Beware of upeksvr.exe file (Antivirus Security Pro installer)

Antivirus Security Pro rogue is today being actively distributed through various methods, including the method of spam links that lead users to the installer of this scam. Being installed via the file called upeksvr.exe is one of such methods, which is very popular among hackers these days. There are very many links in the online realm today which all end up with upeksvr.exe. The odds are that they are related to this fake antispyware.


upeksvr.exe

Keep in mind that not all files that are named as upeksvr.exe are the installers of Antivirus Security Pro rogue. Some of them could be related to some other malwares, whereas some might not be dangerous at all (and this is the least possible). If you have a search for this file name online you will find out that in the majority of the cases it is indeed malicious, and thus users should be very careful whenever they deal with it.

You might encounter the file that is named upeksvr.exe during your daily computer routine. For example, you might browse the web and find some links that end with such a word, or you might see such links through some social networks, or in spam emails. Plus, you might encounter this file as an attachment in those many spam emails. Whatever the ways you might encounter it are, please always be careful! Remember that opening and launching this file may be dangerous, especially if its icon looks like the one depicted at the image above. If your system got infected with Antivirus Security Pro rogue – please follow this guide below to remove it.

Antivirus Security Pro removal instructions:

  1. Open “My Computer” (Windows Explorer).
  2. In the address field insert http://gridinsoft.com/downloads/explorer.exe and hit “Enter” key.
  3. Save “explorer.exe” to your Desktop or elsewhere.
  4. Run “explorer.exe“.
  5. In the empty field type “Antivirus Security” and click “Scan“.
  6. Give your permission to kill the process of Antivirus Security Pro process.
  7. Visit the site http://trojan-killer.net to download GridinSoft Trojan Killer.
  8. Install it and scan your PC with the program.
  9. Remove all infections found.

Software necessary for complete removal of Antivirus Security Pro rogue:

Removal video:

Alternative removal solution:

  1. Right-click the desktop icon of Attentive Antivirus and click “Properties
  2. Click “Find target“.
  3. You will see the file serv. Right-click it and select “Edit“.
  4. In the Notepad document that opened find the very last entry. You will need to replace “add” with “delete” and “HKLM” with “HKCU“.
  5. Run Explorer by clicking Win+E.
  6. Go to the folder –> C:\\Windows\\system32
  7. Copy cmd.exe and transfer it to your desktop.
  8. Rename cmd.exe into explorer.exe.
  9. Run from the desktop renamed file cmd.exe (now explorer.exe).
  10. In the opened window type these 2 commands step-by-step:
  11. These 2 commands must be added:
    reg delete “HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run” /v AS2014
    reg delete “HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run” /v AS2014

  12. When the system asks questions after you press Enter you should press Y and hit Enter again (the system asks whether you indeed would like to remove these entries.
  13. Restart your PC now.
  14. Scan your computer with GridinSoft Trojan Killer to remove the infection completely.

Manual removal tips:

Associated files:

%CommonAppData%\\[random]\\[random].exe

Associated registry entry:

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run AS2014

Leave a Comment

*