued with the step 2 completed and restarted my computer again…but can’t go on to step three to download MBAM but it still won’t let me go online at all, what am I missing? should I be able to go online by completing step 1 and 2 or should I be saving malware to a disk and transferring it onto infected computer. Please send help and if theres a email I can write to that makes this easier then posting all this please let me
Thanks Julie
OMG THANK YOU SOOOOOO MUCH FOR ALL THIS INFORMATION!!! Disregard last post, I got it to work!!! NO MORE POLICE PRO!!! Just one more question, do I need to remove any of the new stuff I put on my PC once it’s not infected anymore (like that fix.reg thing I put on the notebook now on my desktop along with that malwarebytes anti-malware on my desktop? One more thing all my icons on my desktop still have a blue backround behind the words as if they are highlighted, will that ever come off or does that even matter! THANKS AGAIN!!!!
Just curious that now that police pro is removed do I need to delete anything that I had to install or will it be fine to leave on the computer? Also, all of my desktop icons are highlighted blue still, how do I stop that from happening? Thats all and thanks again!!!
Everything works fine till i run malware, it looks like its starting to scan but after 10 seconds it closes by itself and i can not open it again. Please help!!
This fixed everything. Thank you! A+
I tried several other sites and none of them worked. These instructions are the only ones I have found that worked. The key though, was having another computer so I could save the OTM and Malwarbytes program and the text to paste into OTM onto a CD and move it to the infected computer. I spent the last four hours trying everything else, and this WORKED! Thank you, Thank you!
Julie, run Run OTM. Click CleanUp button. If you are asked to reboot the machine choose Yes.
Uninstall Malwarebytes Antimalware using Add/Remove programs panel. And open Desktop settings to set your own.
I have saved the file fix.reg to the desktop
and double clicked then said yes, now when I go to reboot the computer the command box is still there, how do I remove the command box? so I can reboot? do I hit end now?
Hey, i have the same problem as nko. I did everything here but my regedit is disabled so fix.reg brings up “Registry Editing is disabled by administator”. I’ve tried changing this through group policy settings but it won’t work. it changes the settings but i still get the same error. Any suggestions?
I can not get the registry file to work. I’ve used the microsoft fix as suggested by another user, but that does not work. i can not disable system restore in safe mode which also is a key component. Any help on this matter?
Now that this Police Pro trojan is gone, will an anti-virus program like McAfee keep it out? Why didn’t McAfee keep it out in the first place?
Thanks for all the detail – finally got this off my husband’s computer.
One thing – I had trouble installing the mbam-setup program at first, had to change the name and the extension – THEN it wouldn’t RUN after I’d installed and done all the other stuff. It just did absolutely nothing. Turned out I had to navigate to the install folder and change the name of the program and it’s extension to finally get it to run. (I changed it to “whatever.com” and then it ran fine. Of course, then my shortcut didn’t work, so I just deleted it.) I’m thinking I had a more recent version of the malware and it had gotten “smarter”.
I used this solution and it got rid of Windows Police Pro with OldTimer, but I still cannot open Malwarebytes’ Anti-Malware and my computer is not running explorer.
This was happening before I got rid of Windows Police Pro with your tutorial and it’s still happening.
The only way I can access my desktop and the start menu are in Safe Mode. But even in Safe Mode Malwarebytes won’t work.
On normal mode boot up I can only use Windows Task Manager.