How to remove Antivirus System PRO
Monday, May 11th, 2009 at 5:05 amAntivirus System PRO description
Antivirus System Pro is NOT a legitimate computer security program, it is NOT a real anti-spyware. Antivirus System Pro is a scam, a cheap imitation of a security software, built to rip off money from naïve PC users, but not to provide real system protection. Please do not purchase, download or install this program.
Antivirus System Pro is a successor of some infamous malware like System Guard 2009 and Spyware Protect 2009. It is installed through backdoor trojans and rogue websites therefore you should not trust the applications that might suggest you to acquire this program. If Antivirus System Pro sneaks into your computer it slows down the system, performs loads of system scans, and tries to scare you with numerous false security warnings. It then suggests buying its licensed version, which should eliminate the ‘threats’. However, this software does not work as a security program, it is a malicious software, which is not able to provide any kind of system protection. It is highly recommended that you remove this program ASAP upon detection.
Antivirus System Pro is an identical twin of recent Antivir System Pro malware.
Get rid of Antivirus System PRO
Antivirus System PRO is a Rogue Antispyware software
How to manually remove Antivirus System PRO
To remove Antivirus System PRO spyware you must block Antivirus System PRO sites, stop and remove processes, unregister DLL files, search and delete all other Antivirus System PRO files and registry utility. Follow the Antivirus System PRO detection and removal instructions below.
The most typical software removal method is to remove Antivirus System PRO by using "Add or Remove Programs" service. However there may be hidden Antivirus System PRO files, running processes and registries in your computer, so Antivirus System PRO may recreate all other files after reboot.
Antivirus System PRO manual removal instructions
Block Antivirus System PRO sites:
antivirsystem.com
inetavirus.com
antivirwin2009.com
antivir2009pro.com
antivirussys2009.com
scan-spyware-now.com
itsecure.microsoft.com
antispy.microsoft.com
oemantivir.microsoft.com
osadwarekill.microsoft.com
osadwarekill.com
osawarepro.com
virusermoverpro.com
awareremover.com
antivir-platinum.com
antivirplatinum.com
antivirplatinum.microsoft.com
windows-shield.com
winshield2009.com
os-guard.com
os-guard.microsoft.com
winguard2009.microsoft.com
Read more how to block Antivirus System PRO sites
Stop and remove Antivirus System PRO processes:
Antivirussystempro.exe
uninstall.exe
sysguard.exe
Read more how to kill Antivirus System PRO processes
Locate and delete Antivirus System PRO registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Antivirus System PRO"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "ieModule"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"
Read more how to delete Antivirus System PRO registry entries
Download RegistryBooster 2010 to scan errors caused by Antivirus System PRO
Search and unregister Antivirus System PRO DLL libraries:
iehelper.dll
Read more how to unregister Antivirus System PRO DLL files
Detect and delete other Antivirus System PRO files:
%ProgramFiles%\Antivirus System PRO\conf.cfg
%ProgramFiles%\Antivirus System PRO\mbase.vdb
%ProgramFiles%\Antivirus System PRO\quarantine.vdb
%ProgramFiles%\Antivirus System PRO\queue.vdb
c:\WINDOWS\sysguard.exe
c:\WINDOWS\system32\iehelper.dll
We strongly recommend you to use spyware remover to track Antivirus System PRO and automaticaly remove Antivirus System PRO processes, registries and files as well as other spyware threats.
Tags: Antivirus System PRO, Antivirus System Pro 2009, AntivirusSystem PRO, AntivirusSystemPRO, remove Antivirus System PRO how to get rid of Antivirus System PRO how to remove Antivirus System PRO how to uninstall Antivirus System PRO
Posted in Rogue Antispyware
Antivirus System PRO
Trackbacks
- Remove Antivirus System 2009, AntivirusSystem 2009 removal
- Remove Antivirus System Pro alert pop-up
- Delete Win32/Nuquel.E trojan, remove Win32 Nuquel.E alerts
- Remove Antivirus System Pro Spyware Alert pop-up
June 16th, 2009 at 12:48 pm
Used the instructions found here to clean the infection manually. Not every line in the registry was found, but some were and they were deleted. Also restricted the http sites, deleted files, and End’ed processes. So far this appears to have done the trick.
Cumbersome to work around the virus “alert” in the center of the screen, but do-able. Downloaded, but did not try the auto-clean program.
I know the Verizon network I’m on is not blocking ports, as opposed to the Time Warner network at another location which blocks most unregistered ports.
Reply
June 17th, 2009 at 9:24 pm
The same as Rick. In addition did not find anything in Program Files.
Still, seems to work. Probably, these are all various places, where it CAN be. Great thanks to the author.
Reply
Godfreys Reply:
July 7th, 2009 at 10:37 pm
Thanks for this information, I have been able to clean my PC
Reply
Zara Reply:
July 8th, 2009 at 10:46 am
plz help me!!!!
Reply
June 19th, 2009 at 12:27 pm
To get the giant pop up to go away while you are going through the manual removal instructions, go to task manager and kill the sysguard.exe process. You have to kill it before you can delete it anyway.
Reply
June 23rd, 2009 at 9:08 am
This shit is fake .
Reply
June 26th, 2009 at 8:15 pm
yea the is fake it uses the same reson for the alert every TIME!!! and all my mmos will now crash because of the pop ups if u get this DELETE IT WITH THIS GUIDE
Reply
July 1st, 2009 at 8:20 pm
It really helps to do the removal in safe mode. I couldn’t use the auto tools unless I was in safe mode. push f8 while booting up your computer and then select safe mode with networking. You won’t have to worry about all the pop ups and shit while you are trying to get rid of it!
Reply
July 2nd, 2009 at 8:34 am
how am i supposed to remove this antivirus system if i am not even able to get on the the internet to download your removal tool?? im so computer illiterate i obviously cant remove it manually. please help!!!
Reply
Luciana Reply:
July 2nd, 2009 at 10:32 pm
You can download the removal tool on another computer and then put the file on a thumb drive and then copy it to the infected computer.
Reply
Saty13 Reply:
July 4th, 2009 at 6:41 pm
diana:
How are you reading and posting on this site if you are unable to get on the internet? Anyway….first, you need to stop the program from running, then you should be able to access the internet. To stop the program from running…
1. Press these three keys simultaneously: Ctrl and Alt and Delete.
2. Then click on “Task Manager” and then click on the “Processes” tab
3. Then find sysguard.exe in the list of processes that are running. Click on sysguard.exe once and then click the “End Process” button, which will shut down sysguard.exe.
4. Now do the same thing to end these 2 other processes if they are in the list:
Antivirussystempro.exe
uninstall.exe
Reply
diana Reply:
July 9th, 2009 at 11:35 am
im on another computer next to the one that is infected. well i’m able to get on the internet now, but when i click on a link, it sends me to some other link. i’ve tried finding all the processes and files and all else that have been listed. and nothing. now what??
Reply
Luciana Reply:
July 9th, 2009 at 10:01 pm
It seems like the manual removal won’t work on your computer. Copy some antispyware install from another computer and run a scan. Let the security tools do the job for you.
Terrance Reply:
October 24th, 2009 at 7:08 pm
Wow. I am in the exact same situation. I go to the task manager and I don’t see it. I access temporary files and delete those, but one refuses to go. I found the iehelper.dll and tried to delete it but it says it’s in use! I have tried other antispy ware but my computer resists it. I almost wish I could make a virus eating virus that I can infect my own computer with. ER! Make it stop!!!
Reply
Walker Reply:
November 3rd, 2009 at 8:53 pm
to delete ‘iehelper.dll’ rename to something like ‘iehelperFAKE.dll’ then restart your computer and you can now delete
July 3rd, 2009 at 9:22 am
It seems you can confuse the program by rapidly clicking programs until they open. All the anti spywear software ive tryed wont update however im about to try this remoover and see if it works.
Reply
July 8th, 2009 at 4:11 pm
I can’t find the Antivirus System PRO processes to stop so I’m stuck on the second step of the manual removal.
Reply
Jack Reply:
July 8th, 2009 at 4:33 pm
Oh, I found sysguard.exe but I still can’t find the others!
Reply
Luciana Reply:
July 8th, 2009 at 10:12 pm
The files might be different on different computers. Delete the ones you can find and don’t mind the others. You can also use some antispyware program to find and delete the files automatically.
Reply
July 23rd, 2009 at 7:10 am
Hey, I can’t seem to get this to work at all.
1. Can’t use ‘Run’ to get to registry (or anywhere else)
2. Using Webroot Antivirus, but webroot wasn’t able to delete it at first and now doesn’t even see that the virus is there
3. When I try to run a program I have to run it as an administrator or it won’t work
4. I can’t run the software on this page because a black box will pop up and disapear when I click to have it finish the download
5. Nothing in task manager besides regular programs (etc.)
6. Arggh help me!!
Reply
Luciana Reply:
July 23rd, 2009 at 10:18 pm
Download security tool on another computer and then copy the install file to the infected pc using a thumb drive. Run antispyware to deal with Antivirus System Pro; antivirus tools are meant to delete different kind of computer infections.
Reply
July 27th, 2009 at 5:08 pm
They seem to have changed the names to protect themselves. For example, looking at my McAfee (and why didn’t IT catch this mess??) I see that the file spawning this whole mess is now called C:\ProgramFiles\fgilgi\ihfrsysguard.exe I deleted that and it has stopped popping up. But I can find none of the Registry entries cited in the article.
Reply
July 27th, 2009 at 7:28 pm
I tried the manual cleanup steps and they worked beautifully, except that the Antivirus System Pro people have added a twist.
qxdbsysguard.exe is another file you need to “stop process” in the task manager. It is also needs to be erased in two places on the hard drive: C:\program files\gtttmv and C:\windows\Prefetch. Otherwise things seem to be going well.
Thanks for your help!
Reply
August 11th, 2009 at 1:53 pm
i got rid of it for a while but it came back after an hour?
i also can’t delete the iehelper.dll it just comes back. help please?
Reply
Luciana Reply:
August 11th, 2009 at 10:46 pm
It seems that you got some kind of trojan that re-installs the infection or some files of Antivirus System PRO are left after the removal. Have you tried running anti-spyware?
Reply
kenda Reply:
August 12th, 2009 at 10:22 am
i tried the spy doctor thing but it doesn’t really work. it says access is denied when i try to delete iehelper
Reply
Luciana Reply:
August 12th, 2009 at 10:17 pm
Run the anti-spyware in a safe mode. Antivirus System Pro is able to block security tools in a normal mode in some cases.
August 28th, 2009 at 5:04 am
the windows antivirus pro is not letting me go on any program even the remover tool, please help
Reply
September 7th, 2009 at 9:03 am
Can any one recommend me a trustworthy site that he or she had success of removing this nasty “Anitvirus system pro”? I really appreciate that
Reply
September 20th, 2009 at 9:23 pm
look for *sysguard.exe to stop the process.
then search for the folder and delete the folder
delete anything else like the windows/prefetch content with similar prefix/suffix
Reply
September 24th, 2009 at 8:17 am
i found a process called aixqsysguard.exe
should i end it or is it needed?
Reply
September 25th, 2009 at 6:55 pm
similar to ross (reply 17), i found a process called irafsysguard.exe instead, it showed up in the prefetch and most of the registry keys. i’m sure it was related to the problem because killing the process stopped the popups. in program files it was also inside a folder with a string of random letters starting with the letter y. now i’m wondering if the automatic removal tool would’ve even worked with these other filenames?? i’m going to use linux from now on
Reply
October 2nd, 2009 at 12:53 pm
Control Panel, Add-Remove Program, look for Antivirus Pro and installed date on right.
Go to Accesories, system tool, system restore, restore my pc to earlier time, click date back when your pc still working good.
Reply
October 9th, 2009 at 7:41 am
I had the same problem this morning and it kept popping on me, I went to All Programs–> Control Panel–> Add Remove programs and clicked on the first program that popped up , dont remember the name but some thing that came at the top and off it went..
I also had a Norton 360 installed on my computer and it gave me a msg that it blocked it but never removed it.
Thanks
Ray
Reply
October 13th, 2009 at 1:10 pm
I found the offending process to be “trtvsysguard.exe”, in my case. I tripped it by looking at the applications window in task manager for the bogus “virus removal” application, then redirecting to the process window where the above process was highlighted. Renaming the offending process to “trtvsysguard.dud” halted the madness upon reboot and allowed me to search the internet for help, eventually ending up here.
Thanks!
Reply
October 20th, 2009 at 5:39 am
i have tried everything but nothing worked…
please help how to remove these disgusting pop ups manually
Reply
Luciana Reply:
October 20th, 2009 at 5:54 am
Delete files and registry entries like it’s described on the tutorial above the comments section.
Reply
October 22nd, 2009 at 3:56 pm
How do you get rid of this in the registry when the virus won’t let you get to the registry. It says the administator does not allow use of the registry and I am the administrator. It also won’t let me into safe mode. And they must have changed the name again, because none of the names to find are found on my computer. I went in and compared one computer to another and stopped all services that were not listed on the machine without the virus. This is a nasty bug, worse than the swine flu!
Reply
Walt Reply:
October 25th, 2009 at 9:39 pm
As someone stated above, go into safe mode with networking:
Spam F8 as the system boots to the hard drive but BEFORE windows begins to load, if you miss it, start over.
Select safemode with networking (this will allow you to access the internet and reference pages such as this one)
Enter your admin password and voila.
Now you wont have to kill any of the services, they wont be running, and I didnt find 2/3rds of the registry entries this suggests. Also, mine was installed in a BS directory, something like “C:\program files\ukakgkashgfkaskfa”
What I recommend doing is opening the registry with regedit and search for specific phrases, “BAD4551D” for example. Be sure you are deleting the right entry, deleting the wrong one can have catastrophic results.
Anyway, I’m actually writing this as I’m finishing up the walk through.
Best of luck and thanks for posting the resolution.
Walt R.
I run The Planet, You’re welcome.
Reply
Barb Reply:
October 26th, 2009 at 7:01 am
This might work, but as I said above it won’t let me into safe mode, not even with networking. I tried that first of all.
Reply
October 23rd, 2009 at 9:38 am
HELP! I can’t download the antivirus system pro removal tool, and am not savvy enough to know which malware processes to delete.
Reply
October 25th, 2009 at 11:53 pm
Take a look above the comments section to the “Antivirus System PRO manual removal instructions”. There are the names of files and processes listed along with explanation how to delete them.
Reply
October 27th, 2009 at 4:25 pm
I have manually searched unsuccessfully for all the registries, DLL’s and EXE. files. However, Window Defender reportec that it has quarantined Antivirus System Pro. I am now plan to perform “system restore” to see if that AVSP is gone. Am I on the right track?
Reply
Luciana Reply:
October 27th, 2009 at 11:47 pm
Since Windows Defender detects Antivirus System Pro malware, it should be able to delete it.
Reply
October 27th, 2009 at 5:02 pm
I’m very frustrated because I have payed for Spyware Doctor to remove “Antivirus System Pro” from my computer. The first time, it was very easy and I was astonished by it’s capacities.
However, not even a week later the very same virus came back! This time, it kept on uninstalling my Spyware Doctor and when I re-installed it, it wasn’t able to start scanning because it was stuck on the “Checking” Mode. After much struggle, I was finally able to remove it and I believed the worst was over, but I was so very wrong.
Today again, while doing my usual routine intelli-scan with Spyware Doctor, it suddenly closed on me. Shocked, I tried to re-open it, but it was in vain. My computer could not find the program anymore. Then, for the third time now, Antivirus System Pro is creating havoc in my computer and for me. Again, my Spyware Doctor is unable to scan because it is constantly stuck on the “Checking Mode”. I’m not sure what do do anymore…
Also, I cannot run Spyware Doctor on Safe Mode because last time I tried, it gave me a blue screen saying that the virus was interrupting it from continuing on safe mode.
Thank you for your time and patience.
Reply
October 28th, 2009 at 9:09 pm
I find AVScan in different registry than the one listed in the instructions above (HKEY_CURRENT_USER\Software\AvScan). Should I delete aVScan on any different registry? I appreciate any help I can get.
Thanks
Reply
October 29th, 2009 at 7:15 pm
Hi, I can’t follow any of the recommendations listed, because this evil software is prohibiting safe mode, blocking the viewing of hidden files, blocking add/remove programs, blocking regedit. I literrally cannot do anything.
Please help!
Reply
October 30th, 2009 at 8:14 pm
I am a newbie to all this as well. Just got hit with this one. I am able to get into safe mode on the affected computer and I am running a resotre to a date a couple of weeks ago. Do I have anything else I have to do after the restore is done? I did download the spy doctor file but when I when out for updates everything crashed…thus the restore I am doing now.
Reply
November 1st, 2009 at 3:28 pm
I went to task manager-processes and mine weren’t listed as sysguard or antivirsus system pro mine were listed as xrxftplt.exe and jxkksysguard.exe and i couldn’t find any of the files listed anywhere. Is it because of the name of the file is different do i need to search areas under a different name than antivirus system pro?
Reply