Traduzca al Español
Übersetzen Sie zum Deutsch
Traduisez au Français
Traduca ad Italiano
Vertaal aan het Nederlands
Μεταφράστε στα ελληνικά
Översätta till Svensk
ترجمة الى العربية
中文翻译
한국어에게 번역하십시오
日本語に翻訳しなさい 
Traduza ao Português
Переведите к русскому
Antivirus System PRO is another scam antivirus application. Antivirus System PRO creeps into your system through a Trojan — like Zlob — or rogue websites. Like other scareware, Antivirus System PRO pops out loads of Antivirus System PRO alerts. These Antivirus System PRO popups are false security warnings — Antivirus System PRO just wants to scare you into buying the “full” version of Antivirus System PRO.
Antivirus System PRO? More like Antiworking System SCAM. The only thing Antivirus System PRO removes is money from your wallet.
So I’ll show you how to remove Antivirus System PRO, for free.
GET RID of Antivirus System PRO
- Manually remove Antivirus System PRO with step-by-step instructions
- Download Spyware Doctor to automatically remove Antivirus System PRO
- You can download award-winning, anti-badware software SpywareDoctor to easily remove Antivirus System PRO. Want to know why I dig SpywareDoctor? Read my review.
Do You Have Antivirus System PRO?
When you’re infected with badware — whether it’s Antivirus System PRO, spyware, adware, a Trojan, or a virus — there are a few key symptoms. Have you noticed…
- Slow computer performance: It just takes one parasite like Antivirus System PRO to slow your computer dramatically. If your PC takes longer than usual to reboot, or if your Internet connection is unusually slow, you may be infected with Antivirus System PRO.
- New desktop shortcuts or switched homepage: Badware like Antivirus System PRO may change your Internet settings to redirect your homepage to another site. Badware can even add desktop shortcuts to your PC.
- Annoying popups: Badware can bombard your computer with popup ads, even when you’re not online. Through these popups, you may be tricked into downloading more spyware.
How to Remove Antivirus System PRO Manually
Before we get started, you should backup your system and your registry, so it’ll be easy to restore your computer if anything goes wrong.
To remove Antivirus System PRO manually, you need to delete Antivirus System PRO files. Not sure how to delete Antivirus System PRO files? Click here, and I’ll show you. Otherwise, go ahead and…
Block Antivirus System PRO sites:
http://www.inetavirus.com
Stop Antivirus System PRO processes:
%ProgramFiles%\Antivirus System PRO\uninstall.exe
c:\WINDOWS\sysguard.exe
Remove Antivirus System PRO DLLs:
Get rid of Antivirus System PRO files:
%ProgramFiles%\Antivirus System PRO\conf.cfg
%ProgramFiles%\Antivirus System PRO\mbase.vdb
%ProgramFiles%\Antivirus System PRO\quarantine.vdb
%ProgramFiles%\Antivirus System PRO\queue.vdb
Delete Antivirus System PRO folders:
Remove Antivirus System PRO registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
Note: In any Antivirus System PRO files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Antivirus System PRO removal, go ahead and leave a comment.
How Do You Remove Antivirus System PRO Files?
Need help figuring out how to delete Antivirus System PRO files? While there’s some risk involved, and you should only manually remove Antivirus System PRO files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete Antivirus System PRO files in Windows.
How to delete Antivirus System PRO files in Windows XP and Vista:
- Click your Windows Start menu, and then click “Search.”
- A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
- Type a Antivirus System PRO file in the search box, and select “Local Hard Drives.”
- Click “Search.” Once the file is found, delete it.
How to stop Antivirus System PRO processes:
- Click the Start menu, select Run.
- Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
- Click Processes tab, and find Antivirus System PRO processes.
- Once you’ve found the Antivirus System PRO processes, right-click them and select “End Process” to kill Antivirus System PRO.
How to remove Antivirus System PRO registry keys:
Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.
- Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
- Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
- To find a registry key, such as any Antivirus System PRO registry keys, select “Edit,” then select “Find,” and in the search bar type any of Antivirus System PRO’s registry keys.
- As soon as Antivirus System PRO registry key appears, you can delete the Antivirus System PRO registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
How to delete Antivirus System PRO DLL files:
- First locate Antivirus System PRO DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
- To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Antivirus System PRO DLL file is located. If you’re not sure if the Antivirus System PRO DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
- When you’ve located the Antivirus System PRO DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore any Antivirus System PRO DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.
Did Antivirus System PRO change your homepage?
- Click Windows Start menu > Control Panel > Internet Options.
- Under Home Page, select the General > Use Default.
- Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
- Select Apply > OK.
- You’ll want to open a fresh web page and make sure that your new default home page pops up.
Antivirus System PRO Removal Tip
Is your computer acting funny after deleting any Antivirus System PRO files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.
Want to save time finding Antivirus System PRO files? Download Spyware Doctor, let it find the Antivirus System PRO files for you, and then manually delete Antivirus System PRO files.
How Did You Get Antivirus System PRO?
Wondering how Antivirus System PRO ended up on your PC? If you’re infected with Antivirus System PRO or other badware, perhaps you were using…
- Freeware or shareware: Did you download and install shareware or freeware? These low-cost or free software applications may come bundled with spyware, adware, or programs like Antivirus System PRO. Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly attached to free software to harm your computer and steal your personal and financial information.
- Peer-to-peer software: Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like Antivirus System PRO.
- Questionable websites: Did you visit a website that’s of questionable nature? When you visit malicious sites that are fishy and phishy, badware may be automatically downloaded and installed onto your computer, sometimes including applications like Antivirus System PRO. I recommend you use Firefox web browser, if you don’t already.
Understanding Antivirus System PRO
If you’re infected with Antivirus System PRO, you should know what you’re fighting. I’ll explain some definitions related to Antivirus System PRO.
Antivirus System PRO May Be Rogue Anti-Spyware
Rogue anti-spyware refers to anti-spyware/antivirus software of questionable value. Rogue anti-spyware may not be proven to protect your computer from spyware, may popup fake alerts or create many false positives about your PC being infected, or may use scare tactics to try to get you to purchase the application. Rogue anti-spyware software may be installed by a Trojan, come bundled with other software, or install itself through web browser security holes. While it is fairly rare, some rogue anti-spyware is created and distributed by known spyware or adware companies, and the rogue anti-spyware may install spyware or adware itself.
Often when you’re infected with rogue anti-spyware like Antivirus System PRO, you’ll see a false popup security alert like this:
Rogue Anti-Spyware Tactics
Typically, rogue anti-spyware such as Antivirus System PRO has one or more of the qualities listed below, which is why rogue anti-spyware is considered anti-spyware software of questionable value.
- False positives/fake alerts: Rogue anti-spyware may produce a large number of false positives or use fake alerts, noting that your computer is infected with spyware parasites or other threats that do not really exist.
- Copycat looks: Rogue anti-spyware may copy the look and feel of other legitimate or rogue anti-spyware applications. Often, rogue anti-spyware applications may appear as close clones of other rogue anti-spyware software.
- High pressure marketing: Rogue anti-spyware may use scare tactics or other aggressive advertising and marketing tactics to try to trick you into buying the rogue anti-spyware application. Often, rogue anti-spyware may produce false positives and fake alerts about your computer being infected.
- Poor detection/scan reporting: Rogue anti-spyware may produce poor reports when it scans your PC. For example, rogue anti-spyware may say your computer is infected 11 parasites, but not specify which spyware parasites or what type of parasites. Rogue anti-spyware may also report that your PC is infected with SafeAndClean, but not tell you which related files, DLLS, etc. were found on your computer.
- Weak scanning/detection: Rogue anti-spyware may not only poorly report on computer infection, but rogue antispyware may also poorly scan your PC. Rogue anti-spyware may skip over important folders and files of your computer that should be scanned to detect spyware.
Did Antivirus System PRO use these tactics to trick you into buying Antivirus System PRO?
Antivirus System PRO May Be a Trojan
Trojans install themselves secretly onto your computer, most often through your downloading a simple email attachment (often Trojans pose as harmless pictures). Most Trojans are able to gain complete control over your PC after installation. With this control, the Trojan and the hacker behind it may change your system settings, delete important files, steal your passwords, and watch your computer acitivity.
Infection Methods of Antivirus System PRO and Other Trojans
Most Trojans infect your computer by tricking you into launching an infected file. This poisoned file could disguised as a small file, such as a jpeg or other email attachment, or it might be downloaded via a website or FTP.
- Email: Your PC may be infected with a Trojan when you download infected email attachments, or sometimes even when you simply open an email. Many Trojans exploit security holes in Microsoft Outlook. You may be able to reduce your chances of getting infected by a Trojan by using a spam-blocking software.
- Websites: Your PC may be infected with a Trojan when you visit a rogue site. Many Trojans exploit security holes in Internet Explorer web browser so that by simply visiting a website you may unknowingly download a Trojan.
- Open ports: If your computer runs programs that provide file-sharing functions – such as AOL Instant Messenger (AIM), MSN Messenger, and more – you may open your computer up to vulnerabilities. Using file sharing through these applications may create a network that gives attackers the opportunity to remotely access your computer.
Barry’s worked for me; however, my varient changed my IE8 Proxy Settings so even after it was “clean” i couldn’t browse in IE and Malware gave me a error code of 732 0 0… when i tried to update it. FOUND IT – it sets your Internet Options to use a proxy. Go into Internet Options and change your LAN Settings to Automatically Detect Settings; Whala! done.
Before anything else is able to load go to system restore and restore it to an earlier point. Worked for me
Barry, you are my hero! This was the most aggressive virus I have ever encountered. I followed you instructions and was getting nowhere and then found Hijackthis, a program that allows you to freeze your computer, from there i was able to follow your instructions and get the **** thing off my computer. I agree with everyone else, if I ever meet this guy……..
Cheers, Barry
Like Shel, I was on Facebook and viewed a video a friend loaded onto youtube. The AVS PRO popups started right after I left FB and was looking at people of walmart. So far, initial search results are empty, and popups continue. I’ve already installed the dr. I’ve expanded the search to files containing the words…
Update: If you are able to get Malwarebytes to update it will then be able to find the newest programs causing the trouble on your PC. I just finally got it to update and ran a search. It went from finding zero files to 9. Removed them and it looks like problem solved after restart.
I’ve followed all the steps and managed to rid myself of ASP but now, like els, I am not able to connect to the internet…what can I do?
My husband also got this virus, we tried all the regular methods to get rid of it but all were blocked. Finally after installing the malware on his desktop, we had to go into safe mode and run it (the malware). This way nothing had been started up and would not block the malware. Only my experience but if it helps anyone it is worth it.
I managed to get rid of this virus will help from all of your comments. Unfortunately my internet does not connect, even though it is connected to my network. Any suggestions?
I have Antivirus system pro virus on my laptop and I tried to remove it manually, but I don’t seem to the get the directions. Please help me. I tired to run and regedit thing as well but I don’t know the key.
Although I managed to get it off of my step-daughter’s puter, it hit mine yesterday, and I have yet to get it out. I got task manager up swiftly, and deleted a process named mppjsysguard, and also found and deleted a registry folder named avscan. But it came back and I did the same thing. I just downloaded Spyware Doctor and it has already found a host of things that my anti spyware programs have not found. Even running Windows Defender did not get rid of it.
I used Barry’s instructions and it worked. I went to the url, wrote down the path, found it, renamed it.
Then I restarted. I found the renamed file and deleted it.
Ran Malwarebytes. It came up with 3 security disabled lines. Restarted and it looks like it is gone. Thanks Barry.
Ok – after much frustration, I went ahead and downloaded the PC Tools’ Spyware Doctor. I figured, since I couldn’t find where this program had hidden itself – then maybe a scan from an outside source (installed post-infection) couldn’t hurt. After all, my already installed anti-virus and malware detection softwares seemed to be heavily compromised by the attack.
Needless to say, I was quite surprised at the sheer number of infections – all largely connected to AVSPro – that I was presented with. This thing really gets in deep. Anyhoo, as of this writing, my ‘puter “appears” to be clean.
And for that – I have to say “thank you” to PC Tools’ program – and to Kris (for recommendating it). As, personally, I don’t think I’d have ever had the patience to clear all those infected .dll’s and reg. entries on my own!
Thanks again, Shel.
To echo the other’s sentiments – the fixes listed here are no longer working. And all searches [of my registry] have come up blank.
I’m still surprised that my Malwarebytes Anti-Malware AND McAfee BOTH failed miserably to protect my system from this one.
And as for having it infect via suspect websites – the only spots that my system had travelled in the past couple of days were AICN.com and Facebook. Well, and Google and the Bell Aliant homepage. But that’s about it.
Trend-micro – which is where I ended up initially – cleared up the mess via their Housecall. Or so I thought. However, on rebooting – it was all back again – with a vengeance.
This thing really does seem to be mutating on a daily basis – and it almost seems like it doesn’t matter where one is “surfing” – it’s a matter of hit-or-miss.
And yes – I certainly would enjoy a face-to-face with the character responsible for this one… well – more like a face-to-baseball bat… but you get the idea.
That said, if anyone has any other info – it’d be greatly appreciated.
Thanks for listening, Shel.
I have tried all of Barry’s instructions, but I am unable to delete the sysguard.exe file. Any suggestions how to come at it now? Does this virus change daily?
i can run Malwarebytes, but whenever i reboot my computer i still have ASP. i’ve tried manually deleting, but that doesn’t work either- ASP prevents me from deleting it
Nothing that is listed here exists within my computer. What is going on am completely frustrated, need help.
Nothing worked that anybody mentioned here and I tried it all. I had to do a live chat with my antivirus program and pay tech support to get rid of the files. This was a bad one and I’d like a face to face with the jerks who created this.
Alla and Barry, you were both a great help!
I had to stop the process of ugxlsysguard to remove the pop ups. This really is the virus from hell!
James / Jay / Steven:
Didn’t you bother to read any older posts to find a solution? No wonder you can’t fix it. Are you a bunch of liberals, waiting for Obama to fix it for you? My solution seems to work for everyone, but you have to go back almost 10 posts to read it.
everything i try fails.. spy doctor Spybot s&d windows defender.. none of them will open.. This is ridiculous :/
For the life of me, I can’t find the *sysguard.exe thing anywhere. I tried to manually search and it comes up empty. I went into the registry and deleted the sysguard.dlls. Any help would be greatly appreciated.
What can i do about Antivirus System Pro, if it keeps comming back everytime i turn on my computer?
Barry,
It works. Great thanks!
It is best ans most simple way to remove ASP so far I found. Smart!
Sorry, meant the “windows\system32\iehelper.dll” file
lyusla:
The path is there. It’s the location listed under “Address (URL)” when you right click the main APS window and click “Properties”. You may only see 2 lines of the address, so you’ll need to left click and highlight the address so you can drag down to see the final, randomly named folder and file name (ending in sysguard.exe). Write down the file path, restart in safe mode, then find the folder and file using “My Computer” or “Windows Explorer”. Delete the file, then the folder, then the windows32 .dll file. Restart in normal mode, run Malwarebytes and it should be over.
Barry’s method seems expired. YOu don’t see the path for *sysguard.exe.
I ran save mode and restored old registration backup. The ASP still show on the bar, but no pop windows come up
Barry’s quick solution works! I found the file in my Appdata and changed the name. After that I could run taskmgr.exe and stopped the process. Went back and deleted the file. Deleted the Avscan from the registry and restarted. Malwarebytes had quarentined some registry keys on the first scan but if you don’t find the *sysguard.exe file it’ll keep coming back.
Here’s a quick solution. Click the taskbar icon to open the ASP main window. Right click to Properties. You should be able to highlight the full location of the program ’s *sysguard.exe file (It may be a long path.) Restart in ’safe mode’ to delete the file. Restart and delete the \system32\iehelper.dll file. This kills it. You can then run malware or clean up the registry manually.
How do you get Windows Defender. The virus keeps blocking the installation
Windows Defender worked for me. I tried both Spyware Doctor and Spybot, but the virus prevented both from accessing recent updates. Windows Defender’s most recent version was from 11/12/09 so it didn’t need to update. It found and removed what it considered a “high” threat trojan. I am now back to normal.
I am now able to access updates for both Spybot and Spyware Doctor, which is why I believe MS Defender worked.
i’m not sure if this is related but i think i was able to remove antivirus systems pro with the help of running Malwarebytes from a flashdrive. however i still get this program popping up called leyovose.dll but i cannot find it when searching for it. if you google it, only one program comes up that says it can detect it called prevx. it scans for free but you have to pay to remove the file. i’m willing to bet whoever created leyovose also created prevx just to get you to pay to remove it. anyone have any experience w/ this? my computer still acts up when i try to run other antivirus programs and google still redirects to crap websites so i think leyovose is the cause.
I deleted sysguard.exe then purchased and ran Spyware Doctor. It seems to have worked. I rebooted and didn’t get the annoying popups. Thanks so much for your help Daver and everyone else!!!!
My file that I deleted out of the registry was rliksysguard.exe. Seem to work so far, I need to do some more searching though to make sure I got it all.
Matt, I am looking for help to get rid of Antivirus System Pro. It infected my system today and I have spent about 8 hours trying to get rid of it. I have run Windows Defender, Quick Scan and Full Scan, McAfee Quick and Full Scan, Malwarebytes, and looked at some manual removal info and so far nothing has worked. I do the search for the files listed that need to be deleted but none of their names come up. Please help. Tks John
I had to search the registry and the windows\system32 folder for ??sysguard.exe before I was able to isolate this virus. this one is pretty nasty…
Thanks, Daver. I’ll try it. I’m desperate.
The exe changes names from system to sytem.
c:\documents and settings\username\local setting\application data \”Random letters”\”random letters”Sguard.exe
The “random letters” part of the file name seems to change from system to system.
The reg entries where all under /AVSCAN
Hi! I’m fighting with the antivirus system pro and could use some help, if you’re able. i ended the sysguard process, but I don’t know where to go from here. help?
I hate buying stuff, Spyware Doctor was the only thing that found “Antivirus System Pro”, Malbytes did not pick it up
I downloaded Malwarebytes, ran the quick scan twice and ran the full scan twice and Antivirus System Pro is still there! I’m at a complete loss. And I’m not very computer savvy. Somebody please help!!!
Matt, your help would be much appreciated.
This program is driving me insane. I’ve already tried using both Spyware Doctor and Malwarebytes, but by the time I get around to actually using them, this Antivirus crap has already disabled me from using them, virtually eating the .exe files needed to launch them. Im not good enough with computers to do this manually, I really need help, Im about to throw this damn thing out a window…
New executable filename is mvchsysguard.exe and it resides in the user directory as a hidden file. Registry key is cnlsmwvq.
You need to update your removal instructions. They are now working around these file names.
Matt, Where are the instructions to get rid of this?
Matt
It looks like you have been able to beat this. We have abeen at it all day. do you have instructions posted some place?
sorry, it was an APO post
I tried XoftspySE, Malwarebytes‘, and Iobit Security. None of the files mentioned could be found. The only thing that did work to get rid of Antivirus System Pro was to get taskmgr up as soon as the computer started, by pressing ctrl-shft-esc, and ending a process that appeared to be an incorrect one. I spent a total of about 6 hours getting this off of my step-daughter’s computer, which she must have for school. Nothing worked. I have alot of experience with computers and just could not find anything that appeared remotely related to this spyware. They will certainly be facing a rather large federal suit. When the computer first started with the usual pop-ups from this trash program, I kinda knew that so many exe files could not actually be infected. I did a search and found alot of material touting the 3 programs that I tried to use, none of which worked in removing the problem. It was only after I read Matt Potter’s post that I cured the problem myself. Thanks for all the posts on this
Jason
i need help guys! i need help, i just installed two of these anti pro removals and when i click on the desktops thats when the virus pops up not allowing it to remove it
&& how do i find the virus file in my files?
help someone
Find Me at Matt Potter OKC Network on facebook. I hated this virus and talk you through it. Im the guy with the guitar in the background
my dad’s laptop is infected, i thought we had it removed last night with a safety scan from windows live one care, but it came back the next day….i really need to get this removed, since it is his work comptuer. i would really apperciate your help.
I can help Message me…
send a me a request and ill walk you through it. I beat it with no software yesterday
OMG! I have had so many antispyware problems. Once I get rid of one they keep coming back with it being harder to get rid of. My computer is so slow and the “file search” is taking forever. I downloaded maleware but that didntwork.DX. I feel like getting a bat and destroying my damn computer and getting a dell. EERRR
There are so many porn pop-ups and they are really getting a nnoying. I’m scared O_O
Really ned help with this!!
Ugh I just got hit with this scam today. I hope this works for me….
I don’t see any of those registry keys, processes, or files on my computer at all! Also, I can’t afford Spyware Doctor AND I can’t get my computer to start in safe mode :(
Is there ANY other way? :(
i am having the same problem suziq is having. i have tried everything to get rid of this thing. Boot is safe mode try and delete files run Malwarebytes which was already downloaded on my computer and i cant even use it because of this antivirus system pro. i need help any suggestions…this thing is so annoying
I will answer Amy’s question and add a little more. I ended up running MALWAREBYTE(MWB), which I loaded on the infected computer from a flash drive since I could not get on the internet.
First, I ended the sqhusysguard.exe process in Task Manager, which I accessed from Start>Run>taskmgr.
Registry Keys
For MWB, I first ran a Quick Scan and got no results. I then ran a Full Scan and came up with the following hits:
Registry Key
HKEY_CURRENT_USER\SOFTWARE\AvScan
Registry Values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afgflsak
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xfbtgpqs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afgflsak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xfbtgpqs
Files
C:\System Volume Information\_restore{C270FBA8-9F0F-4C49-A9E4-437A0B65B651}\RP1143\A0142533.dll
C:\System Volume Information\_restore{C270FBA8-9F0F-4C49-A9E4-437A0B65B651}\RP1143\A0144528.dll
C:\System Volume Information\_restore{C270FBA8-9F0F-4C49-A9E4-437A0B65B651}\RP1143\A0146533.dll
C:\Documents and Settings\”username”\Local Settings\Application Data\isemlo\sqhusysguard.exe
C:\Documents and Settings\”username”\Local Settings\Application Data\khkiad\sxkjsysguard.exe
(I also found the 2 ****sysguard.exe files above in the Windows/Prefetch folder as mentioned above also)
After a Restart, it appears to be gone!!
If this did not work, my next attempt would have been running MWB in Safe Mode as mentioned in earlier postings.
It appears to have migrated. Cannot boot in safe mode, cannot access task manager, and all previous restore points appear to be gone. (I’m guessing the bad guys are reading the posts on this one…NOTHING I’ve seen has worked on my machine.)
Ran Malwarebytes and THOUGHT it fixed the problem, but it was back when I rebooted.
Computer is now on track to become a boat anchor unless someone has a better suggestion…
I am still not clear how you determine which Registry Keys are assoiated with this program.
Earlier posts talk about AVScan but when asked whether or not to delete it, there was no response. (see below)
Any suggestions?
ACE 6/22/09
“I didn’t have any of the files either, but endins sysguard.exe in task manager stopped the popups. I did find a few of the registry entries and deleted HKEY_CURRENT_USER\Software\AvScan and a couple more. That removed the rest and it seemes normal now. No more virus.”
AMY 7/5/09
“Is it safe to delete HKEY_CURRENT_USER\Software\AvScan?”
I had this thing on my work laptop and I ran Malwarebytes but no use. Popups and quick launch icon disapper when i delete the xxxsysguard.exe from tasklist. But ther are back next day.
I haven been using Malwarebytes on my home Laptop for a long time and it always works. For some reason its not doing the trick on my work laptop. It says it quarentined and deleted the files every time I run it but it comes back immediatly after rebooting.
Unfortunately I am not allowed to do a sys restore on my work laptop. I am in a pickle…can any one help.
It also shows up as eharsysguard.exe
Minimal registery enteries and 2 entries in the start-up tab under MSCONFIG. 1 process running under an alphabet folder name under docs&sets\user(login name)\local sets\app data\( I.E ) xqsyka.
Another process name for taskmanager – efhesysguard.exe Seems that they change it regularly, or that its a randomly generated name for the process now.
Had the same issues other people were having about the crap-ware telling me that taskmanager, Malwarebytes, and even firefox were infected… attemt to open the programs repeatedly and they’ll eventually start. Once Malwarebytes was running without interruption, the infection was quickly cleaned up.
Under Windows Task Manager I don’t even have SYSGUARD, are there any other image names it could be under?
John,
I had the same problem with Antivirus System Pro hijaking my computer. I tried everything that is listed here and nothing worked because it kept blocking everything I tried. Finally, I finally did a system restore to early this morning and that took care of the problem. Hopefully, you are able to do this.
E
Mine got hit today as well. Did a google on antivirus system pro and found Malwarebytes‘ anti-malware. Dnlded and ran once then rebooted. Didn’t work, so I restarted in safe mode w/networking, ran anti-malware again after checking for updates. Problem solved…so far.
my computer is not letting me open up the task manager, it is saying the file taskmgr.exe is infected. do you want to activate your antivirus software now?
Great info thanks for sharing
I got it off but took me a while to find the files but I did it
I have tried this for the last years and it has worked:
1- Backup your personal files
2- Re-install all your system using the recovery disks that comes with your pc or laptop. (you don’t need to be geek to do this)
3- If you dont’ have the original disks try to invest in an original windows (i prefer XP) and look for the installers on the manufacturer’s site ONLY! or you will get infected again.
4- Keep the new windows disk and backup the drivers you downloaded. You will need those for future recoveries for SURE!
This way I havent spent a single penny by buying any antivirus.
LET’S STOP THE ABUSE!!
Just found “jcfsysguard.exe” in the task manager and that DAM Antivirus System PRO went away. Spent four hours on this stupid thing. Just an FYI
I will swear by Malwarebytes‘ Anti-Malware It took me all of about ten mintues to get rid of the annoyance that is Antivirus System Pro..
I was not able to find any of the files you listed. My computer can’t find any part of Antivirus System PRO so how do I get rid of it?
okay, when i try to start taskmanager the fake antivirus warnings pop up and say that it is infected and it will not come up. what do i do! i also had installed Malwarebytes to get rid of it because i found a forum where everyone said it had worked but the fake alerts would not let me open this either.. please, please, please help me.
shut your computer down and before anything gets loaded got to the system restore and reload to an earlier date. it wiped it all out.
What if I can’t start regedit because it tells me the administrator has blocked access to regedit? Which I know is not true…
Also, I cannot launch taskbar because that’s blocked too…
Yes I found hmpqsysguard.exe hiding in program files\tlfkua. Thanks!!!
another new name, toysysguard.exe
Read the above comments, but note that the sysguard file has likely changed. it is now jyhfsysguard (just look for something ending in sysguard in processes). Find it in task manager, note the name, and then stop it. Then run search to find the file location. Once you do, rename and delete the files. Currently prefetch in windows and mieqei in programfiles. Then run regedit.
hello kristopher
This thing (is it a trojan? virus? malware?)
has disabled me from getting online via wifi, from editing the registry, and from doing sytem restore. Please what do I do?
I think it has even disbaled safe mode. Bc when I hit f8 and choose safe mode, the comp (toshiba L25 laptop with windowws xp sp2) restarts. I have to choose ‘ Directory Service Restore Mode’ or ‘Debugging Mode’, and then Safe Mode loads.
How do I kill it /delete it? I cant get online to d/l an AVG or anti malware. Thanks.
I couldn’t find any of the files but i did find this ‘AVS4YOU’ is that Antivirus System PRO files?
Deb’s advice worked for me:
Start your computer in safemode and download and run Malwarebytes.
This happened to me, the file was named “dboesysguard.exe” in the folder Program Files\knshys. I also had a file in my WINDOWS/system32 folder called “~.exe”. Both files had a beach ball icon. Other than those changes, the directions above are spot on.
A bit of advice: when restarting, pull up your task manager right away (ctrl+alt+del), and make sure to stop the AVP scan as soon as it starts. I found this helped keep me from the issues of having this thing kill my tm or cmd window or anything else by saying the file was infected. If it doesn’t run long enough to throw the false positives, you can easily go about your business of killing it.
Good luck all!
If you cant reach processes through ctrl+alt+delete, try startmeny-run and type taskmgr.exe and hit OK. worked for me.
The new name is tnxesysguard. ctrl>alt>delete>Processes>tnxesysguard>End Process.
And then searched this name and deleted it.
Guys, if you’re using Microsoft as an operating system, I suggest you try contacting Microsoft and they would give you free assistance. Their technical support had helped me cleaned up my computer from Antivirus System Pro Alert pop ups, and other malwares today for free. They have excellent technical support and of course you are assured that you’re dealing with a reliable company. Try searching for Microsoft Consumer Security Support Center. Here’s the link.
https://consumersecuritysupport.microsoft.com/default.aspx?mkt=en-us&scrx=1
I had problems even after I installed the freeware Malwarebytes. I
I was having problems even getting that installed properly due to the FAKED pop ups saying all these different files are corrupted.
I restarted my computer in safe mode.
When Malwarebytes STILL didn’t work. I hit the INSTALL PROGRAM for Malwarebytes again (while still in safe mode).
Malwarebytes installed as if it wasn’t already installed. It ran perfectly. It stopped the pop-ups in safemode.
I started the computer again and the pop-ups had stopped there too.
I ran Malwarebytes again in regular mode to make sure it didn’t miss anything that wasn’t running in safe mode (It hasn’t so far)
Now I can look for some the registry keys etc listed here at my leisure.
Good Luck Deb
it’s not even letting me open regedit or task manager to try these things? It says that these programs are infected yada yada
my mom payed and downloade this crap. i erased all they listed. Is there any more damage or threat still in pc.?
Al Alla…
you r such a life saver thx so much…
i really really thank you
first i almost quit cuz i was confuse
and these pop-up thing y are so annoying
i cant focus on the instructions and now i did it…
thank you very much…
okay i downloaded and installed Spyware Doctor and I cannot open the program
The slimeball is getting sneakier on Sept 2009 the executable is called apbsysguard.exe and lives in ProgramFiles/nuhuhm and the iehelper.dll is still in the system32 subdir.
Hi guys , i have the same problem, and none of these instructions worked for me , after 3 hours of hard work i found dcfkut folder under c:\program files , which has one exe file, i didnt get the exact name of the file , but it starts with flrsys…exe , i renamed the file and the folder , restarted the computer and my pop-ups from Antivirus system pro has stopped. it worked for me so far.
How amazing is this? I had this antivirus system pro thing annoying me to death, popping up porn sites and blocking me from using other programs. So I tried the seach and destroy routine. I ran my AVG and it didn’t get rid of it. Saw all this info about how Spyware Doctor would do the trick. So, I bought it. And then miraculously, with only downloding the program and scanning, the Antivirus System Pro was gone. It’s a miracle…..or is it?
Firsd thing I did was search the users cookies with him standing there. Low and behold there was a cookie to a ‘questionable site’ which he claimed just started poping up.
I scanned for all of the files mentioned above, on the HD as well as the registry. Some I was able to locate and delete. I also found the ASHKJI file folder but could not deletre the EXE file. I finally booted the computer up in a safe mode and was able to delete the file and folder. After deleting the file & folder I rescanned the registry and hard drive and removed the remaining traces of this file.
Tiens, son «mari» va s’en occuper «plus tard»… lequel, et quand ?
I deleted the Sysguard entries (agwxsysguard and agwxsysguard.exe-08469,) and the popo ups went away, but now I can’t access the internet. What now?
the weird thing is im supposed to have this really good anti virus on my computer, called Symantec endpnt protection, i have scanned twice already today and it keeps telling me i dont have anything and that my computer is clean.
so should i delete all the HKEY folders?
for example it shows right now an,
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG…..
SHOULD I JUST DELETE THOSE FOLDERS AND ANYTHING IT COMES WITH THEN?
AND THEN IT WILL GO AWAY. I BASICALLY TRIED EVRYTHING ON THIS SITE IT ASKED BUT COULDNT FIND ANYTHING, THEN I STARTED READING THESE COMMENTS AND UNDERSTOOD BETTER. NO MORE POP UPS BUT LIKE SOME1 SAID ITS STILL IN MY COMP, SO SHOULD I DELETE THOSE FOLDERS??? THANKS FOR HELPING BY THE WAY!
The name of the file changed. It is now “ymawsysgaurd.exe”. Stop the process first and then delete the file. The file is not detectable with “search”. Search manually. This does not delete all the crap files, but at least no more stuff popping up on your screen.
Malwarebytes is the only thing that worked that fuckin anti virus system pro put 338 infections on my laptop ,, if i find the persons who created this ill break their fucking head open
These sites such as Antivirus Pro. Who intentionally infect your PC. with the intent Of getting you to pay to remove thier infections. Should be noted And Reported To The Internet fraud Department Or FBI.
This is illegal and common Fraudulant use of computer Software. To remove This Software. Download Malwarebytes ( free ) scan your computer. it will automatically detect the changes made in the system registry. would also recommend Spybot-search and destroy. And AVG Free. All the above mentioned Software Is Available free For Download. Search The Web. Another Tip Is that if you get infected By This. press ctrl/alt/del which will open the task Manager. select Processes. Scroll down. To see whats Actually Running. you Can Stop The Running process in question. to allow a full uninterupted scan. Hope This Helps you all out. Mike @ Abracadabra Computers.
Tried Spyware Dr., found infections and when went to fix, had to buy/register software. Downloaded Malwarebytes, scanned, found and removed ALL infections…for FREE!!!
I had Anti virus System PRO.
It was driving me nuts.
After many hours of messing with it, I re-booted in SAFE MODE and restored all files to the day before the damm thing infected me. thanks Linden
I could not find any of the files mentioned here until i searched for systemguard in safe mode which i found in two locations. I was able to remove them in safe mode without having to rename the files. I since downloaded STOPzilla and ran the scan and discovered 48 other files located in very incospicuos places with totally unrelated names but all are a part of this particular virus. Stop zilla is not free but it is also not expensive so I for one definitely recommend it as now I do not have to reformat my entire hard drive to get rid of AVsystem pro. Good Luck to all.
You are life saver. Thank you very much.
Sometimes, you cannot remove the files for antivirus system pro because, in my case, when I delete one file/process, it reinstalls/reactivates.
Those guys have modified the file names
Search thru Task Manager/Properties to disable for:
uomsysguard.exe
Am still searching for the location of the files so I can remove them
Al Alla, you’re life saver!
I didn’t find the exact name but a similar one. After highlight it in the Process tab of Windows Task Manager, hit the “End Process” then “Yes”
It’s gone!
I bet thousands people out there will appreciate your finding.
“Antivirus System Pro” is a devil. It installed or tricked its program in our PCs without premission!
Just wanted to say I could not find any of the files or registry entries at all. However, I did read the post about free melwarebytes software. It wored. I copied on to my flash drive from another computer and installed from the drive to my infected system. I let the scan run and because I could not get internet work I let it run without the updates. One scan and one reboot later I was up and running. Warning I did a search for melwarebytes and the first one that comes on my google search is not real. It is a red page that looks pro but if you try to download it is itself a trojan. Mcaffee caught this fo me. I went on to the next link and this one was lagite. NIce lite blue page. Thans Shat it wored perfectly
Absolutely marvelous. This process worked, and has saved me alot of trouble, thank you so much.
There were two vital pieces of advice here that helped me. One was that the name was hidden as SYSGUARD, and the other was that you had to re-name the files to delete them.
However, the advice on opening your task manager to stop the pop ups did not work because antivirus system pro would not let me open my task manager because it said it was contaminated. So frustrating!
But when I ran a search for SYSGUARD it found the files where this was located. One was in Windows called prefetch and the other was in program files called gbobck. So I renamed prefetch and was able to delete that without a reboot. I did have to re-boot the computer to delete the re-named gbobck file, but was able to do it….no more Antivirus System Pro! Thanks so much for the advice on here!!!
I too couldn’t remove it manually. Finally AVG 8.5 got rid of it. Antivirus System Pro Alert is slow to load. I rebooted, logged on and started AVG before anything else. Somehow the scan started and ran to completion. Took almost 2 hours but haven’t seen the virus now for 2 days. Got lucky I guess.
Al ALLA — yOU ARE definitely CORRECT… As soon as I deleted that from the processes then the popup stopped plus the icon went away.
THANK YOU SOOOOOOOOOOOOOOO much..
Latoya
Josh,
I am havimg the same exact issue. Did you find an answer? If not does anyone have suggestions. I don’t see any files in Registry and drive c:. I can’t access internet with IE or FireFox. When I go to email it puts me into a browser properties screen.
Thanks in advance for any direction.
JR
I seem to not be able to find all of the reg entries. I notice some are similar, and I wondered if that meant that there would only be one of them, that it could be different per machine. I however can only find 2 of the entire set of reg entries, and I’ve checked over and over. The other issue is that all of the automated removals require me to download and execute a .exe file, which I can’t do because this thing disables that ability. I find it interesting that everyone says to do that when it isn’t possible. Also, I have attempted to reset the .exe reg file, but without being able to restart it does not good. And if I restart without finding all the AVSP files then it reverts back anyway. I did manage to get my task manager back, but again, if I restart it goes back as well. Any suggestions?
I stop the virus in taskmanger but i cannt access the internet. everytime i try and get on it just pop ups to “you comp is at harm” and wants me to go to its website only. How to i get rid of this part of the virus? I have Norton and is doesnt take care if it.
I tried searching for the antivius pro system files you listed but after over an hour none show up.–Now what??
wat do i do if i cannot find all of the files suggested to be deleted in the registry- do i assume the virus is gone? Does anyone know any other registry files that should be deleted?
?????
is it safe to delete HKEY_CURRENT_USER\Software\AvScan
Dude you are THE MAN thanks for the great inside info and instructions!
You did a good deed!
To “ggg”
Do NOT ever interact with “Anti Virus System PRO” malware except to shut down the warnings and windows it pops up! You are just asking for more trouble by interacting with it as if it is a legitimate company. Your money is not going to be refunded and the longer you allow these hackers to have control over your computer and credit card information, the worse your security problems will be. Get these files off your computer as you humanly can!!
Here’s one way to delete the files that refuse to delete (for example…)
WINDOWS\sysguard.exe
WINDOWS\system32\iehelper.dll
Supposedly they are “in use” or “write-protected” (so says the error message when you try to delete them). Just re-name the files (for example, I re-named sysguard.exe to sysguardHELP.exe). Re-name them both and then RE-START your computer. You will now be able to delete the RE-NAMED files. Re-naming the files prevents the program from starting up after a re-boot, but it won’t stop the program from doing its mischief already in progress.
After you deleted these files you can proceed to delete the registry entries, if they are on your computer. I only found one: HKEY_CURRENT_USER\Software\AvScan
If you don’t know how to find the registry entries hit the START button in the lower left hand corner then click on “Run.” Type “regedit” and then hit enter. Windows explorer will open and you will now see the “HKEY” folders listed. I CAUTION YOU: don’t play around with this stuff unless you are VERY careful and are confident of what you’re doing. Erasing the wrong file in the wrong place could be a disaster. And do NOT erase an entire folder if the instructions say to delete just one file within that folder. Check and double-check to make sure you are in exactly the right path and folder listed in the instructions. There are many folders and files that sound the same but are not exactly the same. Good luck!
hey can u help me, i got that anti virus pro . i want to return my money there was some return policy. helPPPPPPPPPPPPPPP meeeeeeeeeee guys tnks for reading
DEAr ,..
follow-up to above: I installed Malwarebytes Anti-Malware software (which was free), did a quick scan then removed all infections and rid my computer of the Antivirus System Pro!
No more pop-ups even at start up, no more viruses. It was very easy and took no time at all. I hope this helps some of you. Try it.
zHotkey.exe is listed in my task manager. Will deleting this help remove AVSystem Pro or will it do more harm than good. Thanks
As far as I’m concerned – EVERY website like yours pushing a $30 malware removal tool is just as guilty of scamming consumers as the people who developed the software? What’s your commission on each sale of these bogus tools?
it won’t allow me to delete the “iehelp” from the files and folders. also, once i deleted sysguard.exe from the task manager, it returned the next day! what do i do?
I didn’t have any of the files either, but endins sysguard.exe in task manager stopped the popups. I did find a few of the registry entries and deleted HKEY_CURRENT_USER\Software\AvScan and
a couple more. That removed the rest and it seemes normal now. No more virus.
Actually, this works for every time you sign on, but the program still exists within your computer. At any rate, I am glad to at least be able to stop the pop ups when I sign on, and my husband will take care of removing the -program later.
Nevermind. The pop ups stopped and the icon is gone. This seemed to have worked so far.
You are right. This stopped the pop-ups. Although the icon still remains at the bottom of my desktop. How do I rid myself of this on my computer?
it’s hidden as SYSGUARD.
watch: 1) hit ctrl+alt+del , 2) highlight sysguard.exe and 3) click ‘end process’…
the pop-ups quit
I also can’t find any of these files and its driving me nuts…These intructions don’t work
I agree with Rabih, your instructions are not valid. I have a guy here at work who got this Antivirus System Pro Alerts… but none of your instructions helps finding where it is installed.
I tried Search C, Regedit etc.. all of your tips and there is no such files as you describe. Do you know what name this Trojan – like program will hide under? Registry key names or processes?
BR // Yael
Dear, i couldn’t find the Anti Virus System PRO files in the Program files, also i couldn’t find the registry entries that you have mentioned.
please advice
thanks.