Internet Antivirus Pro is widely spread rogue antispyware program that uses fake online spyware scanners and trojans to distribute itself. When the trojan is run, it will download and install Internet Antivirus Pro. After that the trojan registers Internet Antivirus Pro in the Windows registry to run automatically when Windows loads.
Immediately after launch, Internet Antivirus Pro will begin to scan your computer and display scan results that state the PC is infected with numerous infections, in order to trick you into thinking that your computer is infected. It hopes that you will then buy a full version of the rogue. It is important to know that all of these infections are fake, so you can safely ignore them.
Internet Antivirus Pro
The same trojan that installs Internet Antivirus Pro will also install a trojan that blocks user access to security websites (malwarebytes.org for example) and hijacks google search results. While Internet Antivirus Pro is running, you will be shown nag screens, fake security alerts, notifications from Windows task bar and other pop-ups. Some of the alerts:
Internet Antivirus Pro
System files modifcation alert!
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss. Click here to block unauthorized modification by removing
threats (Recommended).
Internet Antivirus Pro Firewall Alert
Internet Antivirus Pro Firewall has blocked a program
from accessing the Internet
Internet Explorer is injected with worm Lsas.Blaster.Keyloger.
Internet Antivirus Pro
Spyware activity alert!
Spyware.BrowserDeath activity detected. It is spyware that
attempts to steal passwords from Internet Explorer, Mozill
Firefox, Opera and other programs, including logins and
passwords from online banking sessions, eBay, PayPal…
System Alert
Your PC is still infected with dangerous viruses. Activate
antivirus protection to prevent data loss and to avoid the
theft of your credit card details. Click here to activate
protection.
However, all of these alerts and pop-ups are a fake and like scan false results should be ignored! If you are infected with Internet Antivirus Pro, then use these removal instructions below, which will remove Internet Antivirus Pro and any other infections you may have on your computer for free.
More Internet Antivirus Pro screen shoots
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Run: [Internet Antivirus Pro] “c:\program files\Internet Antivirus Pro\IAPro.exe” /s
O4 – HKCU\..\Policies\Explorer\Run: [outbyonout] “C:\Documents and Settings\Administrator\My Documents\My Music\outbyonout.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\services.exe
Use the following instructions to remove Internet Antivirus Pro (Uninstall instructions)
1. Remove Internet Antivirus Pro main components.
Please download OTM by OldTimer from here and save it to desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows logon process"=-
"Internet Antivirus Pro"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
:services
ITGrdEngine
:commands
[reboot]
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes.
2. Remove Internet Antivirus Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Internet Antivirus Pro infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Internet Antivirus Pro removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Internet Antivirus Pro creates the following files and folders
%AppData%\Internet Antivirus Pro
%AppData%\Internet Antivirus Pro\db
C:\Program Files\Internet Antivirus Pro
C:\Program Files\Internet Antivirus Pro\db
C:\Program Files\Internet Antivirus Pro\Languages
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro
%AppData%\Microsoft\Windows\services.exe
c:\program files\Internet Antivirus Pro\IAPro.exe
%AppData%\Microsoft\Windows\winlogon.exe
C:\Program Files\Common Files\581515char.exe
%AppData%\Internet Antivirus Pro\settings.ini
%AppData%\Internet Antivirus Pro\uill.ini
%AppData%\Internet Antivirus Pro\unins000.exe
%AppData%\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk
%AppData%\Internet Antivirus Pro\db\config.cfg
%AppData%\Internet Antivirus Pro\db\Timeout.inf
%AppData%\Internet Antivirus Pro\db\Urls.inf
C:\Program Files\Internet Antivirus Pro\activate.ico
C:\Program Files\Internet Antivirus Pro\Explorer.ico
C:\Program Files\Internet Antivirus Pro\unins000.dat
C:\Program Files\Internet Antivirus Pro\uninstall.ico
C:\Program Files\Internet Antivirus Pro\working.log
C:\Program Files\Internet Antivirus Pro\db\DBInfo.ver
C:\Program Files\Internet Antivirus Pro\db\ia080614.db
C:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Purchase License.lnk
C:\Documents and Settings\All Users\Desktop\Internet Antivirus Pro.lnk
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk
%AppData%\Microsoft\Windows\pguard.ini
%AppData%\Microsoft\Internet Explorer\iGSh.png
%AppData%\Microsoft\Internet Explorer\iMSh.png
%AppData%\Microsoft\Internet Explorer\iPSh.png
Internet Antivirus Pro creates the following registry keys and values
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\itgrdengine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\itgrdengine
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\itgrdengine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet AntiVirus Pro_is1.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet antivirus pro
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows logon process
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\prs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\uniname
