Windows Police PRO is a rogue antispyware program. It updated version of Windows Antivirus Pro. Windows Police PRO detects fake infections, displays fake security alerts and nag screens, prevents execution of any programs as a method of scaring you into buying the software. The scareware does not offer any protection to computer! During installation, Windows Police PRO will be set to start automatically when you start your PC. Once running, it starts scanning the computer and found a lot of infections, but all these infections do not exist on your computer, so you can safely ignore them.
Windows Police PRO
Windows Police PRO contains file desote.exe that disables the ability to run any programs, including MalwareBytes’ Anti-Malware and other antivirus and antispyware software. The following alert will be shown when you try to run any program (files with “exe” extension):
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
While Windows Police PRO is running your computer will display nag screens and fake security alerts that tells you:
Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and
infection other computers connected to your network.
Click here to prevent attack
Security Warning
Your computer continues to be infected with harmful viruses.
In order to prevent permanent loss of your information and
credit card data theft please activate your antivirus software.
Click here to enable protection.
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
Warning!
Unwanted software (malware) or tracking cookies have been found during
last scan. It is highly recommended to remove it from your computer.
Windows Police Pro has found infected documents or programs.
You can lose your personal data and infect other network computers.
Windows Polics Pro Alert
Infiltration Alert
Your computer is being attacked by an
Internet Virus. It could be a password-
stealing attack, a trojan-dropper or simular.
Details
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Also the program will display fake Windows Security Center that will recommend you use Windows Police Pro. Instead of doing so, use these Windows Police Pro removal instructions below in order to remove this infection and any associated malware from your computer for free.
More Windows Police PRO screen shoots
Symptoms in a HijackThis Log
O2 – BHO: ICQSys (IE PlugIn) – {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} – C:\WINDOWS\system32\dddesot.dll
O23 – Service: AntipPro2009_100 (AntipyProex) – Unknown owner – C:\WINDOWS\svchasts.exe
Use the following instructions to remove Windows Police Pro (Uninstall instructions)
1. Remove Windows Police Pro main components.
Please download OTM by OldTimer from here. Once Save Dialog opens, please rename a file from OTM.exe to OTM.com and click Save button to save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
svchasts.exe
windows Police Pro.exe
:services
AntipPro2009_100
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76DC0B63-1533-4ba9-8BE8-D59EB676FA02}]
:files
%windir%\system32\desote.exe
%windir%\system32\dddesot.dll
%windir%\svchasts.exe
%ProgramFiles%\Windows Police Pro
You will see window similar to the one below.
OTM
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Repair running .exe files.
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
3. Remove Windows Police Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Police Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Police Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Windows Police Pro creates the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desote.exe
c:\program files\windows police pro\msvcm80.dll
c:\program files\windows police pro\msvcp80.dll
c:\program files\windows police pro\msvcr80.dll
c:\program files\windows police pro\Windows Police Pro.exe
c:\program files\windows police pro\tmp\dbsinit.exe
c:\program files\windows police pro\tmp\wispex.html
c:\program files\windows police pro\tmp\images\i1.gif
c:\program files\windows police pro\tmp\images\i2.gif
c:\program files\windows police pro\tmp\images\i3.gif
c:\program files\windows police pro\tmp\images\j1.gif
c:\program files\windows police pro\tmp\images\j2.gif
c:\program files\windows police pro\tmp\images\j3.gif
c:\program files\windows police pro\tmp\images\jj1.gif
c:\program files\windows police pro\tmp\images\jj2.gif
c:\program files\windows police pro\tmp\images\jj3.gif
c:\program files\windows police pro\tmp\images\l1.gif
c:\program files\windows police pro\tmp\images\l2.gif
c:\program files\windows police pro\tmp\images\l3.gif
c:\program files\windows police pro\tmp\images\pix.gif
c:\program files\windows police pro\tmp\images\t1.gif
c:\program files\windows police pro\tmp\images\t2.gif
c:\program files\windows police pro\tmp\images\up1.gif
c:\program files\windows police pro\tmp\images\up2.gif
c:\program files\windows police pro\tmp\images\w1.gif
c:\program files\windows police pro\tmp\images\w11.gif
c:\program files\windows police pro\tmp\images\w2.gif
c:\program files\windows police pro\tmp\images\w3.gif
c:\program files\windows police pro\tmp\images\w3.jpg
c:\program files\windows police pro\tmp\images\wt1.gif
c:\program files\windows police pro\tmp\images\wt2.gif
c:\program files\windows police pro\tmp\images\wt3.gif
%UserProfile%\start menu\Programs\windows police pro\Windows Police Pro.lnk
%UserProfile%\Desktop\Windows Police Pro.lnk
c:\WINDOWS\svchasts.exe
Windows Police Pro creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_100
Follow step by step-you’ll be all set! Great forum!!
Thank you ever so much! I’ve tried various things, but only your instructions did it for me (though registry part only worked after malware scan). This bloody windows police pro was scary – the most difficult I had to help to get rid off so far…
This is a nasty little virus. Good Luck – it really messed up my computer. the more you attack it, the more it attacks different areas of your computer. It deleted the drivers to my network hardware and wouldn’t let me reinstall. I am at the point where I think I’ll just copy pix and docs to another drive and format.
I got it from a popup window, don’t open links from email. I was following a link and bam – I got it.
I am using the MS Knowledgebase article to perform the registry editing functions. When i get to the point where it to run I start regedit.com from the command line, I receive a pop-up that says registry editing has been disabled by the administrator. I am logged in as administrator on the local machine not the network admin.
Don, ask for help in our Spyware removal forum.
I found that if you do step #1 and #2 then I was able to run combofix and it removed all of the programs and registry entries that you listed and more. Thanks for The OTM do get everything going
thx alot it helped and and widnows police pro got removed… but its still not opening control pannel and cannot open security center too. so can u help me for this one plz
?
Omar, make a new topic in our Spyware removal forum.
I found out you can run programs if you open up your task manager and go to processes and end task on window police gives you a short time to open up what you need.
Ok I have run the OTM and restarted and all but now I can’t open command prompt or notepad where do I go from here?
i cant get passed step two. I belive police pro was removed cause i dont see it anymore but now i get annoying popups from Security Tool i did everything you told me and now my computer went completley blank all icons dissapperard as well. i can only acess the internet the Run will not work task manager cannot be executed and step 3 wtih Notepad does not work. please help
Mike, you can`t run command.com or cmd.exe ?
carmen, please open a new topic in our Spyware removal forum.
Hi, I have used your OTM program and it worked in removing windows police pro, but I already had malwarebytes installed on my computer and I cannot access that or any other cleaners or add/remove programs. Everytime I click on it a black box appears for a second then disappears. Also when not in safe mode, when I start up about 30 black boxes pop up then slowly delete on thier own. Any suggestions?
LeaAnn, looks like your computer is infected with a rootkit thats blocks the ability to run anti-spyware programs. Ask for help in our Spyware removal forum.
I found your blog on the internet about removing Windows Police PRO and I have a question.
1. All Safe Mode boot options result in the computer restarting. Thus only normal boot and last known good boot options are available which result in virus display.
2. Cntl + Alt + Del to get to Task Manager result in popup stating that the task manager has been disabled by the system administrator.
3. The windows taskbar is gone along with the Start button and all interfaces to the computer with the exception of the Windows Police PRO interface.
4. Alt F4 does shut Windows Police PRO down for about 1 minite but no taskbar appears and Taskbar remains disabled.
5. Their is no boot CD for this computer.
Any Advise??
Kevin, you need ask for help in our Spyware removal forum. Looks like your computer infected with Win32k trojan/rootkit.
Thank you so much for this information. My PC is MINE again! I’ve been battling this infection for over a month now and was ready to wipe it clean and start new but I’d lose my data. (Stupid to have no backup, I know. That WILL be rectified.)