How to remove Antivirus System PRO rogue anti-spyware

Malware Description:
Antivirus System PRO (aka AntivirusSystem PRO or AntivirusSystemPRO) appears to be the representative of the new generation of rogue anti-spywares. Being a clone of the infamous Spyware Protect 2009 and System Guard 2009 scarewares, Antivirus System PRO inherits its determinative traits; moreover, the hackers have been driving a lot of traffic to the websites promoting it, one of which is Antivirsystem.com. The tempo of Antivirus System PRO propagation is enormous; equally great distribution rapidity as compared to Antivirus System PRO is being currently exhibited by Alpha Antivirus rogueware which is another instance of ultimately fraudulent malvertising product. Antivirus System PRO infiltrates the target computers through illicit browser-hijacking techniques or via Trojans using backdoor tactics to trespass undetected. When inside, Antivirus System PRO freeware will do its best to convince the victim to register its license. For this purpose, Antivirus System PRO usually floods the compromised system with its exaggerated popup alerts that state the PC is badly infected and needs a remedy, i.e. Antivirus System PRO full version which demands payment. The deceitful effect of Antivirus System PRO pop-ups may he reinforced by its bogus security scanners that emerge out of nowhere and claim to detect more infections on your computer. The ultimate goal of Antivirus System PRO is to brainwash the victim into purchasing its license; if the victim is “stubborn” and refrains from installing the pimped scamware, Antivirus System PRO will attempt disrupting the target system. Therefore, it’s strongly recommended to remove Antivirus System PRO rogue as soon as possible.

Malware Type: Rogue Anti-Spyware

Malware Author: Magic software Inc

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

Antivirus System PRO Free Scanner and Remover: Download Now

Antivirus System PRO Bogus Scanner Screenshot:

Antivirus System PRO

How to remove Antivirus System PRO manually:
Manual removal of Antivirus System PRO is feasible if you have sufficient expertise in working with program files, system processes, .dll files and registry entries.

The files to be deleted are listed below:

  • %WINDOWS%\sysguard.exe
  • %WINDOWS%\system32\iehelper.dll

The associated registry entries to be removed are as follows:

  • HKEY_CURRENT_USER\Software\AvScan
  • HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”

Please, be informed that manual removal of Antivirus System PRO is a cumbersome procedure and does not always ensure complete deletion of the malware, since some files might be hidden or may automatically reanimate themselves afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of Antivirus System PRO, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Download Antivirus System PRO Automatic Remover

Like This Article? Let Others Know!

Reader's Comments:

  1. steve sheppard |

    when I try to download your antivirus system Pro automatic remover, it takes me to that site that wants to sell the product, Antivirus system Pro or it will tell me that it cant be displayed but it will show me how to download that thing again. What else can I do to install. I have windows xp on this computer. Thanks,
    Steve

  2. admin |

    Steve,
    You should try to download our removal tool in Safe Mode With Networking, which can be accessed by repeatedly pressing F8 key when starting your PC. In Safe Mode, you should be able to install and use the security software without Antivirus System PRO preventing it.
    It should work!
    Regards,
    Remove Malware team

  3. Hal |

    I am pretty sure that I contacted it through a Windows Update
    That is the only thing I have upgraded recently.

  4. GoVolsKickSomeAss |

    yep.
    The only thing I updated recently was a Windows Update.

  5. InvertedOreo |

    Yeah, I don’t know how I got this, seeing as all I’ve downloaded recently is a Windows Update.

  6. Garret |

    i got it from downloading a song form a site i thought was safe =[

  7. Nossy |

    What happens if i was err dumb enough to purchase the software and i have it installed…. shall i remove it still?

  8. admin |

    Nossy, you should – by all means. Antivirus System Pro is a rogue anti-spyware program, which means it’s designed to get you wasting your money or eventually ruin your Operating System if you don’t pay. In other words, Antivirus System Pro does not belong on any normal PC because it makes it slow and greatly exposed to more contamination from the outsite.
    Thanks for your comment!

  9. Adam |

    I’ve officially threatened legal action against aware-protect.com, which is the site that comes up when you click “Yes” on one of the pop-ups. I’m honestly looking for a fight at this point. This invasion of privacy is absolutely criminal.

  10. Andrew |

    This spyware is seriously scaring me… It’s taking my web browser to innappropriate websites and making up fake threats that are apparently attacking me. I sure hope this works…

  11. Soccerfan |

    I have this and it was making pop up internet browser pages come out of nowhere with addresses such as porn . com and other innappropriate material…

  12. Anon |

    AV Sys Pro is using Internet Explorer, WHICH ISN’T INSTALLED ON MY COMPUTER! That freaks me out…

  13. Frank Bumbardatore |

    Can I burn your fix to a CD from a healthy computer and run it on the infected one? Thank you for your help, I would love to get my hands on these bastards!!!

  14. admin |

    Frank,
    Yes, you can try the method you mentioned. Indeed, sometimes Antivirus System Pro can disable internet access or redirect one’s web surfing and block legitimate security downloads.
    Good luck removing the bad stuff from your PC!
    Regards,
    RM

  15. Medalock81 |

    I found the thing today, i gone to ask manager and found a unfamiliar task running and [End process Tree] since then i havent seen it running, tho atm making sure full updates are golden, and doing a full system scan, will try the above removal tool also. not sure how i got it in the first place, havent gone to “bad” sites or anything, havent even done the Windows update, and i still seemed to get it. this is second time in 5 years that i caught this crap on my pooter. i hope disabling the Task it creates in task manager, you should be able to avoid having to restart your computer, download the above removal tool, ititiate the removal and do everything else you need to do to get rid of it, afterwards, do a restart once satisfied it is gone, and see if it comes back up.

  16. brjel |

    You cant get this from windows update. You get it from browsing questionalbe sites, like movie download, music download and your fav porn. By the time you noticed it using windows update. you were already infected.

  17. Nat |

    Haha, the AV pro is giving me messages about “Install.exe.” and all that stuff being infected so the action cannot be performed, but i click “No” and it installs anyway!

  18. Larry |

    This is the second time i got it…or one just like it…avg suppposed to keep this stuff from coming on…but it does not…thanks will try yours.

  19. Jack |

    Thanks for this download guys. I usually just deleted the ctguard.exe from my Processes tab but It kept getting annoying. So Im hoping this thing pinpoints the virus and destroys it. Thanks!

  20. Cupcake |

    Well I got this because I was doing something bad and well I downloaded a keygen that I guess installed this software and I was Fing scared be ause I’ve had virus problems but this one beat them all it’s like something I had never encounterd and well I deleted some regestry key items and some folders that were hidden in the windows folder that had some wierd names like ie8 which I didn’t have installed and some wierd other ones now I restartedand the little two ships icons left and I can open my apps yay and I’m running this software to remove the remaining files

    thnxz to the person who posted this u helped alot 

  21. ProGear Computers |

    You get this virus from a pop up!!! If you click on the red X in the upper right hand corner, insted of closing the window, it installs this virus! Close ALL pop-ups from the task bar!!!

  22. Phil |

    hey, i just wanted to say thanks for this advice, from admins and everyone who is posting questions. i just hope this works…i can’t get to any website that is legitimate, but i’m tryin safe mode and frank’s outsourcing idea. thanks again everyone. you actually saved my job (it’s my bosses computer).

  23. Angelo |

    This helped me so much! All I can say is thank you so much. My computer is back to its regular state and I can use it normally.

  24. Kesva |

    HI Admin

    I am very much thankful to you guys. In my case the manual steps whatever you suggested really worked and i am very happy that i could get rid of it easily

    Thanks a lot

  25. Cody J. Cubilla |

    Okay. I installed it, And when i go to open it on the page, the Antivirus system pro says its infected and cannot open at this time. Ummmm WTF? Helpppp(:

    Thanks.

    ~Cody

  26. Katie |

    Have been attempting to get rid of Antivirus System Pro! Won’t run programs that have been downloaded! When attempting to get into safe mode, a blue screen appears with error message!! Problem detected – Windows shutting down. Any suggestions?? Thanks for any advice!!

    Katie

  27. JoKeR |

    Both Steps Work! good Advice Thanks

  28. XalronZaar |

    Greetings Admin.

    Many Thanks for this removal tool, being a hardcore gamer you saved my reputation and carrer with this! Intead of freezing in the middle of a virtual battle or crashing my computer during alpha/beta game testing with these false company viruses, worms and trogens, I am not coasting along like before! I am saved!!!
    Many Thanks,
    Ereressel Edikor

  29. admin |

    Cody and Katie,
    We advise renaming the removal tool you’ve downloaded. If the remover gets renamed, Antivirus System PRO should no longer prevent it from opening.
    Try this!
    Admin

  30. Rae |

    I seemed to have been targeted too. I am not able to even open internet explorer to be able to go to this site and download the removal tool. I’m using my brothers computer to look up info about it, is there a way i can download it from his computer to a flash drive or disc and then run it on my computer? PLEASE HELP!!!!

  31. Jimmy |

    Thank you thank you thank you! I really wish someone would prosecute whoever developed that spyware.

  32. Laura |

    I downloaded but Antivirus System Pro was disabling before I could scan. Starting up in safe mode with networking is absolutely the key! My computer was back up and running like normal in no time. It was so easy. Thanks!

  33. admin |

    To Rae,
    You can download our removal tool installer to some external drive and then install it onto your infected PC.
    Looks like you’re experiencing Antivirus System PRO the hard way…
    Try following the above tips, it should work.
    Admin

  34. Robert |

    Where the hell did this thing come from? I got it while downloading DDO I guess… its weird… thanks for the removal tool!

  35. thayes |

    I just found that if you open the Antivirus System Pro “scanner” and then give it the old Alt+F4, you are able to install and run programs! Thank god, because it somehow was blocking me from getting into safe mode (monitor error- Frequency out of range).

  36. Greg |

    I just got hit and downloaded the scanner to a CD on another computer and ran it from the CD on my infected one. It found this and several other issues. It dies screaming and kicking – just keep clicking on the “X”s on all the pop-ups that keep coming. What a nasty little imp!!

  37. jay |

    i hate avp so much. i hope this works.

  38. chris |

    Thanks to Mike Walsh… I think I finally got an upper hand on this thing. After executing the msconfig command a number of times in succession… it came up and I was able to stop the “odgusysguard” process. Still plenty of work to do to reconfigure this system.

  39. Prakash |

    I have found a way to get ride of this

    when u login to your computer, before you get into the screen , press ctrl+alt+del to getinto the the task manager [otherwise this devil wont let u to access taskmanager,cmd prompt anything].. and immeidately focus the control to the process tab.. you can see the process with the name like kwaksysguard.. just right click and goto the file location. it will be located under users->appdata-wc..->
    kill that process and then delete this devil.

    this worked for me.. Try it!

  40. Kurt |

    Wow. Thank you so much i am so greatful because i had three malware programs on my computer at once and i could only stay on a website for about three seconds before it got blocked. So thanks :)

  41. PlanoGuy |

    All,
    Couldn’t find it to remove it manually till I went to taskmgr and ended the process called “itesysguard.exe”. This virus seems to change it’s name in each computer it infects so look for any process called “****sysguard.exe” and end it. That stops the pop ups temporarily.
    Then I downloaded the remover onto another computer and transferred it by thunb drive onto the infected machine, ran it, restarted, and the problem is now cleared.

    Hope this helps!

  42. J |

    It seems like the latest version operates from wgjesysguard.exe, which appears as a process in Task Manager. The trick is to close that process the second you log in. Do that and you’re golden. From there, you can do all the removal stuff you need to do to get rid of it permanently.

  43. Maya |

    I installed the program but as soon as I pull it up it won’t allow me to click anything at all, it just stays there motionlessely not doing anything.

  44. edwin |

    i got it today and it is operating on nuvssysguard.exe and the registry address is different from above {B6D223F6

  45. Jerry S. Guzman |

    Thank you guys!! this is awesome i was able to remove this thing…I just installed the removal tool in safe mode…then went back to normal mode and ran the spyware doctor and voila! it was gone xD…i had been fighting it for about 7 hours…THANK YOU THANK YOU!!!

  46. Lab Rat |

    I too have become a victim of this horrible spyware. I tried spybot, advanced system care, malwarebytes anti-malware, and finally this one. None of those programs except spyware doctor detected the infections on my computer. I had to download the program on safe mode with networking, reboot, and the trick is to open spyware doctor as the computer is loading so that it is the first thing that opens before antivirus pro can attack. my computer is up and running again. Thank you so much to people like you who are out to fight against these deviants.

  47. neuro |

    ive been battling for 24 hours, used multiple sites suggestions for removal. mine came in as vigjsysguard.exe and the registry entries below are not there, although i did remove two others that were not listed here but on another site. there was also a file in my prefetch as well as in my documents and settings folders and unchecked TWO boxes in my startup for the evil vigjsysguard.exe.. aaaaaaaaaaaarrrrrrrrgggggggghhhhhhhhhhh!!
    crossing my fingers that now going into safe mode and running malware scanners will work this time after doing it 5 times and having it come back each time :(

    HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”

  48. Aaron |

    Hey guys if you need help this is what i did,
    If it disables task manager and internet explorer isnt working then you need to restart the pc, as soon as you are logging in after the user logon his Ctrl Alt Del, then search for the process, should be ____guard.exe and there should be two, remove them and any other suspicious processes that you havent seen before. Then come here, download the removal and you should be all good :)

  49. Paul |

    HAH!

    Made my day to see the first item on the threats found list to be Antivirus System Pro!

    Thanks for the tool! And I’ll be sure to use this site for my malware problems :) Bookmarked

  50. lola |

    This thing is driving me MAD. i’m about to try what you guys have sugested. i’ll get back to you soon. I can’t even run “regedit”…

  51. Eric |

    I ran msconfig and found another hiding spot of it,
    C:\Documents and Settings\[user name]\Local Settings\Application Data\kbshlr\ucgdsysguard

  52. Tom |

    Thanks for the program and all the comments. I copied the file on another comuter to a scan disk. Then ran it on the computer, all gone. Now running One Care to scan computer

  53. Allan |

    Aaron had the right stuff, worked like a charm.
    My wife decided to do some casual surfing on my corporate machine!
    This scamware was a sob to get ride of!

    Cheers,

  54. marc |

    Reboot in safe mode. Run msconfig and under startup disable or untick the command line ewvisysguard.exe or any command line with sysguard.exe included. Then reboot in normal mode and this will prevent antivirus system pro from loading. If you still can’t access the internet as was in my case, go to intenet tools, internet options,advanced, reset. Let me know how you went. It certainly sorted my problem out.

  55. Martin |

    thanks very much for this link – saved my day!

  56. admin |

    Marc,
    Thanks for the tip, it’s very reasonable!
    However, unticking the …sysguard.exe process under startup tab will only prevent Antivirus System PRO from loading when you boot into Windows but won’t remove it completely. The virus will still be on your PC. It will be additionally needed to uninstall Antivirus System PRO after the above actions are completed.
    Thank you,
    Admin

  57. Mike |

    This thing really pisses me off. I don’t really know how i got it on my computer in the first place but after doing a complete reformat and clean install of WinXP i got it again within hours of finishing Windows Updates.

  58. Terren Woodfin |

    OMG! Thank-you so much this really worked and it was really quick. Thank-you again and Good Bless.

  59. Tariq |

    An excellent spy remover

  60. Ben |

    If you’re having trouble going to the site, try to create another user on your computer if you’re using Vista or XP. It works for me, the virus can’t get to me there for some reason, so I’m able to do everything on another user account on my laptop.

  61. Chris |

    wanted to say thanks for the manual removal instructions, wasnt even letting me open any programs so im glad ive got firefox running most the time, managed to remove 2 of the files outside the regestry and now its letting me load taskmanager and the removal tool thanks for the instructions :)

  62. Faron Domenic |

    Yo everybody – I have located several more files to add to this solution.

    One of the wildcards under sleeve as hacker – this is useful tool you should use this as it has never failed me.

    in Registry – do the search (CTRL+F) and enter “xlumvrba” – this is the reg_sz file name for this friggin’ malware. And also, it also clear that this malware as mutated – its new name is uadnsysguard.exe.

    I would suggest to enter ‘sysguard.exe’ because it is likely that there are many version of mutated malware of this type.

    Do locate the file and delete on hard drive AND to delete these files in the registry.

    For this version of malware – the following locations it uses are:

    *HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run – remove ‘xlumvrba’
    *HKEY_CURRENT_USER/software/microsoft/Windows/CurrentVersion/ShellNoRoam/MUICache – remove ‘xlumvrba’
    *HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run – remove ‘xlumvrba’
    *HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run – remove
    ‘xlumvrba’
    *HKEY_USERS\S-1-5-21-854245398-1580818891-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache – remove ‘xlumvrba’

  63. Jerry G |

    Thanks to everyone for the advice and thanks to the makers of Spyware Doctor. My daughter got this nasty little mofo of a program on her laptop and I’ve spent the better parts of the last day trying to drive a stake through it’s heart. Spyware Doctor seems to have done the trick, and the tip about launching the Task Manager is a great one; I found the little program still on my system as QHIXsysguard.exe and was able to nuke the process.

  64. Vinnycius |

    Hei mark..
    Thanks for your tip:”If you still can’t access the internet as was in my case, go to intenet tools, internet options,advanced, reset. Let me know how you went. It certainly sorted my problem”.
    It was very helpful for me.. thanks so much!

  65. Claaaauida |

    Okay, so I’m now downloading this removal tool. I have my fingers crossed hoping it works. Anyways, since this virus is pretty stupid and fakes all of this infected files.. and doesn’t let you open any thing up.. ANYWAYS. For all you people, this should help:

    -Start your computer.
    -As soon as your desktop picture or whatever appears, click Ctrl+Alt+Delete.
    This should open up your task manager to the process tab. In the process tab you scroll down until you see something called “…sysguard.exe”. It may have some letters before that, but just look for any process that contains “sysguard.exe”. Click on that and then click on end process. Soon enough the pop outs will stop and from then on use your Anti-virus or a removal tool, or just remove the virus manually. Hope that helped some of you.
    :D

  66. Chuck |

    You guys are awesome. It worked so fast I was not even sure it did anything.
    Thanks

  67. FyNSyX |

    Hey guys just got the nasty bug today, Restart your computer as soon as your computer is at the desktop screen be4 everything loads press Ctrl+Alt+Delete go to task manager then to Processes. Wait for your computer to start loading like it normally will and as soon as you see 2 files that say “****sysguard.exe” delete them immediately and then your computer will be have like normal come to this website and DESTROY IT!!!! :P happy virus hunting

  68. Nightowl |

    Just worked on a clients PC that had this stupid program. I couldn’t even get into safe mode, I would get a blue screen. I had to slave the hard drive to my main rig and scan/remove the files manualy. Thanks to all who posted all there tips and tricks to get rid of this peice of garbage software!

  69. Saydie |

    I got it when I updated IMVU and Norton Internet Security after like a year of not using internet or anything on my computer =/

  70. Lynn |

    I finally found the ****sysguard.exe.
    Tip: the thing can pop up anywhere in the list at any time. You have to keep scrolling up and down to watch for it.

  71. Lisa R |

    I had the malware tool to get rid of this but couldn’t get it to run, killed it in the task manager thanks to all the advice here and finally got rid of it. thanks to all for the help!

  72. Toga |

    Yeah, thanks for the site. Thank god I had a flash device….never saw a virus tell me that I couldn’t go into safemode.

  73. C |

    Thank you everyone for posting. I was finally successful at getting rid of this virus on my own today based on what I was told on this site. However, my Internet Explorer is still acting up even after changing the LAN settings. I am currently working under Firefox. Any suggestions???

  74. C |

    Well, I spoke too soon! Thank you Vinnycius! I did what you said and now I’m up and running. Can’t thank you enough!

  75. brett |

    Prakash your awesome!! It only took me a minute to delete it your way. The process in task manager was called something ending in sysguard….xxxxsysguard. I killed the process and deleted a file called sandiebox. This let me download the removal tool to get rid of the virus.

  76. rich |

    I just logged into the internet again. Immediately bring up Task manager, delete any…sysguard.exe files. Next, go change the LAN settings on TOOLS box. Then I was able to download the file you suggested and I am hoping it works!!

  77. keith |

    WOW!!! I just did what brett and prakash did and it worked. so simple!

  78. Vicki |

    I got it yesterday. Took Dell 5 hours remotely connecting to my computer to remove the bugger! I was horrible! After they downloaded about five different removal programs, the last one found and cleaned it. Thanks God. I hope I never get that again. My virus software was up-to-date and I scan daily, but it didn’t protect me. Urgh.

  79. Black Mold |

    Really Interesting Weblog! Appreciate This Post!

  80. Lois Woodfield |

    I don’t even know how I ended up here, but I thought this post was good. I do not know who you are but definitely you’re going to a famous blogger if you are not already Cheers!

Post a Comment: