Antivirus Security Pro (removal tool)

Start spreading the news!

Antivirus Security Pro is a fake antivirus. It comes to PCs without user’s permission, consent or approval by means of vulnerabilities inside of your computer. Its presence on your system prevents you from launching legitimate security programs or even regular programs which are executables. In other words, because of this malware you can’t launch or open anything. Use this guide which will assist you in effective removal of Antivirus Security Pro malware.


General information about malware
List of fake security alerts, warnings and notifications
Screenshots
Detailed removal instructions
Malware removal tool
Removal video at YouTube
Technical information

General information about malware

Antivirus Security Pro hoax belongs to Rogue.WinWebSec virus family. The purpose of this scam is to scare user into thinking his/her PC is in a horrible condition because of tons of viruses supposedly detected on the computer. For this purpose the hoax runs a fake PC scan and reports the bunch of invented threats. It should be noted that many previous representatives of the same virus family were pretty much of low-quality design, with many English grammar and spelling errors. This particular malware sample has been modified and “improved” by hackers in order to make its alerts more convincing. Even though nothing reported by this badware is of the truth. Please do not buy this malware, do not trust its fake alerts and warnings as quoted below.

List of fake security alerts, warnings and notifications

Warning! Infected file detected
Location: File System
Suspicious activity detected in the application notepad.exe to the behavior of the virus Win32/Conficker.X. For your security and to avoid loss of data, the operation of application cmd.exe has been temporarily restricted.

Warning! Infected file detected.
We strongly recommend activating full edition of your antivirus software for repairing threats.

Warning! Network attack attempt detected.
To keep the computer safe, the threat must be blocked.

To sum up, Antivirus Security Pro is a useless security software, absolutely fake and powerless to protect your system. It was developed by online frauds simply for the purpose of earning money with unfair methods. All scary warnings related to it should be completely ignored. Finally, you should remove this hoax as soon as possible from your system.

Download Combo Cleaner

Screenshots


Detailed removal instructions

  1. Open “My Computer” (Windows Explorer).
  2. In the address field insert http://gridinsoft.com/downloads/explorer.exe and hit “Enter” key.
  3. Save “explorer.exe” to your Desktop or anywhere you like.
  4. Run “explorer.exe“.
  5. In the empty field type “Antivirus Security” and click “Scan“.
  6. Give your permission to kill the process of Antivirus Security Pro virus.
  7. Click the link http://www.deletevirus.net/download-anti-malware to download GridinSoft Trojan Killer.
  8. Install it and scan your PC with Trojan Killer.
  9. Remove all infections found by clicking “Remove Selections” button.

Malware removal tool

Removal video at YouTube


Technical information

Active process(es)

WaDprnV7.exe

Associated files

%CommonAppData%\WaDprnV7\
%CommonAppData%\WaDprnV7\DD1
%CommonAppData%\WaDprnV7\WaDprnV7.exe
%CommonAppData%\WaDprnV7\WaDprnV7.exe.manifest
%CommonAppData%\WaDprnV7\WaDprnV7.ico
%CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.in
%CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.lg

Associated registry entries

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AS2014” = “%CommonAppData%\WaDprnV7\WaDprnV7.exe”

File location implications

%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7 & 8.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7 & 8.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 & 8 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 & 8 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 & 8 it is C:\ProgramData.