AntiVirus Pro 2015 Removal Guide

  • April 23, 2015

AntiVirus Pro 2015 is a scareware program from the Rogue.WinPCDefender family of rogue anti-spyware programs. This program is classified as a rogue because it deliberately displays false scan results, fake security warnings, and prevents you from running programs in Windows. This program is promoted through fake online antimalware scanners and online exploit kits. Once installed, AntiVirus Pro 2015 will automatically perform a scan of your computer and state that there are numerous infections present. If you attempt to remove any of these so-called infections, though, it will prompt you to purchase it before allowing you to do so. As many of the detected files are actually legitimate, please do not manually delete anything that this rogue detects as it may affect the proper operating of Windows and your installed programs. Instead ignore the scan results and proceed with the rest of the removal guide.

  • AntiVirus Pro 2015 screen shot
  • Scanning Screen
  • Fake Alert
  • Fake Firewall Alert
  • Infected process alert

While AntiVirus Pro 2015 is running it will also display fake security warnings that are worded to make you think your computer is under attack or that your private data is at risk. Examples of some of these warnings are:

Security Warning
Malicious program has been detected. Click here to protect your computer.

Firewall Warning
Hidden file transfer to remote host has been detected
AntiVirus Pro 2015 has detected a leak of your files through the Internet. We strongly recommend that you block the attack immediately.

Furthermore, AntiVirus Pro 2015 will terminate any program that you attempt to run while displaying a message stating that it is infected. It does this to further scare you into thinking your applications are infected so that you then purchase the program. An example message you may see when running a legitimate program is:

iexplore.exe can not start
File iexplore.exe is infected by W32/Blaster.worm. Please activate AntiVirus Pro 2015 to protect your computer.

Just like the fake scan results, these warnings are just another tactic to scare you into purchasing the program and should be ignored.

Without a doubt, AntiVirus Pro 2015 was created solely to scare you into thinking your computer is infected so that you will then purchase the program. With that said, please do not purchase AntiVirus Pro 2015 for any reason, and if you already have, please contact your credit card company and state that the program is a computer infection and a scam and that you would like to dispute the charge. To remove this infection and related malware, please follow the steps in the guide below.

Self Help Guide

This guide contains advanced information, but has been written in such a way so that anyone can follow it. Please ensure your data is backed up before proceeding.

If you are uncomfortable making changes to your computer or following these steps, do not worry! Instead you can get free one-on-one help by asking in the forums.
  1. Print out these instructions as we will need to reboot your computer into Safe mode with Networking and you may not have access to your web browser for part of this process.

  2. This infection makes it difficult to access your documents and programs because it locks the screen. In order to bypass this locker, we need to reboot into Safe Mode with Networking. To do this, perform the following steps for your version of Windows:

    Windows 8: Please follow the steps in this guide to restart your computer in Windows 8 Safe Mode.

    Windows XP, Vista, and 7: Turn your computer off and then back on and when you see anything on the screen, immediately start tapping the F8 key on your keyboard. Eventually you will be brought to a menu similar to the one below:


    MalwareBytes Anti-Malware Screen

    Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. If you are having trouble entering safe mode, then please use the following tutorial:

    How to start Windows in Safe Mode


    Windows will now boot into safe mode with networking and prompt you to login as a user.

  3. When you are prompted to login, please login as the user that is infected with AntiVirus Pro 2015.

  4. Before we can do anything we must first end the processes that belong to AntiVirus Pro 2015 and other infections so that they does not interfere with the cleaning procedure. To do this please download RKill to your desktop from the following link.

    RKill Download Link - (Download page will open in a new tab or browser window.)

    When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

  5. Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with AntiVirus Pro 2015 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by AntiVirus Pro 2015 when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate AntiVirus Pro 2015 . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.

    If you continue having problems running RKill, you can download the other renamed versions of RKill from the RKill download page. Both of these files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.



  6. Now download and save the Emsisoft Anti-Malware setup program to your desktop from the link below:

    https://www.bleepingcomputer.com/download/emsisoft-antimalware/

    The download is fairly large, so please be patient while it downloads.

  7. Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup_bc.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.

    If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking you to agree to a license agreement. Please access the agreement and click on the Install button to continue with the installation.

  8. You will eventually get to a screen asking what type of license you wish to use with Emsisoft Anti-Malware.


    Select License Screen

    If you have an existing license key or want to buy a new license key, please select the appropriate option. Otherwise, select the Freeware or Test for 30 days, free option. If you receive an alert after clicking this button that your trial has expired, just click on the Yes button to enter freeware mode, which still allows the cleaning of infections.

  9. You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and select your choice to continue.

  10. Emsisoft Anti-Malware will now begin to update it's virus detections.


    Downloading Updates

    Please be patient as it may take a few minutes for the updates to finish downloading.

  11. When the updates are completed, you will be at a screen asking if you wish to enable PUPs detection. We strongly suggest that you select Enable PUPs Detection to protect your computer from nuisance programs such as toolbars and adware.

  12. You will now be at a screen asking what type of scan you would like to perform.



    Scan selection screen

    Please select the Full Scan option to begin scanning your computer for infections. The Full Scan option will take the longest time to scan your computer, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned.

  13. Emsisoft Anti-Malware will now start to scan your computer for rootkits and malware. Please note that the detected infections in the image below may be different than what this guide is for.



    Scanning screen

    Please be patient while Emsisoft Anti-Malware scans your computer.

  14. When the scan has finished, the program will display the scan results that shows what infections where found. Please note, due to an updated version of Emsisoft Anti-Malware, the screenshot below may look different than the rest of the guide.



    Scan Results


    Now click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.

  15. Please reboot your computer into the normal Windows mode and when you are back at your normal Windows desktop or Windows Start Screen please continue with the next step.

  16. As this infection is known to be installed by vulnerabilities in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:

    How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

Your computer should now be free of the AntiVirus Pro 2015 infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the full version of Emsisoft Anti-malware to protect your computer against these types of threats in the future.

View Associated AntiVirus Pro 2015 Files

%AppData%\avpro.exe

File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\<Current User>\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\<Current User>\AppData\Roaming.

View Associated AntiVirus Pro 2015 Registry Information

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2015 %AppData%\avpro.exe HKCU\Software\<random>

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus,Trojan,Spyware, and Malware Removal Logs forum.

If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you.

search guides
Mandiant mWise Conference 2024

Login