Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove Antivirus System Pro (Uninstall instructions)

Antivirus System PRO is rogue antivirus/antispyware program, new version of Spyware protect 2009. Like other fake antispyware programs, it uses fake alerts and false positives to trick you into buying the software. Antivirus System PRO usually installed itself onto your computer without your permission, through trojans and browser security holes.

During installation Antivirus System Pro configures itself to run automatically every time, when your computer starts. Immediately after launch, Antivirus System Pro starts scanning the computer and list a lot of threats to trick you to buy the paid version of the rogue. All of these threats are fake, so you can safely ignore them.

Antivirus System Pro (more screen shoots 1, 2)

While the Antivirus System Pro is running, your computer will display fake alerts, an example:

Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.

Antivirus System Pro Alert
Your computer is being attacked by a Internet
Virus. It could be a password stealing attack, a
trojan – dropper or similar.

Attack from, port 40771
Attacked port: 22363
Threat: Win32/Nuqel.E

Do you want to block this attack?

Also Antivirus System Pro will install a Internet Explorer BHO module (iehelper.dll) that will hijack Internet Explorer and randomly shows a “Internet Explorer cannot display the webpage. Needed Powerfull PC Protection” warning page (uses fake address, instead of the site you are trying to browse to:

Internet Explorer Warning – visiting this web site may harm your computer!

Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer

What you can try:
– Purchase Antivirus System PRO for secure Internet surfing (Recommended).
– Check your computer for viruses and malware.
– More information

The warning is fake and should be ignored! Antivirus System Pro can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing Antivirus System Pro and any associated malware from your computer is for you.

Symptoms in a HijackThis Log

O1 – Hosts:
O1 – Hosts:
O1 – Hosts:
O1 – Hosts:
O2 – BHO: BHO – {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} – C:\WINDOWS\system32\iehelper.dll
O4 – HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 – HKLM\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Run: [system tool] C:\Program Files\atkafh\adxlsysguard.exe
O4 – HKCU\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKLM\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe

Use the following instructions to remove Antivirus System Pro (Uninstall instructions)

Step 1

Download HijackThis from here, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.

Doubleclick on the explorer.exe icon on your desktop for run HijackThis.

HijackThis main menu opens.

Click “Do a system scan only” button. Look for lines that looks like:

O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [wpolkxos] C:\Documents and Settings\user\Local Settings\Application Data\ovugbs\rwjrsysguard.exe

Note: list of infected items may be different, but all of them have “sysguard.exe” string in a right side and “O4″ in a left side.

Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.

Step 2

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Antivirus System Pro mbam
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Antivirus System Pro creates the following files and folders

C:\Program Files\[RANDOM]\[RANDOM]guard.exe

Antivirus System Pro creates the following registry keys and values

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool

June 5, 2009 on 9:41 pm | In Rogue Anti Spyware, Tutorials - HowTo | 88 Comments |


RSS feed for comments on this post.

    For Windows:
    press Ctrl+Alt+Delete to open Task Manager.
    go to “Processes”.
    Look for “sysguard.exe”.
    press “End Process”.
    now go to “C:\WINDOWS\”.
    Find the file “sysguard.exe”, and delete it.
    Then go to “System 32\”.
    You should notice now that the Internet Explorer message occors more often and is the only thing remaining.
    Find the file “iehelper.dll”.
    Try to delete it. This seems useless because it forbids you but it also allows you to re-name it.
    Re-name it “iehcodec.ddl”. You will notice now it no longer lets you use Internet Explorer. This is because it is glitching due to missing it’s two most needed files. It cannot replace these two unlike its other files, thus crashing it.
    Restart, and you should notice it is gone!

    That’s how I got rid of it. It should work for you too.

    Comment by anonymous — June 14, 2009 #

  2. Thanks 5 starzzz

    Comment by Randle — June 24, 2009 #

  3. unable to find such files having lots of problems pls help

    Comment by Rosa — June 29, 2009 #

  4. Rosa, please follow these steps.

    Comment by Patrik — June 29, 2009 #

  5. THANK YOU SO MUCH FOR THIS. i was seriously freaked out of my mind when this horrible thing popped up! your instructions worked perfectly and saved me tons of agony. a friend told me that this rogue program was possibly the virus that killed her laptop; she has a new computer and i gave her your website so that she may be better prepared. thank you for everything!

    Comment by Rini — July 2, 2009 #

  6. thanks!! this works!!

    Comment by pre — July 2, 2009 #

  7. I cannot find any of the files that were mentioned in the removal process! help!

    Comment by goh — July 6, 2009 #

  8. goh, you can`t download Avenger and Malwarebytes` Anti-malware ?

    Comment by Patrik — July 6, 2009 #

  9. This definitely works. Recommended to all users who are experiencing the same problem. The steps may be long but they are the most simplified version for non-tech’s. THANKS!!!

    Comment by ryan — July 7, 2009 #

  10. I have worked 3 hours to get rid of this program!
    Used your instructions and yep I think it’s gone.
    Thanks so much.

    Comment by Sandy — July 8, 2009 #

  11. Tried to install the Malwarebytes’ Anti-malware through the net but couldn’t. So I download from another computer into my thumbdrive and install it into my Desktop. Still the ASP prevented Malwarebytes’ to run. So I followed a friend\’s advice to restart the computer on SAFE mode (Hit F8 on the restart). Once, it was on SAFE mode, I was able to run the Malwarebytes’ and hey presto! in less than 5 minutes the damn AVP got swallowed. Hope this is of help to others.

    Comment by Paul — July 9, 2009 #

  12. Paul, you have tried run Avenger with above script before malwarebytes?

    Comment by Patrik — July 9, 2009 #

  13. Patrik, Didn’t want to install Avenger cos I couldn’t get any review of it. But Malwarebytes got good reviews (like in So I was pretty confident. Anyway, it worked and I’m a very HAPPY, HAPPY person.

    Comment by Paul — July 9, 2009 #

  14. Paul, Avenger very good and free program :) Avenger homepage is here.

    Comment by Patrik — July 10, 2009 #

  15. – Windows XP system.
    – I previously removed the: sysguard.exe, iehelper.dll and AVSCAN files and Registry references. This gets rid of the annoying pop-up’s but IE6 is still being redirected on most search links and also gets redirected when you manually enter web addresses.

    – Had to copy Malwarebytes Anti-Malware from another computer since this problem won’t allow you to download any files through IE6.

    – Malwarebytes Anti-Malware goes through its installation process OK but when it gets to the “Update Malwarebytes” routine at the end, the program terminates. Whatever this Malware is, it is choking off any ability to download over the internet. If I try to run Malwarebytes Anti-Malware, the program will not start(not even in Safe Mode).

    Any advice?

    Comment by Warren — July 18, 2009 #

  16. Warren, probably your computer also infected with DNSChanger trojan. Ask for help at our forum.

    Comment by Patrik — July 19, 2009 #

  17. okay i tried to uninstall anti spyware pro and it said file uninstall.exe is missing will these programs work for me?? and also if i use these will i have to spend any money or are they totally free because i have seen some where you have to purchase the full version for it to completely work any feed back will be helpful thanks guys

    Comment by casey — July 29, 2009 #

  18. this site is a gimick i downloaded avenger and malware program and it WASTED 25 MEGA BYTE of ram to yall this might not sound like a lot but to me it is…i want the administrator to this site to contact me asap

    Comment by casey — July 30, 2009 #

  19. casey, you can ask us for help at our Spyware removal forum.

    Comment by Patrik — July 30, 2009 #

  20. all i need is to tottally delete avenger and that other program on this site and you will never see me here again

    Comment by casey — July 30, 2009 #

  21. Manually remove Avenger.exe (The program did not have an uninstall procedure).
    Go to Add/Remove programs panel and uninstall MalwareBytes Anti-malware.

    Comment by Patrik — July 30, 2009 #

  22. okay this ISNT a gimick go to and download spy bot search and destroy follow all the steps and when its start downloading and starts up a window will pop up at the left MAKE sure you click these and not press next before doing so after that run scan and wolla the options come up to remove the antispare ware pro and all of its componets so DONT do the steps they tell you in this site because it will be more trouble trust me this works

    Comment by casey — July 31, 2009 #

  23. Has anyone tried the easier method that anonymous suggested??

    My inet is totally buggered.

    Patrik can you advise if it will work?

    And when renaming the “iehelper.dll” anon says to rename it “iehcodec.ddl”… Did he mean “iehcodec.dll” ??


    Comment by Michael — August 3, 2009 #

  24. Michael, the best way, if instructions above does not help you, ask for help at our Spyware removal forum.

    Comment by Patrik — August 3, 2009 #

  25. This site helped me get rid off of that AntiVirus PRo spyware. it created havoc on my system.

    Finally thanks to this site, it helped me clean up. Followed the instructions and it was great!

    Thank you!!!

    Comment by Madhu — August 4, 2009 #

  26. thank you so much! it’s gone.

    Comment by harveen — August 4, 2009 #

  27. Only two words – THANK YOU

    Comment by gto4fun — August 5, 2009 #

  28. Thanks very much got rid of the varment. Computer running slwer than before virus though. Thanks again that was very annoying.

    Comment by Ron — August 7, 2009 #

  29. Thanks It worked.

    Comment by Ron — August 7, 2009 #

  30. I cannot execute the file because the Antivirus Pro keeps saying it is infected and asks if I want to open the AVP. What can I do to get Avenger to run?

    Comment by Tim — August 14, 2009 #

  31. Tim, try rename Avenger.exe to explorer.exe and run it again.

    Comment by Patrik — August 15, 2009 #

  32. Hi,

    I have tried all means to remove Antivirus system pro( have downloaded spydoctor and run the same, tried manually as well)… While the anti virus system pro doesnt show up on the task bar anymore, it still wouldnt go away when I open any web browser and continutes to trouble me. Please help. Really urgent

    Comment by akila — August 15, 2009 #

  33. akila, please make a new topic at our Spyware removal forum.

    Comment by Patrik — August 15, 2009 #

  34. i have used pc tools to try and destroy windows antivirus 2010.but im still getting these fake alerts and cannot access my registry.nothing works in my control panel and every time i try to start a program it opens the box “open with”.i cant open programs ive downloaded and cannot use housecall nor windows update.this stuff is still in my comp.can you address these issues? i have windows xp pro on a dell.

    Comment by brian — August 28, 2009 #

  35. brian, looks like windows registry is damaged by malware. Ask for help at our spyware removal forum.

    Comment by Patrik — August 29, 2009 #

  36. Thanks a lot. I dont know how i got this thing on my computer but with your help it was gone bye bye.

    Comment by Monica — September 8, 2009 #

  37. Thank you, thank you.

    Comment by Mark — October 7, 2009 #

  38. Boy this really worked except I think it removed my Microsoft Office XP. Thank God it’s gone!!!

    Comment by Hank T — October 10, 2009 #

  39. Hi thanks for the download,it really gives a very big help and protection for my pc…more power guys…

    Comment by Braddock — October 14, 2009 #

  40. Hi,

    Thank you. Your instruction work. Thank you again

    Comment by Net — October 15, 2009 #

  41. Avenger only removed the iehelper file it did not find sysguard.exe. Do I have a newer version? I noticed bwimsysguard running in my task manager. I can even start in safe mode. I am writing this on a different c0mputer. HELP

    Comment by carol — October 22, 2009 #

  42. carol, yes your PC is infected with a new version of the rogue. Ask for help in our Spyware removal forum.

    Comment by Patrik — October 23, 2009 #

  43. thanks very much – it worked eventually!
    as a non techie just a a couple of things i found.
    initailly i could not open malware, as the virus would not let me. I then could not open Avenger either but managed to if I opened it as soon as I switched computer on.
    was then able to run the avenger followed by malware, which took a couple of hours but did clear this damn virus.
    Many thanks again guys!

    Comment by paul — October 24, 2009 #

  44. WIll not let me bring up !!! Task manager

    Comment by Me — October 26, 2009 #

  45. wont let me delete

    Comment by Me — October 26, 2009 #

  46. Works like a charm. The trick to opening OTM is to close all the malware windows asap n then start OTM. Once your r done with OTM the stupid popups stops!!!

    And then i guess the anti-malware software jus gets rid of the traces.

    Works like a charm.

    When i installed AVGFree i thot i had gotten rid of it until i restarted my PC. THank goodness this works.

    And i thot this was some Halloween virus that explodes on Halloween itself. *phew*.

    I HATE MALWARES!!!!!!!!!

    Comment by Dev Boys — October 28, 2009 #

  47. Thanks a lot… followed the steps, seems to work perfectly. Rebooted twice so far without a problem.

    Comment by Bunchy — November 2, 2009 #

  48. Thanks for the advice; I’ve got a friend having problems with the AntiVirus System Pro program. Soon, that’ll be fixed. :)

    Comment by Brandon — November 6, 2009 #

  49. Help needed with winguard2009.
    I followed steps of anonymous and renamed iehelper.dll. rebooted. My explorer doesn’t open. How do I make it to work again? I connot run system recovery….it doesn’t open the screen to run the restore operation. Pl help fast

    Comment by mit — November 9, 2009 #

  50. mit, please ask for help in our Spyware removal forum.

    Comment by Patrik — November 10, 2009 #

  51. I was going nuts with the antivirus systems pro, I took my laptop to a repair shop, and not even the dude there was able to help me. So I desided to give spybot a chance and it worked for me, I’m free of this crazy bug and my laptop is back to normal. Some of you may want to give it a try…hey you never know.

    Comment by Tito — November 14, 2009 #

  52. Hey,

    Removed the antivirus software but now can not find my preferred wireless network (it’s a secured network) but other computers in my house can find it … I am worried I have deleted a certain file?

    It’s weird, because it sees other networks that are in the area and secured, but can’t find my network.. any advice?

    Comment by Brian — November 16, 2009 #

  53. Hi, i ran both OMT and MBAM in safe mode becasue it wouldn’t let me run them in regular mode…. but the virus/ trojan is still here, any ideas?

    Comment by Zoyia — November 16, 2009 #

  54. Zoyia, looks like your computer is infected with a new variant of the rogue. Ask for help in our Spyware removal forum.

    Comment by Patrik — November 17, 2009 #

  55. I’ve done everything stated, but for some reason it won’t let me use the internet. I can go to any website as Admin in Safe Mode, but when I log in just as my typical user i get no internet. I use ‘ipconfig/release, /renew’ and i DO have an ipaddress, but it never connects to the internet. PLZ help.

    Comment by David — November 21, 2009 #

  56. David, you have tried to ping any site ?
    Type cmd
    type ping
    If is works, then check proxy setting of browser.
    Also you can ask for help in our Spyware removal forum.

    Comment by Patrik — November 21, 2009 #

  57. i did everything it told me to do
    but it cant find the iehelper.dll
    and the computer works fine
    until when i restart
    everything is back there
    and if i do it again
    it deltes everything and it states that it cant find iehelper.dll
    please help me
    i need my laptop

    Comment by joseph — November 23, 2009 #

  58. joseph, please follow these steps.

    Comment by Patrik — November 24, 2009 #

  59. I have not installed this monster but a warning bar keeps popping up on my websites and covering info I need off the sites. If I click on it it comes up and wants me to purchase. How do I get rid of it?

    Comment by Sherry Garrett — November 24, 2009 #

  60. Sherry, please read my previous comment. Make a HijackThis log, open a new topic in our Spyware removal forum and post HijackThis log into it.

    Comment by Patrik — November 24, 2009 #

  61. this virus doesnt let me open anything, when i start my computer, i quickly open task manager to “end process” the jkqksysguard file. now the pop ups stop. but i still cant acess the internet. i used OTM but when i reboot, the same thing happens, and i used malwarebytes programs plus others but they dont detect anything. please help

    Comment by Tony — November 25, 2009 #

  62. Tony, looks like you`re still infected. Follow these steps.

    Comment by Patrik — November 26, 2009 #

  63. I’ve downloaded OTM and all that…. but I’m unable to run it because I can’t halt the ASP processes… it won’t allow me to open Task Manager and trying to find sysguard.exe in Search hasn’t been fruitful either. Any suggestions on how to stop it long enough to get rkill or OTM running?

    Comment by Sean — November 26, 2009 #

  64. I think that i got rid of this crap after multiple procedures including malwarebytes and microsoft security essentials which didnt detect this in the first place…now i can turn my system on without spam security alerts and popups but still error message displays on internet explorer and i cannot use it…do you know what i should do?

    Comment by Nick — November 27, 2009 #

  65. Sean, try rename OTM.exe to exeplorer.exe and run it.

    Comment by Patrik — November 27, 2009 #

  66. Nick, follow these steps.

    Comment by Patrik — November 27, 2009 #

  67. This is the most malicous virus I have ever seen. It crippled a new Asus eee. I finally gave up after 5 hours and went into the bios and reset windows xp to the factory setting. I hope this works but I don’t know. I don’t have the xp disk and I don’t have a disk drive.

    It disabled system restore. Disabled all my antivirus programs. Disabled task manager. Had none of the names previously listed on sites I googled. Made the computer unusable for all intent and purpose. Justice can’t be too harsh for the designer of this one.

    One of the kids picked it up somewhere. It keep directing me to Ali Baba which would lead me to believe it’s coming out of Asia.

    Comment by jim — November 27, 2009 #

  68. thid softwaree virus will not allow me to run anything i cnat get to regedit i cant run taskmanager i cant run otm

    Comment by lb — November 28, 2009 #

  69. lb, i have update the instruction above. Go to step 1, then step 2.

    Comment by Patrik — November 29, 2009 #

  70. the thing wont allow me to download anything? not even the hijackthis.exe so waht do i do now…

    Comment by hope — November 29, 2009 #

  71. I’ve downloaded the tool, renamed it, virus still will not let it open. The menu flashed for a moment, then closes.

    Comment by Brian — November 30, 2009 #

  72. Brian, try run HijackThis in the Safe mode.

    Comment by Patrik — November 30, 2009 #

  73. where is the link to OTM i cant find it.

    Comment by Jamil — December 1, 2009 #

  74. Jamil, I have updated the step 1, now you should use HijackThis. Read more above.

    Comment by Patrik — December 1, 2009 #

  75. Easy to remove if you logon as different user. I had PC with this and when I logged on as hidden admin account I could do anything and install malware removal software.

    Hope this will help a little bit!


    Comment by Marcin — December 5, 2009 #

  76. If you can’t run any EXE file do this.
    Download combofix on another computer and copy it over tot he infected one onto the desktop.
    Create a shortcut to Combofix on the desktop also.
    Copy the shortcut to the startup folder:

    C:\Documents and Settings\”User name here”\Start Menu\Programs\Startup

    Once copied reboot the computer, Combofix will run on startup.
    Follow the prompts for Combofix and once the scan is completed restart and run Malwarebytes or any other good anti malware/antivirus program.

    Comment by Ben — December 6, 2009 #

  77. I hope the peice of shit that created this dies of third degree burns from a bic lighter after being sodomized by an elephant.

    Comment by Ben — December 6, 2009 #

  78. I don’t find any lines begining with o4 finishing with system.exe after I run the scan as instructed. There is certainly a virus there what to do next. Help please

    Comment by ruby — December 11, 2009 #

  79. ruby, make a new topic in our Spyware removal forum and post your HijackThis log to it.

    Comment by Patrik — December 11, 2009 #

  80. Alternative to the outlined (and effective) method outlined above, you can head over to the Sophos antivirus site and check out one of their free removal tools. They have some for Conficker as well that are quite comprehensive.

    Comment by gregGrosu — December 16, 2009 #

  81. I couldn’t run any files even after renaming to explorer.exe, or download antivirus tools. I followed Ben’s instructions (Dec. 6), and Combofix did the trick. Afterward HijackThis and MalwareBytes didn’t find anything, PC works fine.

    If it comes back, I’ll post here again. BTW I got the malware from Youtube.

    Comment by Gary — January 18, 2010 #

  82. Hey if you cant run exe’s try right clicking on the icon and pressing “start” instead of open. this worked for me. but now ive run Spywaredoctor, malwarebytes, avast, and hijack this and removed the damn thing, but it still keeps popping up. I cant find any of the files that the first poster suggested. Please help

    Comment by you — February 1, 2010 #

  83. Please ask for help in our Spyware removal forum.

    Comment by Patrik — February 1, 2010 #

  84. I was infected with Antivirus Pro spyware yesterday and was able to manually remove it by looking for some help on the Internet. But seems the clean wasn’t done completely as my default Antivirus software Mcafee was still disabled and most importantly explorer won’t launch. Full scan on Mcafee showed some bugs and the spyware icon ont he tray vanished, but explorer would still not launch. I installed Malwarebyte just to give it a try and surprisngly it removed the error, which i didn’t expect. It clearly shows this application is better than Mcafee. Take my word and run a full scan on Malwarebyte.


    Comment by Jack — February 12, 2010 #

  85. Initially I was infected with Personal Security 2011 in Internet Explorer and successfully uninstalled it with CC Cleaner and thought I was fine. I am now currently having a huge problem with all of my browsers. I went into safe mode as suggested, but Internet Explorer cannot display the webpage. What do I do now?

    Comment by debi k — January 1, 2011 #

  86. The pop-ups continue to tell me I have to purchase Antivirus
    Scan each time I go into any of the browsers. Thank you for your help.

    Comment by debi k — January 1, 2011 #

  87. Debi, follow the instructions (step 2)

    Comment by Patrik — January 4, 2011 #

  88. Hi
    I got the same rogue program. Xp antispyware 2001.
    Every time when I started an application in the process explorer started the omt.exe (the rogue).
    I searched through the registry for the omt.exe and deleted everything,after that i renamed the Malwarebytes’ to explorer.exe and installed it.
    Now everything works fine.
    I hope that helps

    Comment by jbix — April 4, 2011 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.