Windows Antivirus Pro is a new rogue antispyware program designed to trick you into thinking that your computer is seriously infected, but in reality application itself is infection. Parasite is promoted via Trojan horses, fake online antimalware scanners and other malware. Once inside and active Windows Antivirus Pro will configure itself to start automatically every boot up. While running Windows Antivirus Pro will perform full system scans and list you variety of infections that cannot be removed until you first purchase licensed version. Also Windows Antivirus Pro will flood your system with numerous fake security alerts informing that your computer is seriously infected. These are examples of alerts:
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:
How to remove Windows Antivirus Pro manually:
It's possible to remove Windows Antivirus Pro manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
%UserProfile%\Desktop\Windows Antivirus Pro.lnk
%UserProfile%\Start Menu\Programs\Windows Antivirus Pro
%UserProfile%\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\Program Files\Windows Antivirus Pro\
c:\Program Files\Windows Antivirus Pro\ANTI_files.exe
c:\Program Files\Windows Antivirus Pro\msvcm80.dll
c:\Program Files\Windows Antivirus Pro\msvcp80.dll
c:\Program Files\Windows Antivirus Pro\msvcr80.dll
c:\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe
C:\Program Files\Windows Antivirus Pro\tmp\
C:\Program Files\Windows Antivirus Pro\tmp\dbsinit.exe
C:\Program Files\Windows Antivirus Pro\tmp\wispex.html
C:\Program Files\Windows Antivirus Pro\tmp\images\
C:\Program Files\Windows Antivirus Pro\tmp\images\i1.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\i2.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\i3.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\j1.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\j2.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\j3.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\jj1.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\jj2.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\jj3.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\l1.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\l2.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\l3.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\pix.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\t1.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\t2.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\up1.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\up2.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\w1.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\w11.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\w2.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\w3.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\w3.jpg
C:\Program Files\Windows Antivirus Pro\tmp\images\wt1.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\wt2.gif
C:\Program Files\Windows Antivirus Pro\tmp\images\wt3.gif
c:\WINDOWS\ppp3.dat
c:\WINDOWS\ppp4.dat
c:\WINDOWS\svchast.exe
c:\WINDOWS\system32\bennuar.old
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desot.exe
c:\WINDOWS\system32\sysnet.dat
Remove registry entries:
HKEY_CURRENT_USER\Software\Softimer
HKEY_CURRENT_USER\Software\Windows Antivirus Pro
HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
HKEY_CLASSES_ROOT\CLSID\{F54AF7DE-6038-4026-8433-CC30E3F17212}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Antivirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntipPro2009_12
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntipPro2009_12
HKEY_CURRENT_USER\Software\Windows Antivirus Pro
HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
HKEY_CLASSES_ROOT\CLSID\{F54AF7DE-6038-4026-8433-CC30E3F17212}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Antivirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntipPro2009_12
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntipPro2009_12
Please be careful because manual removal of Windows Antivirus Pro may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.
No comments:
Post a Comment