Antivirus Security Pro. How to remove? (Uninstall guide)

removal by Linas Kiguolis - -   Also known as AntivirusSecurityPro | Type: Rogue Antispyware
12

What is Antivirus Security Pro?

Antivirus Security Pro is a rogue anti-spyware, which belongs to WinWebSec. This program looks just like Attentive Antivirus, Live Security Platinum, AVASoft Professional Antivirus and other threats that also hail from this group. However, the new thing about it is that it comes with a digitally-signed installer, which should ensure the trustworthiness of the program. Most likely, it was stolen. Once Antivirus Security Pro gets inside the system, it starts its activity by showing misleading notifications that typically announce about dangerous viruses. Note that it warns its victims only about invented infections or legitimate files that should never be eliminated. That’s why you can clearly ignore this application and remove it from the system. If you are interested what’s the real purpose of its bogus alerts, the answer is really simple – it is designed to create a need of its licensed version. Definitely, you should never purchase it.

HOW CAN I GET INFECTED WITH Antivirus Security Pro?

Antivirus Security Pro is spread by trojan horse, which exploits security vulnerabilities. It attacks poorly protected systems, so, if you want to avoid its infiltration, you have to make sure that your machine is protected with the latest version of antivirus. Still, if this trojan manages to get inside the system, it secretly downloads files that belong to virus. After that, it modifies the system so that the rogue could start its work every time user reboots the PC. As a result, malware starts showing such alerts:

Warning! Infected file detected.
We strongly recommend activating full edition of your antivirus software for repairing threats.

Warning! Infected file detected
Location: File SystemSuspicious activity detected in the application notepad.exe to the behavior of the virus Win32/Conficker.X. For your security and to avoid loss of data, the operation of application cmd.exe has been temporarily restricted.

You may also receive such message from this virus:

Warning! Network attack attempt detected.
To keep the computer safe, the threat must be blocked.

Please, ignore every alert that belongs to Antivirus Security Pro because this programs seeks the only thing – to get your money. As soon as you start seeing alerts that belong to this rogue, you should run a full system scan with updated anti-spyware. Also, follow a guide given below to get rid of this infection for good:

HOW TO REMOVE Antivirus Security Pro?

If your PC is infected with Antivirus Security Pro, you should immediately download Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware and run a full system scan. Don’t forget to download the latest versions of these programs in order to have a full virus database.

Note that thre are many rogues that block legitimate security applications for preventing their elimination. In this case, you should reboot your machine to Safe Mode with Networking and then stop malicious processes that belong to rogue. Look for [random letters or/and numbers].exe or [protector[random characters].exe processes, stop them and run a full system scan with anti-malware. Don’t forget to scan your PC in normal mode to make sure that this virus is gone!

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Antivirus Security Pro you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Antivirus Security Pro. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Antivirus Security Pro (2015-05-07)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Antivirus Security Pro (2015-05-07)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Antivirus Security Pro (2015-05-07)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Antivirus Security Pro (2015-05-07)
Antivirus Security Pro snapshot
Antivirus Security Pro snapshot

Antivirus Security Pro manual removal:

Kill processes:
[random].exe

Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "AA2014" = "%CommonAppData%WaDprnV7WaDprnV7.exe"

Delete files:
%CommonAppData%[random]

%CommonAppData%[random][random]

%CommonAppData%[random][random].exe

%CommonAppData%[random][random].exe.manifest

%CommonAppData%[random][random].ico

%CommonAppData%[random][random].in

%CommonAppData%[random][random].lg

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages


  • Ed Oliver

    I was attempting to clean a coworkers personal computer which had been infected with this program. My personal first step doing this is to run Malwarebytes, as you recommend. As his computer could not access the internet I was installing Malwarebytes from a USB drive However, Antivirus Security Pro has apparently been “improved” and would not even allow the installer to run, claiming to have blocked a malicious program that destroys files. Also block Vipre Internet Security installer. And, at least on this machine, it automatically shut down windows as soon as it got to the desktop when booting into safe mode with networking (tried 3 times, same result every time). Finally tried RKill, and had to use three of the name variants of that, as the first two I tried were also blocked. When one finally run, though, it worked. Installed Malwarebytes, found and removed a bunch of stuff with it, including this one, then installed and ran Vipre which got rid of a couple more.

  • Luis

    Hello, I have discovered additional routes and keys (Windows 7):
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun (contains the random value)
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonuserinit (reset to: C:Windowssystem32userinit.exe,)
    HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftDirect3DMostRecentApplicationName (set it blank)

  • glynn

    Maybe you should say it will cost to use this program

  • ROB

    i was fooled by an email. i figured it got in the junk mail by accident. it as saying i had a voice message on whatsapp which i made an account but never use it. it came in .exe form and the icon was a .wav icon. idk what malwarebytes does truefully because it didnt pick it up so i ran it and here i am infected. luckily i have another laptop and blank dvds to try and remove it. right now i am using a bootable windows defender dvd i downloaded off Microsofts site. it booted and started a “quick scan” which didnt find anything. i am now running a full scan and its saying it might have found something harmful on the hard drive.

    also with this threat you cant boot into safemode.however you could fool the virus and download another task manager and name it something like explorer.exe and from what i read it should allow it to open and then you kill the process install your removal software and you should be good to go.

  • John

    It seems theyve made another improvement. Not only ca you NOT go into safe mode but RKILL shows everything as OK. RKILL runs when named iexplore.exe but finds nothing amiss.

  • Sabrina

    Ive encountered the same as Rob and John and am still unsuccessful in removing this beast of a virus. Any suggestions how to get it off again?
    Malwarebytes did find the virus, and supposedly delete it but when I started up my computer again after removal of files, nothing had changed and the virus ran first. I am unable to start my computer in any type of safe mode, the virus overrides that possibility, forcing a restart in normal mode.

    So how can I get this virus off on my own or do I have to pay the professionals to do it for me?

  • Rob M.

    I encountered the same thing as Rob and John. I saw my particular bad file was llrnhg6a.exe.manifest plus 5 others with the llrnhg6a name. I did a search to see where they were. C:Docs & SettingsAll UsersAppDatallrnhg6a. When I tried to go through command prompt, it just gave me C:Docs & SettingsOwner. It couldnt find it. So I unhid files like it said to do here. Did an explore on App Data file. Right clicked and tried to delete whichever it let me which was 2 of the 6 bad files. Then I right clicked on the .exe file (I think) and started Malware…make sure you update Malware before you start this removal. Now, this thing wont let Malware launch so you have to go into All Programs, scroll over Malware until you find the Chameleon feature. Start this…I had to go to #5 before Malware launched. After an hour, it found 15 infections…restarted…ran FULL scan again for an hour…3 infections…ran FULL scan again…0 infections. FINALLY!! I tried to find any more of the llrnhg6a in Explore App Data…there was an llrnhg6a file there but it was empty but I right clicked on it anyway and permanently deleted it with Webroot…which wasnt able to do that prior to the FULL Malware scan. MalwareBytes/Chameleon ROCKS…I might actually have to pay for Malware now since my Webroot failed me BIG TIME!! Good Luck

  • xDrewX

    This a nasty wee infection, ultimately easily removed though, naive programming. Moderator does not permit bad language or threats but I know what I’d like to say and do to virus writers……
    Many access tools are disabled by the virus, anti-virus, ‘Safe Mode’ also. Windows Explorer still functions though, turn on view hidden, system etc files. Shortcuts on the desktop obligingly reveal where the main ingredients lurk, in this case C:ProgramDatagaDrXnns. The nasty files cannot be removed or renamed because ‘In Use’. Also lurking is a batch file which reboots the system if Safe Mode is attempted. It can be renamed but is regenerated. Didn’t occur to me but perhaps altering the contents whilst leaving the file size unaltered (and maybe setting the date if you have the utility) would fool the process. Try that first.
    ‘Restore’ was disabled but easily switched back on, C:windowssystem32rstrui.exe. Restore points hadn’t been deleted, virus writers are unimaginative, ignorant and stooopid. Once restored to the day before infection, the directory (folder) can be removed. Then a deep boot scan (thanks Avast) followed by fragment clean up (and thanks CCleaner). Internet connection is reqd for anti-virus installations, Avast anyway, but after the main malware ingredients are removed download was fine. Best to remove other anti-virus before installing Avast (or your chosen one) because they tend to throw hissy fits at each other. Norton, even AVG, but especially McAfee which has been known to target other anti-virus as malware. Upshot is crawling performance, failed installation and sometimes BSOD. Actually it’s more difficult eradicating some anti-virus progs than this virus.
    If the virus progresses beyond this primitive level one could insert a batch file to kill and delete the Safe Mode disabler, I didn’t have to resort to that. One could also boot from a boot disk (lots of freebies available) and eradicate the active ingredients from there prior to full disinfection. You have to alter the BIOS of course to boot first from CD.
    It’s much easier working on an infected machine if you can run alongside a clean machine for research. Incidentally this instance was on Win7 Home Edition. XP restore is different, disabling restore (I think) deletes restore points, different exe file too so one could try altering the .bat file contents first or use a boot disk to access the malware files if that fails.
    Be of good heart, it may look hideous but it’s not difficult to remove and it doesn’t seem to generate collateral damage. Flashy but badly written by persons of paltry skill and intellect. If you are reasonably competent with Windows interstices you won’t have trouble getting rid of it. Takes a few hours doing it’s thing — while watching Dr Who at the same time. If you are not comfortable there are screeds of people who could do it for you, just ask around, your local school if there are competent kids, much cheaper than High Street outlets.

  • Aubree

    Do what the instructions say, but reboot in safe mode first.
    (Shutdown, restart, then hold F8 while computer reboots until screen loads, then scroll down to safe mode with networking.)

  • Jim

    The first thing I try when attacking a virus is to download a “free trial” of a reputable Antivirus to a clean computer and burn it to a CD-R. Then I install the downloaded file on the infected system.

  • c kuhns

    Download roguekiller on a different computer
    copy to usb drive
    boot in normal mode
    run cmd in administrator mode
    find roguekiller on usb drive, rename it to iexplore.exe
    run iexplore
    scan and cure
    other antimalwares will now run.