I have been chasing the Antivirus System Pro malware throughout this evening for some hours. I have no idea how this malware has got into my system. I have been looking for a theme for bbpress software in google, and visited a website. I might have got the virus from that site. The Antivirus System Pro malware installs itself, and pops up a window to purchase the anti software. It brings up a small dialog warning you an application is infected with virus.
I have few anti-malware software installed in my system. None of them could not detect this virus. I had to finally choose the manual way to remove it.
Steps to remove the virus:
1. Don’t click YES to any message that is popping up in a window. Click always NO.
2. Don’t try to run any program including any anti-virus. It would be unsuccessful as the system is completely hijacked by the malware.
3. Restart your computer with a power switch off. A system shutoff will be unsuccessful. Even shutting off the sytem is controlled by this malware.
4. As soon as you login, click ALT+CTRL+DEL. This will bring up the task manager. Click the processes tab in the task manager. You have to click one application at a time and kill all those processes until the Antivirus System Pro Virus is shut off. After the Antivirus system pro malware takes control of your system, you can’t bring up the task manager. So, you should be fast enough to bring up the task manager.
5. Bring up the registry editor application regedit32. Go to this section: HKEY_CURRENT_USER\Software\AvScan . Delete the AvScan entry.
6. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and look for any value ending up with sysguard.exe. In my case, it said vexasysguard.exe, and it is in the folder C:\Documents and Settings\…\Local Settings\Application Data\hbmdeq\vexasysguard.exe. This is the malware we need to remove. Open the windows explorer, navigate to the folder and delete the folder hdmdeq. This folder would be different in your computer.
7. After the application is deleted from your system, delete the registry entry where you have found the sysguard.exe.
8. Reboot the system. The malware is gone now.
You need to have good computer knowldge to remove this virus manually. Changing the entries in the registry can cause the system to stop working. So, be careful when you follow the above instructions to remove this malware. I can’t be responsible if you have made a mistake and your computer has stopped working.