What is Windows Police Pro?
- Type: Spyware
- Category: Rogue Programs
- Discovered: 01 September 2009
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
It is a deceptive computer security application that is classified as a rogue program. Windows Police Pro belongs to the same family as Windows Antivirus Pro and Your PC Protector, also is related to Google redirect virus. These types of programs are created to mislead user by providing him false information about computer insecurity, although the system was clean and secure before Windows Police Pro has been installed. In fact, Windows Police Pro acts as an ordinary antivirus program: it scans your computer for viruses and other threats, as well as giving report in the end, except that the report content is fake and incorrect. Finally, the program offers to remove found threats, only if licensed version is bought. Do not make any payments related to this rogue program, because even after the purchase it will not remove any of real viruses, and furthermore, will not protect PC from future infections.
Windows Police Pro will corrupt Windows Security Center by displaying promotional note in Virus Protection area. It will also display balloon shaped warnings in the taskbar area about computer insecurity, persuading user to enable protection by purchasing the program.
Windows Police Pro will forbid to run other security programs including Hijackthis tool, stating that those are insecure applications. Even access to Windows Registry Editor (regedit.exe), System Restore, Task Manager and Internet Explorer is blocked.
2. Windows Police Pro.exe
Windows Police Pro will corrupt Windows Security Center by displaying promotional note in Virus Protection area. It will also display balloon shaped warnings in the taskbar area about computer insecurity, persuading user to enable protection by purchasing the program.
Windows Police Pro will forbid to run other security programs including Hijackthis tool, stating that those are insecure applications. Even access to Windows Registry Editor (regedit.exe), System Restore, Task Manager and Internet Explorer is blocked.
To start Windows Police Pro removal process:
end the following processes with Task Manager in the sequence displayed (What to do if Task Manager has been blocked?):
1. svchasts.exe2. Windows Police Pro.exe
2. Windows Police Pro removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
How to run .exe files, that has been disabled by virus? First what you have to do is make a copy of regedit.exe:
1. Go to Start, Run and type in
command.com
2. In opened Dos window type (press Enter before typing new line):
cd\
cd windows
copy regedit.exe regedit.com
start regedit.com
3. In the left side of opened Registry Editor window, navigate to
HKEY_CLASSES_ROOT\exefile\shell\open\command
and double click Default value in the right side of Registry Editor window. Under Value data, delete existing value and type "%1" %* (quotes included!) and press OK.
EXE files should be running now.
To remove "Danger! Your computer is infected" desktop background, go to Control Panel, Display, choose Desktop tab, click Customize Desktop and choose Web tab. Under Web pages an entry with ticked box should be present. Click on that entry and press Delete.
1. Go to Start, Run and type in
command.com
2. In opened Dos window type (press Enter before typing new line):
cd\
cd windows
copy regedit.exe regedit.com
start regedit.com
3. In the left side of opened Registry Editor window, navigate to
HKEY_CLASSES_ROOT\exefile\shell\open\command
and double click Default value in the right side of Registry Editor window. Under Value data, delete existing value and type "%1" %* (quotes included!) and press OK.
EXE files should be running now.
To remove "Danger! Your computer is infected" desktop background, go to Control Panel, Display, choose Desktop tab, click Customize Desktop and choose Web tab. Under Web pages an entry with ticked box should be present. Click on that entry and press Delete.
3. Screenshot:
4. Windows Police Pro files:
svchasts.exe, desote.exe, windows police pro.exe5. Hijackthis entries:
C:\WINDOWS\system32\desote.exe
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe.
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe.