Remove Antivir System PRO

7 May 2009 Rogue 6 Comments

Antivir System Pro was created in the tradition of rogue security programs belonging to family of Spyware Protect 2009 and System Guard 2009. Antivir System Pro is a very aggressive malware that will promote itself in such a way that it gets inside the computer without user’s consent. An automatic scanning will be performed and shows an alert about identified computer threats. This exaggerated report will mislead computer users into buying the registered version of the program.

Spread of Antivir System Pro is through the use of Trojan and counterfeit security web sites. Attackers behind Antivir System Pro also inject malicious code to some shareware applications and host them on unsecured file-sharing server. Most of the time, attackers choose demanding applications such as software updates, games and software cracks. Downloading and installing these applications causes Antivir System Pro to install on the system without user’s notice.

User must deal with any Presence of Antivir System Pro on computer. Safely remove this threat using only trusted and legitimate security application. For non-technical user, it is advise to deal with the malware utilizing the automatic removal procedure on this page.

Screen Shot Image:

antivirsystempro

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista

Malware Behavior
When Antivir System Pro is installed, it will bombard the screen with annoying pop-up alerts and warning messages. This scare method attempts to entice victims to pay for the registered version of the software. Some of the messages are as follows:

Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Antivir System Pro Alert
INFILTRATION ALERT
Your computer is being attacked by a Internet
Virus. It could be a password stealing attack, a
trojan – dropper or similar.

Added Registry Entries:

HKEY_CURRENT_USER\Software\AvScan
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(random)"

Associated Files and Folders:

c:\WINDOWS\sysguard.exe
c:\WINDOWS\system32\iehelper.dll
C:\Documents and Settings\\(random)\<4 random chars>sysguard.exe

How to Remove Remove Antivir System PRO

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of Antivir System PRO

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Online Virus Scanner:

Another way to remove Antivir System PRO without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.

5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished, you may now restart the computer in normal mode.

Automatic Removal of Antivir System PRO

In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

What to do next...

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Remove Antivir System PRO payment refund or lost serial key, kindly check the FAQ for rogue program first.

6 Comments

connor
Jul 13, 2010 @ 00:33:20
except the virus won’t let you start ANY .exe’s :/
Charley
Jul 13, 2010 @ 09:41:34
Exactly as Connor said, you try to get into the registry using the command line and nothing happens except a box pops up from the damned Antivir icon that says cmd.exe is infected… same with any other .exe including the control panel add & remove programs, and when attempting to access a webpage to download a registry cleaner a warning pops up saying the page you want might harm your computer or something similar and you can’t get anywhere. Anyone know another way to get at the registry in windows XP besides the command line? Maybe I can try to get to a previous “restore” point but I’m guessing that’s gonna come up “infected” too, whethere it actually is or not… these hellbound hackers seem to have found a way to prevent most any function from being executed.
But hopefully THEY will be eventually. :)
“Vengeance is mine” saith The Lord, “I shall repay”
Paul
Jul 24, 2010 @ 21:16:15
A while ago I got a virus of the same family and malwarebytes killed it no problem. Just now, I got the Antivir system pro virus, and tried to wipe it out with malwarebytes. It found many infected files and I deleted them all, but when I restarted my computer, the virus was still active. Any suggestions?
Paul
Jul 24, 2010 @ 21:17:46
For others that are having problems opening any exe files, you need to run malwarebytes in safe mode (you can get to safe mode by holding down f5 while your computer is starting up)
bob
Aug 07, 2010 @ 03:23:03
Thats all well and good. but not all of us have malewarebytes installed on our computers. and since antivir doesnt allow you to access any web pages, how are those of us without it supposed to remove the program?
Phil
Aug 07, 2010 @ 18:35:26
It seems that this virus changes the internet settings. Go to Control panel, open up Internet Settings, go to the connections tab, hit Lan Settings, and untick all boxes, then just tick Automatically Detect Settings. After this try going on the net. If not, go into Safe Mode with Networking, do the above and download the application.