WinAntiVirusPro

WinAntiVirusPro is an Anti-Virus application which may exaggerate threats on user's computer and ask user to buy the software to remove the threat. WinAntiVirusPro is an Anti-Virus application which may exaggerate threats on user's computer and ask user to buy the software to remove the threat.

WinAntiVirusPro may impair performance of the Windows firewall and some other security related Miscrosoft applications.

The default installation folder is "<Program Files>\WinAntiVirus Pro 2006".

When WinAntiVirusPro is installed the following folders and files are typically created:

<User>\Application Data\WinAntiVirus Pro 2006
<User>\Application Data\WinAntiVirus Pro 2006\Logs
<User>\Application Data\WinAntiVirus Pro 2006\Logs\update.log
<Start Menu\Programs>\WinAntiVirus Pro 2006\
Kundendienst kontaktieren.lnk
<Start Menu\Programs>\WinAntiVirus Pro 2006\
WinAntiVirus Pro 2006 deinstallieren.lnk
<Start Menu\Programs>\WinAntiVirus Pro 2006\
WinAntiVirus Pro 2006 Leitung.lnk
<Start Menu\Programs>\WinAntiVirus Pro 2006\
WinAntiVirus Pro 2006.lnk
<Desktop>\WinAntiVirus Pro 2006.lnk
<Common Files>\WinAntiVirus Pro 2006
<Common Files>\WinAntiVirus Pro 2006\WapCHK.dll
<Program Files>\WinAntiVirus Pro 2006
<Program Files>\WinAntiVirus Pro 2006\Activate.exe
<Program Files>\WinAntiVirus Pro 2006\asmngr.dll
<Program Files>\WinAntiVirus Pro 2006\ASupdater.dat
<Program Files>\WinAntiVirus Pro 2006\avkernel.dll
<Program Files>\WinAntiVirus Pro 2006\BkSites.dat
<Program Files>\WinAntiVirus Pro 2006\bnlink.dat
<Program Files>\WinAntiVirus Pro 2006\bpupdater.dat
<Program Files>\WinAntiVirus Pro 2006\CompWiz.exe
<Program Files>\WinAntiVirus Pro 2006\fat.exe
<Program Files>\WinAntiVirus Pro 2006\fopn.exe
<Program Files>\WinAntiVirus Pro 2006\fopn.sys
<Program Files>\WinAntiVirus Pro 2006\fopnl.dll
<Program Files>\WinAntiVirus Pro 2006\FWSvc.exe
<Program Files>\WinAntiVirus Pro 2006\history.db
<Program Files>\WinAntiVirus Pro 2006\IEFWBHO.dll
<Program Files>\WinAntiVirus Pro 2006\install.exe
<Program Files>\WinAntiVirus Pro 2006\InstHelp.exe
<Program Files>\WinAntiVirus Pro 2006\lapv.dat
<Program Files>\WinAntiVirus Pro 2006\License.rtf
<Program Files>\WinAntiVirus Pro 2006\online.url
<Program Files>\WinAntiVirus Pro 2006\PGupdater.dat
<Program Files>\WinAntiVirus Pro 2006\phigh.bin
<Program Files>\WinAntiVirus Pro 2006\pmedium.bin
<Program Files>\WinAntiVirus Pro 2006\prc.dat
<Program Files>\WinAntiVirus Pro 2006\prerules.xml
<Program Files>\WinAntiVirus Pro 2006\ps.dat
<Program Files>\WinAntiVirus Pro 2006\pv.dat
<Program Files>\WinAntiVirus Pro 2006\pv.exe
<Program Files>\WinAntiVirus Pro 2006\rpt.dll
<Program Files>\WinAntiVirus Pro 2006\RulSrv.dll
<Program Files>\WinAntiVirus Pro 2006\sqlite3.dll
<Program Files>\WinAntiVirus Pro 2006\sr.log
<Program Files>\WinAntiVirus Pro 2006\st.dat
<Program Files>\WinAntiVirus Pro 2006\support.url
<Program Files>\WinAntiVirus Pro 2006\unins000.dat
<Program Files>\WinAntiVirus Pro 2006\unins000.exe
<Program Files>\WinAntiVirus Pro 2006\uninstall.ico
<Program Files>\WinAntiVirus Pro 2006\UninstallPage.html
<Program Files>\WinAntiVirus Pro 2006\up.dat
<Program Files>\WinAntiVirus Pro 2006\updater.dat
<Program Files>\WinAntiVirus Pro 2006\Updater.exe
<Program Files>\WinAntiVirus Pro 2006\VAExt.exe
<Program Files>\WinAntiVirus Pro 2006\vbpv.dat
<Program Files>\WinAntiVirus Pro 2006\WAupdater.dat
<Program Files>\WinAntiVirus Pro 2006\WAV6COM.dll
<Program Files>\WinAntiVirus Pro 2006\WinAV.exe
<Program Files>\WinAntiVirus Pro 2006\winpgi.dll
<Program Files>\WinAntiVirus Pro 2006\worldmap.swf
<Program Files>\WinAntiVirus Pro 2006\AWBase
<Program Files>\WinAntiVirus Pro 2006\AWBase\database
<Program Files>\WinAntiVirus Pro 2006\Download
<Program Files>\WinAntiVirus Pro 2006\Download\uidsdrxe
<Program Files>\WinAntiVirus Pro 2006\img
<Program Files>\WinAntiVirus Pro 2006\PGBase
<Program Files>\WinAntiVirus Pro 2006\res
<Program Files>\WinAntiVirus Pro 2006\WABase
<Program Files>\WinAntiVirus Pro 2006\WABase\Plugins
<System>\av.cpl
<System>\stera.exe
<System>\stera.job
<System>\drivers\FOPN.sys
<System>\drivers\vspf_hk5.sys
<System>\drivers\vspf5.sys

New versions of the following files may be installed:

<System>\atl71.dll
<System>\mfc71.dll
<System>\msvcp71.dll
<System>\SpOrder.dll

The following registry entries are created to run fat.exe and WinAV.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
fat.exe
<Program Files>\WinAntiVirus Pro 2006\fat.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinAntiVirusPro2006
<Program Files>\WinAntiVirus Pro 2006\WinAV.exe" /min

The file vspf_hk5.sys is registered as a new system driver service named "vspf_hk", with a display name of "vspf_hk". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk

The file vspf5.sys is registered as a new system driver service named "vspf", with a display name of "vspf". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\vspf

The file FWSvc.exe is registered as a new file system driver service named "FWSvc", with a display name of "Firewall service" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\FWSvc

The files WapCHK.dll, IEFWBHO.dll, WAV6COM.dll and winpgi.dll are registered as COM objects, creating registry entries under:

HKCR\WinPGIntegrator.IEIntegrator
HKCR\WinPGIntegrator.IEIntegrator.1
HKCR\WAP6.PCheck
HKCR\WAP6.PCheck.1
HKCR\TypeLib\(732B6533-7F78-4C47-9C01-2979BA0829B9)
HKCR\TypeLib\(367A86A5-D048-4785-86BE-4E2706AAFDD9)
HKCR\TypeLib\(2BC32EF8-BB73-4099-BB2E-0F2951B3E276)
HKCR\TypeLib\(1234890A-5E6E-4867-8136-CA6F1456B235)
HKCR\Interface\(E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123)
HKCR\Interface\(0B9A27EB-125F-4F3E-A35C-2769C47A1442)
HKCR\IEFWBHO.IEFW
HKCR\IEFWBHO.IEFW.2
HKCR\CLSID\(B5141620-C2B2-4d95-9F0F-134D99C87AB0)
HKCR\CLSID\(B2A3156E-3332-4b47-AF5A-5B121503514F)
HKCR\CLSID\(723D54C7-7483-4EB8-8EED-CE5B2AEA534D)
HKCR\CLSID\(2178F3FB-2560-458f-BDEE-631E2FE0DFE4)
HKCR\CLSID\(1AC5C88A-DEA7-462b-A232-04AF5CA42E7E)
HKCR\AVExplorer.ShellExtension
HKCR\AVExplorer.ShellExtension.2
HKCR\AntiVirusCOM.AVOfficeProtect
HKCR\AntiVirusCOM.AVOfficeProtect.1

The files IEFWBHO.dll and winpgi.dll are registered as Browser Helper Objects (BHOs) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\(B5141620-C2B2-4D95-9F0F-134D99C87AB0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\(2178F3FB-2560-458F-BDEE-631E2FE0DFE4)

The following registry entry is set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\
<Program Files>\WinAntiVirus Pro 2006\Updater.exe
<Program Files>\WinAntiVirus Pro 2006\
Updater.exe:*:Enabled:updater.exe

WinAntiVirusPro sets the following registry entry, disabling autostart for the SharedAccess service:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4

Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).

Registry entries are set as follows:

HKCR\Drive\shellex\ContextMenuHandlers\ShellExtension
(Default)
(1AC5C88A-DEA7-462b-A232-04AF5CA42E7E)

HKCR\Directory\shellex\ContextMenuHandlers\ShellExtension
(Default)
(1AC5C88A-DEA7-462b-A232-04AF5CA42E7E)

HKCR\*\shellex\ContextMenuHandlers\ShellExtension
(Default)
(1AC5C88A-DEA7-462b-A232-04AF5CA42E7E)

Registry entries are created under:

HKCU\Software\WinAntiVirus Pro 2006
HKLM\SOFTWARE\WinAntiVirus Pro 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1

WinAntiVirusPro provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "WinAntiVirus Pro 2006 2.0.218.0".