Antivirus System Pro
Antivirus System Pro is another rogue antivirus application that will made public together with its sister program called Antivir System Pro. Antivirus System Pro disguises as an antivirus application. It will show spoof virus scan result on computer, followed by a display of exaggerated results displaying a number of threats found. This is a technique used to convince computer owners from buying the registered version of the program which according to some are worthless. What do we expect from a fake security program?
Since Antivirus System Pro conquers a computer with the help of a Trojan, expect a modification on your system files with scattered hidden files. Antivirus System Pro also creates its own entry on the registry so that it will run simultaneous with Windows. When running, it will block an access to Internet and prevent an access to security related websites. It will make your antivirus program to stop responding by ending security-related process. Removing this rogue application may be difficult if done manually. This is why we offer an Antivirus System Pro removal tool and procedure on this page to serve as your guidance.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
Antivirus System Pro Removal Procedures
Antivirus System Pro REMOVAL TOOL:
In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.
MANUAL REMOVAL PROCEDURE:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Antivirus System Pro”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
sysguard.exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the system and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Antivirus System Pro Virus.
4. Registry entries created by Antivirus System Pro must also be removed from the Windows system. Please refer below for entries associated to the rogue program.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.
5. Exit registry editor.
6. Get rid of Antivirus System Pro start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
sysguard.exe
7. Click Apply and restart Windows.
Technical Details and Additional Information:
Malicious Files Added by Antivirus System Pro
c:\WINDOWS\sysguard.exe
c:\WINDOWS\system32\iehelper.dll
C:\Documents and Settings\[4 random characters]sysguard.exe
Antivirus System Pro Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random characters]”
HKEY_CURRENT_USER\Software\AvScan
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
Zeke Villarreal
Oct 25, 2009 @ 17:39:22
Last week i took off Antivirius system pro by running Malware bytes and Super antispyware. Now, something like it has taken over again. When I turn on my computer I get just a big pop-up that I have a virus and that it wants me to purchase one of a number of different things for my computer to protect it. That pop up is all I get, the computer does not fully boot up to give me any icons only the XP wallpaper behind the big pop-up. I cannot even get into safemode. What can I do to get my malware program to run, or how can i get my computer to boot with the icons so I can run something?
RFI
Nov 08, 2009 @ 14:51:00
I have one of my kids’ accounts infected with Antivirus System PRO, fortunately it’s not into an administrator account. While I can use task manager from the admin account to shut down blxrsysguard.exe, neithere Malwarebytes or SuperAntivirus are able to remove it (they “removed it” once, but now say the system is clean even with the rogue software popping up on the kid account).
KSDrechsel
Nov 27, 2009 @ 15:51:55
I was able to remove the software completely by selecting the System Restore option under Programs BEFORE the Antivirus System Pro virus fully loads upon startup. I restored to a day prior to when the software infected my computer. That seemed to remove it. Then I went out to the McAfee website, and they have a ‘stinger’ program which will remove this virus and 1300 others! I have not had the problem since.
GJG
Nov 27, 2009 @ 22:52:20
KSDreschel post is excellent. Some differences: AV System Pro wouldn’t let me run System Restore. So I just downloaded AVG on an uninfected computer, copied it to cd, and ran it from the infected computer after restarting but before System Pro fully loaded. Seems ok now. I will later also try Mcafee (thx KSD).
Ben
Dec 06, 2009 @ 18:40:29
If you can’t run any EXE file do this.
Download combofix on another computer and copy it over tot he infected one onto the desktop.
Create a shortcut to Combofix on the desktop also.
Copy the shortcut to the startup folder:
C:\Documents and Settings\”User name here”\Start Menu\Programs\Startup
Once copied reboot the computer, Combofix will run on startup.
Follow the prompts for Combofix and once the scan is completed restart and run Malwarebytes or any other good anti malware/antivirus program.
Ahab
Dec 08, 2009 @ 06:53:11
My windows security center directed me to install this program and would block my internet connection untill i had an antivirus running. I paid for it and 2 days later my pc crashed. im disgusted that my windows security would direct me there. had to use restore point.
MidniteShadow
Dec 23, 2009 @ 02:26:36
I had “Antivrus system pro” hit my computer, and it put up a really good fight this time around. The first time it was pretty easy to remove, but this last time it was really difficult. Fortunately I was able to get into my guest account and use my antivirus program to remove it.
Joseph Bland
Jan 12, 2010 @ 16:35:39
Anybody have a way of conacting these folks? They owe a lot of people time and money for this mess that thye have caused on PCs.
martin cabrera
Jan 14, 2010 @ 02:12:04
I purchased your program a couple months ago and now some personal security with a logo kind of like yours has got me to where i cant do much you got my address and info can you help me ? according to scans on your program there are no threats on m y system