Antivirus System PRO Descriptions:
The devils are launching more attacks on the Internet. This time, it’s called Antivirus System Pro, or Antivir System Pro. They are the same even though they might appear under two different names. Just like it’s predecessor, Antivirus System PRO is a fake malware that created to mess with us. Usually, Antivirus System PRO gets itself loaded onto a computer without your notice, and it installs itself through a Trojan, Virus or another piece of fake software. You can also get infected by visiting some bad websites. Antivirus System PRO will display fake alerts to trick user to buy the paid version of AntivirSystemPRO. One of those fake alerts should look like this, “Windows Security alert. Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.” Not only does Antivirus System PRO cause your machine to slow down dramatically, it would also put your privacy and data in risk.
We have composed a free manual removal instructions to remove Antivirus System PRO if you like the challenge. Be sure to back up the data first. Good luck!
Download SpyHunter* Spyware Detection Utility.
Manual Antivir System PRO Removal Instructions:
Stop Antivir System PRO Processes:
(Learn how to do this)
AntivirSystemPRO.exe
AntivirusSystemPRO.exe
Find and Delete Antivir System PRO Files:
(Learn how to do this)
AntivirSystemPRO.exe
AntivirusSystemPRO.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivir System PRO.lnk
%UserProfile%\Application Data\Antivir System PRO\settings.ini
%UserProfile%\Application Data\Antivir System PRO\uill.ini
%UserProfile%\Desktop\Antivir System PRO.lnk
%UserProfile%\Desktop\AntivirSystemPRO.exe
%UserProfile%\Start Menu\Programs\Antivir System PRO.lnk
%UserProfile%\Start Menu\Antivir System PRO.lnk
Remove Antivir System PRO Registry Values:
(Learn how to do this)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivir System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivir System PROâ€
Download SpyHunter* Spyware Detection Utility.
We have had the best sucess taking it off with Super Antispyware [It is free.. just Google for it] if you catch it fast enough. Otherwise you may have to redo your whole computer if it gets bad enough. UGH!
Super Antispyware will run in Safe Mode.
Restore to an earlier date worked once.
You can also use an adaptor for IDE/SATA to USB port and run Super Antispyware from another computer to the external hard drive.
This is one of the worst virus…so good luck.
I support the death penalty for the scriptkid scum that wrote this
Look in the C:Users/…/AppData/Local folder for remnants of this nasty scurge .. there were multiple versions on my daughter’s machine.
Barry –
I don’t seem to be able to get into “safe mode”.
It just keeps cycling back to beginning and will only start up in “normal mode”. Suggestions?
Funny how the only anti-spyware software that you can not install once you have this bug is Windows Defender….Why??? because it is free and it kills this thing!! As far as I am concerned all of these other anti spyware companies with their free scans (yet paid removal) are a part of this.
This procedure has worked for me on a number of machines. It assumes that you do not have Windows Defender installed.
Task Manager – stop any services running that contain “guard” anywhere in the name. This should stop the popups and other garbage so you can get some work done.
–regedit
go to hkey local machine/software/Microsoft/Windows Defender
Right Click –Permissions. Give the adminstrators group full control.
Right Click the Windows Defender Key and choose delete.
Reboot your machine. Upon reboot quickly stop the garbage services again. run the Windows Defender installation…scan and remove!!
If you have problems email me at ststoweman@gmail.com — not looking for money or anything else —just hate this kind of garbage.
I’m able to stop the *sysguard.exe process and remove the file however on restart it reappears. I can’t find the iehelper.dll or any of the other files that are listed in the removal instructions. Is this rogue storing files under another name if so what should I be looking for.
Listen guys,
I had the same problem and I have apparently just got rid of the f* Antivirus System Pro.
The infection seemed pretty serious since I could neither open the task manager, run regedit, find sysguard, nor boot into safe mode.
Here’s what I did:
- I downloaded SuperAntiSpyware Free Edition on another computer and copied it onto my desktop;
- rebooted my computer and executed the SAS setup file as quickly as possible, before the virus loaded;
- when SAS installation completed, I chose the “quick scan” option;
- in the meantime, I came across Barry’s advice (checking ASP location by right-clicking its main window and choosing “properties”); it turned out that the sysguard file I couldn’t find earlier was hidden in C:\Documents and Settings\(user)\Local Settings\Application Data\jvtroy. I couldn’t delete it, so I used “remove on reboot” shell extension which I installed a long time ago (you can easily google it); yet, I didn’t reboot it straight away because the SAS scan was in still progres;
- after about 15 minutes SAS was done with the scan – it discovered >150 (!!!) threats. I followed SAS’s on-screen suggestions concerning the actions to be undertaken; the last one was reboot, so I did that;
- now my computer seems to work just fine; I’m now running full Malwarebytes’ Anti-Malware scan and my antivirus (the proper one, not that popping-up sob) occasionally spits out trojan alerts;
- sysguard.exe is no more there, but I’m not sure whether it’s thanks to SAS or the “remove on reboot” extension I used.
I hope this proves useful for you guys as well.
If not, don’t lose your spirit – there has to be another solution. There always is.
Best of luck!
By opening the task manager right when your desktop shows up, right click on your computer clock(bottom right of your screen and click on task manager. Keep it open and locate the sysguard.exe and end process.
After doing this, backup your files (all or only the ones most important to you) on a DVD or external storage system. Do not shut down your computer since the end process only works for this session. The minute you restart your computer, the Antivirus System PEST will still be there.
After you have finished backing up, if you have your computer’s OS reinstallation disc, reinstall or format your hd to reinstall.
I had to do this last night!
HI guys,
This antivirus Pro came yesterday, I think they have scary graphics which confuses us. It doesn’t scan anything of find anything. Normaly it doesn’t allow you to go to “msconfig” or “regedit” or restore point, it will give you error. BUT if you can go to restore page as soon as your desktop shows after booting u can restore easily. Basicaly This antivirus Pro takes some seconds to activate after windows is running, it doesn’t start with windows.. so try to be faster then Stupid Antivirus… It worked for me.. the again I went to webpage intentionaly & I got infected, & I tried second time… It worked !!! GOODLUCK
If I ever find out who wrote this sh*tware, I’d hack off their hands and feet!
malware worked for me , once I went into safe mode and took it from saved file on pen drive from another pc. but now I cant connect to the internet
I got this virus this morning and tried this:
First I went into “safe” mode, because the virus had just about shut everything down in normal mode. While still in safe mode, I then checked add-remove to see if the virus was visible there, but it wasn’t. However, I was able to remove it by using “system restore” while in safe mode.
You can go into “safe mode” a number of ways, the easiest being to push the button on your computer and force quit, letting the black screen come up as it reboots. From there, just arrow scroll into the “safe mode” offering, and then press “enter.” You can also get into safe mode by rebooting and pressing F8 as your computer comes back up.
I then went to “all programs” and found the “accessories” folder. Then I opened “system tools” folder. Inside there, I clicked on the “system restore” icon. From there, it’s pretty much self-explanatory, like going back in time to before the virus happened.
I went back to a point 5 days ago, just to be sure, even though I just got the infection today, a few hours ago. I restarted out of safe mode and came back into the system’s regular mode.
I realize most people know this about safe mode, etc., but a lot of people don’t, so here it is simply put. “Safe mode” is the best way to combat most of these viruses, whatever the solution may turn out to be.
i got rid of the virus, for the most part, but now my pc wont even go into system restore.
I’m a professional PC tech for 25+ years.
the only way to sucessfully remove AntivirSystemPro is to do a system restore to any point before the time when you first noticed the virus. The reason you can’t remove it otherwise is because it embeds secret code into your registry that reinstalls the program on reboot.
If you try to delete the program it simply reinstalls itself at startup before any of your other software loads up!
Do a cold boot and press F8. Hold the key down until you get the options menu and boot into safemode. This allows your machine to only start with protected mode drivers (won’t load programs you installed after windows). Now go to start/run and type restore. Select the option for Restore UI. You can now restore from a date previous to when the virus wrote itself into your registry.
If you are not sure when you acquired it, I suggest any point 2 days prior to when you first noticed the virus.
your PC will now boot virus free.
Give yourself a handclap.
While surfing on Jan 2 2010 and looking at movies a pop up came on screen concerning an important Quiktime update was needed to continue. Of course I down loaded and opened it while still online (Dumbas*).Then Bam it struck. Then 15 seconds later Norton Anti Virus had it quarantined. Malware was named guao sys guard.exe . Since then I have added Zone Alarm Pro and Zone Alarm Force Field along with my Norton Antivirus. I hope I am now covered and I promise not to open files while online.
DONT install or accept any instructions and disconnect from the web(physically remove the cable). Delete the file or folder that you think you downloaded the problem with (in my case a Real video clip). Restart your PC in Safe Mode. Then do a system restore to a point well before you picked up the piece of cr*p. That seems to do it. I hope!
Norton 360 took care of it for me, when I got it I had Norton turned off!