Endpoint Protection

Hi,

I have a virus, I think it is Windows Antivirus Pro because it it pop-ing out to use this software that I never install. I was wondering if anyone could help me removing it.

I got SAV 10.1.8.8000 and the last update are from the 29 of nov 2009, the software doesn't let me update to the new definition and SAV does not detect any virus. Can some one help.

Thank you

Download rapid release from here

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

disable system restore

run full scan in safe mode.

That should take care

Go to and download  symrapidreleasedefsv5i32.exe  from http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Disable system restore and then run a fullsystem scan in safe mode

If that works well and good else try :

 

...you may find the following easier:

1. Reboot the machine into Safe Mode with Networking, go to http://www.malwarebytes.org and download the latest free version, install it, update it, run quick scan, reboot into Normal Mode and run full scan.
2. If you can't go to the site on the infected machine, download it on another machine to a thumb drive or network share, install it on the infected machine, update it, run quick scan, reboot into Normal Mode and run full scan.
3. If you can't go into Safe Mode, try step one then step two above in Normal Mode.  If you can't do this, see the next step.
4. If you can't go into Safe Mode, or install it, or run it, go the following sites on a non-infected machine and read the pinned posts down in the Computer Help section: http://www.malwarebytes.org/forums/, ... also http://www.malwarebytes.org/forums/index.php?showtopic=17607

Unfortunately, I have had to deal with these kind of viruses a lot lately and the above procedure works 99% of the time.  Recently the above got rid of several nasty viruses on a machine, but left one.  I got rid of that one with Trojan Remover from http://simplysup.com/ (free to try).

Manual Windows Antivirus Pro Removal Instructions:

Stop WindowsAntivirusPro Processes: 

WindowsAntivirusPro.exe
WindowsAntivirusProUpdate.exe
C:\WINDOWS\svchast.exe

Unregister Windows Antivirus Pro DLL Files:

dddesot.dll

Find and Delete these WindowsAntivirusPro:

WindowsAntivirusPro.exe
WindowsAntivirusProUpdate.exe
C:\WINDOWS\system32\dddesot.dll
C:\WINDOWS\svchast.exe
WindowsAntivirusPro.lnk
WindowsAntivirusPro on the Web.lnk
WindowsAntivirusPro.url
Uninstall WindowsAntivirusPro.lnk

Remove WindowsAntivirusPro Registry Values:

HKEY_USERS\Software\WindowsAntivirusPro 

It blocks almost all exe, including task manager... might work in safe mode. I just ghost back, not sure if it is clean.

 I am running Symantec AntiVirus 10.1.6.6000 and was also infected by Antivirus Pro
It took a combination of Malewarebytes, SuperAntispyware and a whole lot of manual
deletion in the registry and I think I have gotten rid of it.
However, I still get this pop-up and I seem to remember getting and accepting
a pop-up that may have been similar to this that started by Anitvirus Pro problems.
It seems to pop-up after I update the virus definitions and is a message from Symantec
with an official looking pop-up screen titled:
Symantec anti virus repair wizard
Updated virus definitions have been delivered and installed on your computer.
Symantec anti virus may now be able to repair the infected items in your quarantine.

It wants me to accept but this is how I think I picked up Antivirus Pro infection.

My question is, does Symantec give this kind of pop-up, has anybody else seen it
and is it normal software function?

I have now deleted the files in the quarantine to see if this pop-up comes back.

thanks for your help