Windows Police Pro is a rogue antivirus program that displays false scan reports intended to convince the user that his or her computer is infected with various forms of malware. This misleading software will tell the user that he or she needs to purchase the full version of the software to remove these threats. These so-called infections do not actually exist, however, as they are only attempts to frighten the user to purchase the full version of the software.

Methods of infection/variants

This fraudulent program is promoted through dangerous Trojans and hijacked browsers. It is fairly easy to determine the presence of the virus, as warning pop-ups continuously appear. Windows Police Pro is a genetic copy of Windows Antivirus Pro.

Symptoms of infection

Windows Police Pro gives unrealistic warnings from the Windows Security Center when downloaded onto the computer so that the user believes that the software is real and that their computer is legitimately infected with malware. This rogue program prevents any access to real antivirus programs, which can lead to the worsening of the state of the computer system; and can also dramatically delay the speed of the computer. Windows Police Pro also hijacks the web browser, essentially disallowing the use of the browser. Every time the user attempts to run any program or any .exe file, it states that Windows Police Pro has blocked it and prompts the purchase of Windows Police Pro, which is supposedly required to delete malware. Messages that Windows Police Pro tells the user include:

"Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection."

"svchost.exe has encountered a problem and needs to close. We are sorry for the inconvenience."

"Your computer is being attacked by an Internet Virus. It could be password-stealing attack, a trojan-dropper or similar."

Removal

First, the user needs to end the Windows Police Pro.exe, svchast.exe, svchasts.exe, and the svohost.exe processes. This can be accessed through the Windows Task Manager

Windows Task Manager

Windows Task Manager is a task manager application included with the Microsoft Windows NT family of operating systems that provides detailed information about computer performance and running applications, processes and CPU usage, commit charge and memory information, network activity and...

. This will cause Windows Police Pro to temporarily stop disrupting the computer.

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware is a computer application that finds and removes malware. Made by Malwarebytes Corporation, it was released in January 2008...

has been shown as able to remove Windows Police Pro and its associated files.

Windows Police Pro Registry Entries

• HKEY_CURRENT_USER\Software\Softimer
• HKEY_CURRENT_USER\Software\Windows Police Pro
• HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
• HKEY_CLASSES_ROOT\CLSID\{77DC0B63-1535-4ba9-8BE8-D59EB676FA02}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {77DC0B63-1535-4ba9-8BE8-D59EB676FA02}
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIPOL
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiPol
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDefend
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntipPro2009_100
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "minix32"
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "inixs"

Windows Police Pro files

• c:\Program Files\Windows Police Pro\
• C:\Windows\svchast.exe
• C:\Windows\svchasts.exe
• C:\Windows\svohost.exe
• c:\WINDOWS\wf3.dat
• c:\WINDOWS\wf4.dat
• c:\WINDOWS\system32\minix32.exe
• C:\WINDOWS\system32\dddesot.dll
• c:\WINDOWS\system32\nuar.old
• c:\WINDOWS\system32\plugie.dll
• c:\WINDOWS\system32\pump.exe
• c:\WINDOWS\system32\skynet.dat