How to Remove Antivirus System PRO [Removal Guide]

Is there a boot disk (liveCD) version of this software? My system is too damaged to use these instructions.

First, I must say I created an account on here just so I could express my thanks...

This Antivirus something or other crap came out of nowhere, and I had no idea how to get rid of it! As we all know, it was extremely annoying because it would block websites, constantly pop up reminders (that would lead you to a site to purchase their software)... just very bothersome. I came to this site, followed the very easy instructions and voila! Good as new. I am very satisfied, thank you sooooooooo much!!! It's totally gone!

Hello,

I was following the instructions to remove "Anitvirus system pro alert" and downloaded malware. I can't unzip the file to run it.
The anitvirus system pro "security warning" comes up and says the file is infected.

thank you

OMG thanx it really worked and fast. your a life saver and if it weren't for your tips i would still be stressing out over the annoying pop ups.

Greetings Dr. Inferno,

You are THE MAN! WOW!

My computer was infected with the Antivirus Pro 2010 program, and I found you guys on the net today. I followed your directions with the Anti Malware download, wa la, I killed that 'beeaaatttcccchhh'. Laughing. I know that comment is not children friendly, however, I am HYPE, so what the hell. Laughing.

Thanks for some GREAT CONSULTATION!

ONE!

Peace,
Tipitinas

You work miracles......and I'm thankful.

The AntiVirus Pro is gone.....WOW!!!!

Very appreciative....as you can see.

It didn't work for me either. I finally got Malwarebytes downloaded. When I try to scan, it just sits there.... I let it sit for about 10 hours last night. Then I closed it and rebooted. Now, the pop ups for Antivirus Pro were gone, but nothing would open. Nothing will open, there is still a little icon in the lower right corner on my task task bar that says Antivirus Pro will restart, and I get the infected messages when I try to open stuff

I tried to download the file but it woudn't let me.

I tried downloading it again this time it worked so I am very glad that you put this on the forum.

please help me.I downloaded the software to remove total security virus but at the end while i tried to scan.the window just closes without any action.

it didnt work for me. it kept on saying that its infected so it doesnt work. please help!

Update - Oct 2009, one of our workers picked this up and now it is blocking any .exe from running once it loads. if you need to run any program you have to be ready to execute it immediately after login so that it is in memory before the "Antivirus system pro" is activated!!! Has required several reboots to get the scanner installed and loaded so that it was running before the "bug" was active.
Scanner ID'd the following files:
C:\Windows\syssvc.exe
C:\Program files\etjwic\awsysysguard.exe

rerunning scan but thus far MAMB scanner has found and removed it! Good Job guys.
RB

rubyred88,
joebell123456789

Please read this over and click here to open a new topic.

re: Rbeaman
How did you run the Anti-Malware program before the "Antivirus system pro" is activated!!!
Thanks.

Rbeaman wrote:

Update - Oct 2009, one of our workers picked this up and now it is blocking any .exe from running once it loads. if you need to run any program you have to be ready to execute it immediately after login so that it is in memory before the "Antivirus system pro" is activated!!! Has required several reboots to get the scanner installed and loaded so that it was running before the "bug" was active.
Scanner ID'd the following files:
C:\Windows\syssvc.exe
C:\Program files\etjwic\awsysysguard.exe

rerunning scan but thus far MAMB scanner has found and removed it! Good Job guys.
RB

Thank you so much. I had the Antispyware thing pop up suddenly about an hour ago and now everything is back to normal.

Thankyou so much for the info on this site. I had a big prob today with this Anti virus system pro...I followed your instructions, and it worked like a dream...NO MORE anti virus. Thanks heaps, a newbie.

Wow I must be the only one that this won't work for, I have tried to run malwarebytes, spybot and Hijack this but the all come up with and error
"Windows cannot access the specified path or file, you may not have approptiate permission"
So what else can i do???
any suggestions

re: hemp22

No, you aren't the only one. I couldn't run the 'malwarebytes' program. I think the makers of the virus are mutating it to defend against anti-virus programs. On my XP machine, I was able to restore to a system-restore point that was created the day before I was attacked. I hadn't made any software or config changes in the past few days, so it was safe for me to do the restore. After the restore, the virus didn't run so I was able to run the malwarebytes program, which only found its own winlogin.exe program.

Note, someone wrote instructions on this forum to disable the restore feature. If I had done that, I'd probably still be fighting this virus.

Thanks wwward

I have tried the system restore but this little bugger has disabled that to,
it wont let it go back at all. I have tried everything to get rid of the darn thing.
I posted on the other thread to try and get some help so we shall see.

Thanks
Again

Geekpolice saved my Dell XPS from the waste pile Thanks guys/girls

Helping a buddy who's system is infected. I've got the recommended malware removal s/w on a flash drive.....however.....the system isn't letting us run any programs. (nothing is displayed on the desktop either).

How should we proceed ?


thanks.
-B

Hello,

If you have difficulty removing this, open a new topic here:

http://www.geekpolice.net/virus-spyware-malware-removal-f11/

We will help you from there.

Thanks for this tutorial. I've successfully removed the Antivirus System Pro but I'm still in the dard as to how I got it. Somehow, it got passed through Symantec AntiVirus Corporate Edition.

GRAET JOB --- It worked as advertised

Uhmm, im having a problem with this Antivirus System PRO. I did remove it 3 times and i think its not good for it to come back again. Do you know why it keeps coming back? Thanks for reading and for the guide, really helped me.. ^_^

Hello COOLSTATIC05,

Open a new topic here: http://www.geekpolice.net/virus-spyware-malware-removal-f11/

We will help you from there.

Thanks for the advice. So far, it seems to be working, having found 50 infected objects.

My only query is, why is the "quick scan" taking so long. It's been running for almost 2 hours.

Inspired by another comment, I registered just to thank you. As a want-a-be computer nerd, I do have to say 1. You've got yourself in order and 2. You are making people's lives TREMENDOUSLY better.

Does anyone know how to get rid of the Alpha Antivirus bug?

thank you every worked like said it would

Hello, i followed you steps one by one...
i even went to hijack this bc stupid antivirus sytem pro doesn't allow me to open but i can't download hijack this or put it on a usb stick.

Can You Please Please Help Me.
It's My Dad's Laptop and If He Finds Out I'm Screwed....

Hey, it's me again forget the post i posted about 10 min ago...
i got it to work..

THANK YOU SOO MUCH! YOU SAVED MY ASS...

I've been hit with Antivirus System Pro and nȯne of the removal steps I've found have helped. Malwarebytes just flat refuses to open or run or do much of anything. I've re-downloaded it several times, renamed it, ect ect. At first it gave me the fake "mbam.exe is infected" error, but since the virus seems to be at least half gone (no fake warnings but it still re-directs online and slows everything down) it just won't do anything when clicked on. This is the family computer so I don't want to go around messing with "internal organs" so to speak without professional help.

I did download Hijackthis and saved a log. Here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:34 AM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\wow64main.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Metrics] C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe a
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mahumavin] Rundll32.exe "c:\windows\system32\buwuwati.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wow64main.exe] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\wow64main.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hilijizi.dll c:\windows\system32\buwuwati.dll
O21 - SSODL: dayusuvet - {df01c695-5a2f-496e-b739-86788518271d} - c:\windows\system32\luyusowa.dll (file missing)
O21 - SSODL: rozumosoh - {618215f7-a020-4fa5-b4cd-513949eea5a7} - c:\windows\system32\buwuwati.dll
O22 - SharedTaskScheduler: tokatiluy - {df01c695-5a2f-496e-b739-86788518271d} - c:\windows\system32\luyusowa.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {618215f7-a020-4fa5-b4cd-513949eea5a7} - c:\windows\system32\buwuwati.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 11907 bytes

P.S- Forgive me if I posted this in the wrong section.

Hey IrritatedKitsune,
the same thing happend to me i got it all out today try running malwarebytes again it should delete some of the rest bc now i can go on all the sites and it doesn't slow down my comp if it still happens... make sure u have a full version of a good antivirus..
Hope This Helps

Malwarebytes still won't open. It doesn't do anything when I click it, rename it, re-install it, ect. It starts off as if it's trying to open, then it just quits. I've tried everything I can think of to get it to run.

Edit: It seems to be blocking it from installing/accessing the mbam.exe file. The first time I try and open it it says "missing shortcut" but the only mbam file it has in the folder is mbamgui. It won't even pull up the update screen.

Last edited by IrritatedKitsune on 25th October 2009, 9:43 pm; edited 1 time in total (Reason for editing : Extra information)

Anyone finding difficulty removing this, please open a new topic here:

http://www.geekpolice.net/virus-spyware-malware-removal-f11/

We will help you from there.

i followed every link for removal of this pest and it blocks every attempt to get rid of it. it pops up that everthing is infected and won't let them open. any suggestions






i finally got it to work thanks guys now i'm back to normal,well as far as my pc!

Last edited by angelsman on 30th October 2009, 4:44 am; edited 1 time in total (Reason for editing : it worked)

It worked great. Initially, I was getting an error message "Run Time Error "0"" and "440". I had to run a batch file that I got from Malwarebytes to fix it. Bottom line.....it worked great.

I went to start menu and searched in files and folders (sysguard.exe). This is a file

associated with a.v.s.p. . The search located two files, at that point I right clicked

the first file listed and the drop down menu gave me a few choices. The Malware removal

program I downloaded from the geek police is what I chose. The program started to run

and to my surprise it did not stop even with the pop ups interfering. I sat there and closed

out each pop up just in case. The results were 19 files found, 6 were deleted right away,

13 were deleted after reboot. If this info helps even one person I would be happy as a

clam. I also wish I could have one hour alone with the creator of this trojan. He or she

would have to type with their toes.

I have to say the geek police are incredible! I am pretty good with computers, but in no

way am I an expert. I downloaded the malware removal program, and the trojan was

still very difficult by popping up and closing the tabs on me. I looked at other sites, and

nothing else worked. Happy Halloween all!

ScottyO.

I need help my computer will not run what you are telling me to do this antivirus system pro is blocking it

Help. it won't let me run the file...keps blocking it, tells me that it's malware.

Is there any way to defeat this beast?

I did this, it found 6 infections and said it removed them. I shut the system down, following the instructions on the screen. But when it re-booted, I found...it's BAAAA_AACK!

Help. I don't want to have to hurt my husband, who is responsible for this little incident of "unsafe computing"

Here is the log:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/8/2009 2:54:54 PM
mbam-log-2009-11-08 (14-54-54).txt

Scan type: Full Scan (C:\|D:\|H:\|K:\|)
Objects scanned: 431026
Time elapsed: 2 hour(s), 58 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\poolsv (Multiple.Malware.Installer) -> Quarantined and deleted successfully.
C:\Program Files\svhost (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WinPop (Adware.WinPop) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

PLease HELP... I ran MALWAREBYTES 3 times and all the time discover a new trojan horse.. i dot know about computers much, I am runing my AVG antivirus to see if there is any help and Malwarebyte again to see if this leaves, I am frustrated and I need help... that Blue thing showed up every time after reboot my computer.. Please what else I can do? I went to my C drive but i dont know what to do I dont want to erase something that can hurt me more... e mail me at athleticmia@yahoo.com thank you for your big help.. Also the security warning from my computer have crazy still puping up..

The malawarebytes thing takes too long to even do a quickscan i'm still waiting on it -_-!

Right nows its at 3 hours 38 minutes 50 seconds...

Yeah Who wants to wait three hours?

WHEN PEOPLE SAID IT WAS DONE IN ONE HOUR OR EVEN MINUTES!!!

I have this Antivirus System PRO virus on my computer. It will not allow me to go to any websites or download any of the suggested software. I went to the alternative links that you suggested but still can't download anything so I can't use the hijackthis word pad. I don't know what to do. This is my work computer and I need to get this issue resolved. Can you please be of any assistance?

Hello,

Open a new topic here: http://www.geekpolice.net/virus-spyware-malware-removal-f11/

We'll help you from there.

i have folled the guide and my computer needed to be restarted and when it did the problem is still there what did i do wrong

Hi,
if you still have malware problem please read THIS post, and post your HijackThis log file in Virus, Spyware & Malware Removal category.

Wait for instructions given only by DragonMaster Jay, Origin or Belahzur

I got this virus, early this morning, and googled 'remove antivirus system pro' your webby was the first on the list to come up and I clicked the link...

And I only signed up to give ya'll props by donating a little dosh to your cause, and to say Good on ya Mateeeeeeeee... translation ... A most excellent tutorial! And since I know of atleast five other people who have this virus I have refered them to your site.