Antivirus system pro But with no Safe Mode

[joker_927]

A friend of mine got infected with the NASTY antivirus system pro virus. Every site I visit with info on how to remove it says to run an antivirus/anti spyware software but that is impossible. I cant even ctrl-alt-delte because this virus stops every process from running. (Can't even run the command prompt, it terminates it as soon as it starts).

Well of course the next option is to run safe mode but when I do that the computer reboots. I don't know if this is directly because of the virus or not.

Anyway, does anyone have advice for removing this virus without safe mode?

I was thinking of getting Avast's Bart CD and running that since it runs in it's own OS.
I ran Kaspersky from and old Hiren's boot CD but it found nothing. Probably too old.

[johns123]

if you want to remove the virus without going safe mode, then you should try bestantivirusreviewed.it provide the advisable for fighting against innumerable internet threats

[howste]

A friend of mine got infected with the NASTY antivirus system pro virus. Every site I visit with info on how to remove it says to run an antivirus/anti spyware software but that is impossible. I cant even ctrl-alt-delte because this virus stops every process from running. (Can't even run the command prompt, it terminates it as soon as it starts).

Well of course the next option is to run safe mode but when I do that the computer reboots. I don't know if this is directly because of the virus or not.

Anyway, does anyone have advice for removing this virus without safe mode?

I was thinking of getting Avast's Bart CD and running that since it runs in it's own OS.
I ran Kaspersky from and old Hiren's boot CD but it found nothing. Probably too old.

My son managed to infect one of our computers with this. It disabled the antivirus and antimalware programs and, just as you described, would reboot if I tried to go into safe mode. ComboFix removed a rootkit and got the system back to where I could run Malwarebytes and antivirus software, which removed the rest.

[BWFoster78]

I'm having a similar problem. I can't start in Safe Mode and I can't even get Combofix to run. The program isn't letting me run any exe program. I can't even start task manager.

Help! Please!!!

[joker_927]

BWFoster, I was in the same boat as you and I found a fix although its not for the weary. I also could not run any exe and I dont exactly know which process was causing it but this is what I did and hopefully it can point you in the right direction.

I used a boot-up disk that allowed me to edit the registry as well as delete files WITHOUT booting into windows. A friend of mine had a copy of Avast's BART CD (a non-free version of the free BARTpe mini-xp environment).

I searched the internet and found out exactly what files these automated programs were removing and compiled a list to remove myself. Here is the list I made:

Files to search for and delete:

Antivirussystempro.exe
sysguard.exe

%ProgramFiles%\Antivirus System PRO\quarantine.vdb
%ProgramFiles%\Antivirus System PRO\queue.vdb
%ProgramFiles%\Antivirus System PRO\mbase.vdb
%ProgramFiles%\Antivirus System PRO\conf.cfg
%ProgramFiles%\Antivirus System PRO\uninstall.exe
%ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe
%ProgramFiles%\Antivirus System PRO\

c:\WINDOWS\sysguard.exe
c:\WINDOWS\system32\iehelper.dll
(Run the following in the command prompt first: "regsvr32 /u c:\WINDOWS\system32\iehelper.dll")

Registry Keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “Antivirus System PRO”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad “ieModule”
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “system tool”
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}


search registry and harddrives and delete anything with the following in the name:
Antivirus System PRO
SYSGUARD

Then I could boot into windows where I ran Avast, Spybot, MalwareBytes, and Kasperky.
Problems seem to be all fixed.

I take no responsibility for you editing your registry/files.

[kly]

My customer had the exact same problem: Couldn't get into normal or safe mode because it would automatically reboot while it was booting into Windows. This virus is nasty and normally I would just say reinstall but this was not an option. His entire business was on this computer. Here's how I fixed it.....

Disconnected the other hard drives in the machine to take them out of the picture.
Made a complete image of the master hard drive onto another hard drive so if I made it worse I could always go back.
Booted the Windows XP Home CD and chose the repair option. It will reinstall all the Windows files but try to keep your programs and personal files on the hard drive. After it finished I was actually able to boot into Windows. Going into safe mode seemed to be fine but going into normal mode still brought up A/V Pro.
Went back into safe mode and ran combofix. This looked like it was helping but it didn't actually fix the problem.
Went back into safe mode and ran smitfraudfix. I don't know if this did anything.
Went back into safe mode and tried Malwarebytes. It found 11 problems and said it cleaned them. Went back into normal mode and still had the same issue.
Went back into safe mode again and ran Malwarebytes, this time doing a full scan. Found 8 problems and said it cleaned them. Went back into normal mode and to my surprise no more A/V Pro.
I then updated his Eset virus definitions.
Updated to XP service pack 3, then did the rest of the security updates. After running these updates and rebooting I noticed that IE would crash every time I launched it. So I used firefox to download the IE8 installer and installed IE8. Now everything seems to be ok.

[zepper]

AntiVir rescue CD from avira.com under Tools (self booting) . MalwareBytes is helpful too.

.bh.

[kathir]

Search for rfrwsysgaurd.exe in task manager (should open task manager immidiately when desktop appears)
and kill the process rfrwsysgaurd.exe
search and delete rfrwsysgaurd.exe in windows and registry

Goodluck

[jos789]

Thanks Kathir. Opened Task Manager right away and found the .....guard.exe process (iiqssysguard.exe this time). Then I was able to install Malwarebytes and got rid of that crap.