Home Malware Programs Rogue Anti-Spyware Programs Antivirus Security Pro

Antivirus Security Pro

Posted: August 22, 2013

Threat Metric

Ranking: 12,339
Threat Level: 10/10
Infected PCs: 1,403
First Seen: August 22, 2013
Last Seen: August 29, 2023
OS(es) Affected: Windows

Antivirus Security Pro Screenshot 1A spinoff of the Attentive Antivirus branch of the Winwebsec scamware family, Antivirus Security Pro is a rogue anti-virus product that feeds you fake malware alerts to make you purchase its software. Antivirus Security Pro and other members of its family are known for hijacking Web browsers, blocking other applications under fraudulent pretenses and disabling important Windows security features, and SpywareRemove.com malware experts categorize Antivirus Security Pro scamware as a high-level threat. Treating security warnings from Antivirus Security Pro at face value always is a self-destructive course of action, and deleting Antivirus Security Pro with a real anti-malware program always should be the first item on your agenda while dealing with an Antivirus Security Pro-compromised PC.

Antivirus Security Pro: a Professional Antivirus Conman

Antivirus Security Pro, like the rest of the WinWeb Security family, doesn't have any capabilities for detecting viruses or other PC threats, but Antivirus Security Pro is equipped with a hefty arsenal of fake alerts. In addition to displaying traditional pop-up warnings, Antivirus Security Pro also may imitate Windows alerts, redirect your browser to fake warning sites and display warnings when you try to launch another application. The latter is of particular interest to SpywareRemove.com malware experts for its tendency to be used along with Antivirus Security Pro blocking the associated application, an attack that conveniently lets Antivirus Security Pro terminate essential security programs while giving Antivirus Security Pro an alibi for doing so.

Antivirus Security Pro interferes with your PC's operations solely to make money off of its registration process, which Antivirus Security Pro claims is the easiest way to disinfect your computer and remove all of the associated problems Antivirus Security Pro causes. Since Antivirus Security Pro is scamware that doesn't justify any expenditure of money whatsoever, SpywareRemove.com malware researchers have found it more efficient to ignore these requests and remove Antivirus Security Pro, itself.

Taking Down the Fake Security Professional with Genuine Security

Antivirus Security Pro and related Winwebsec-based rogue anti-virus programs are considered security hazards because they regularly disable security-oriented programs (the UAC, Windows Firewall, etc) and modify your Registry to deactivate basic security settings. Knowing this, deleting Antivirus Security Pro always should be one of the first things you attempt in response to an Antivirus Security Pro infection, with similar recommendations also applying to relatives like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus.

Although Antivirus Security Pro usually will block the anti-malware products that could help your computer, you can respond in kind by blocking Antivirus Security Pro. Booting your PC into Safe Mode or booting using a peripheral device will help to disable Antivirus Security Pro and other PC threats, thereby giving you the window of opportunity to disinfect your PC.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 606.2 KB (606208 bytes)
MD5: 2a884ac33c94eda93713f337d7eca3b6
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: September 17, 2013
%ALLUSERSPROFILE%\gpnglp73\gpnglp73.exe File name: gpnglp73.exe
Size: 513.53 KB (513536 bytes)
MD5: 6a951ae912f3dd16394502e6647bacbb
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\gpnglp73
Group: Malware file
Last Updated: August 23, 2013
serv.bat File name: serv.bat
Size: 2 KB (2001 bytes)
MD5: b14f614996ef9db84eab251b2225617e
Detection count: 15
File type: Batch file
Mime Type: unknown/bat
Group: Malware file
Last Updated: August 23, 2013
%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe File name: %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\WaDprnV7\ File name: %CommonAppData%\WaDprnV7\
Group: Malware file
%CommonAppData%\WaDprnV7\DD1 File name: %CommonAppData%\WaDprnV7\DD1
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7.exe.manifest File name: %CommonAppData%\WaDprnV7\WaDprnV7.exe.manifest
Mime Type: unknown/manifest
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7.exe File name: %CommonAppData%\WaDprnV7\WaDprnV7.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.lg File name: %CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.lg
Mime Type: unknown/lg
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.in File name: %CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.in
Mime Type: unknown/in
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7.ico File name: %CommonAppData%\WaDprnV7\WaDprnV7.ico
Mime Type: unknown/ico
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

File name without pathAntivirus Security Pro support.urlAntivirus Security Pro.lnkHKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AA2014" = "%CommonAppData%\WaDprnV7\WaDprnV7.exe"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run AS2014HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus Security Pro

Additional Information

The following directories were created:
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
The following messages's were detected:
# Message
1Warning! Infected file detected.
We strongly recommend activating full edition of your antivirus software for repairing threats.
2Warning! Infected file detected
Location: File System
Suspicious activity detected in the application notepad.exe to the behavior of the virus Win32/Conficker.X. For your security and to avoid loss of data, the operation of application cmd.exe has been temporarily restricted.
3Warning! Network attack attempt detected.
To keep the computer safe, the threat must be blocked.

Related Posts

4 Comments

  • Joy says:

    The biggest problem to this is that I can't get on the Internet on my computer to download this! OBVIOUSLY. Right now I am on my laptop writing to you. I would naturally think that you would know that if nothing works, there is no way to even get to this site. So, how could I download if I can't get to the download? I am frustrated about this, as you can see, sorry. Don't really know who to trust. I hope you can help. Thank you, Joy

  • C. Carpenter says:

    I want to trust you. Please be real.

  • Jeffrey says:

    I I bought this a couple years ago....it was absolutely POWERLESS against a Trojan that came into my computer.

    SAVE YOUR MONEY!

    Your going to need about $60.00 to have a Real Live Tech. get rid of the Malware.

  • Satta Matka says:

    Hi,

    I have zbot virus on my computer which has encrypted several files (zip, rar and images) and I cannot find any tangible or straight forward solution on the internet, any help would be highly appreciated.

    Thanks,
    Satta Matka

Loading...