All services rendered by myself through this Google Site are subject to this disclaimer.
Antivirus Pro 201x is a rogue anti-virus program that has a payload both annoying and harmful. When the user runs the program, it automatically checks for "viruses", when its actually showing the user different files they don't even have on their device. It can prevent programs from running, like Task Manager, and saying that it has a "high threat level". When the user clicks on "remove threats", It starts marking the fake files as "not repaired", and shows them a message saying: "warning! network attack attempt detected" in order to scare the user even more.
1. Reboot your computer into Safe Mode with Networking. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Eventually you will be brought to a menu similar to the one below:
2. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. If you are having trouble entering safe mode, then please use the following tutorial: How to start Windows in Safe Mode
3. Windows will now boot into safe mode with networking and prompt you to login as a user. Please login as the same user you were previously logged in with in the normal Windows mode. Then proceed with the rest of the steps.
4. It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
5. Before we can do anything we must first end the processes that belong to Antivirus Security Pro so that it does not interfere with the cleaning procedure. To do this, please download RKill here and transfer it to the device.
6. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Security Pro when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate Antivirus Security Pro . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.
7. The next step is to run MalwareBytes', if MalwareBytes' prompts you to update, please do not do so.
8. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
9. On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Antivirus Security Pro related files.
10. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
11. When the scan is finished a message box will appear. You should click on the OK button to close the message box and continue with the Antivirus Security Pro removal process.
12. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
13. A screen displaying all the malware that the program found will be shown. Please note that the infections found may be different in different cases. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
14. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
15. You can now exit the MBAM program.
16. As many rogues and other malware are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer.
%CommonAppData%\WaDprnV7\
%CommonAppData%\WaDprnV7\DD1
%CommonAppData%\WaDprnV7\WaDprnV7.exe
%CommonAppData%\WaDprnV7\WaDprnV7.exe.manifest
%CommonAppData%\WaDprnV7\WaDprnV7.ico
%CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.in
%CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.lg
File Location Notes:
%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ in Windows Vista, Windows 7, and Windows 8.
%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista, Windows 7, and Windows 8 it is C:\ProgramData.
Associated Antivirus Security Pro Windows Registry Information:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AA2014" = "%CommonAppData%\WaDprnV7\WaDprnV7.exe"