Help me get rid of AV security suite?

Question:

2010-08-14 05:03:52 UTC

I have a fake trojan virus checker called av security suite. It stops me from going on the internet and pops up fake messages saying that there are viruses on the computer. It then doesn't let me on programs, saying that a certain file is infected.
However, this only affects one of my accounts on the computer. The one I am writing this from is fine, as are the others. I did have to disable proxy servers though.

I have looked at several webpages saying what to do, but none have helped. I have run AVG scan, Malware bytes and a program called "rkill" - none have found the trojan.
I used a trojan finder that I though was free, and it found it - though stopped just before I could delete the trojan saying I had to pay.

Can anyone help - I have tried many of the instructions available on the internet, so links to these won't help.

Five answers:

Giedrius M

2010-08-15 09:06:32 UTC

Lots of paid programs show locations of infected files (for example Spyware Doctor does). So you can delete these files without paying.

Try launching MSConfig and disabling all entries that start from your user directory or clearly bad programs. For example, program, whose location is C:\Documents and Settings\.... is bad in many cases. Program, that starts from C:\Program files\xxx.exe is too ( but it is legitimate if starts from subfolder with clear name).

2010-08-14 22:25:33 UTC

U can try the following step by step av security suite removal instruction. Good luck!

2010-08-14 05:07:18 UTC

Back up your files and format your computer, Its the easiest way, XP takes about an hour to install and Windows 7 takes 20-30 minutes.

This way you wont bother urself too much.

2010-08-14 05:07:24 UTC

AV Security Suite manual removal:

Kill processes:

[RANDOM CHARACTERS]tssd.exe

Delete registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ "[EIGHT RANDOM CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]tssd.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRun\"[HARACTERS]" = "%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe"

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"CheckExeSignatures" = "no"

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"RunInvalidSignatures" = "1"

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"EnabledV8" = "0"

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"Enabled" = "0"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments"SaveZoneInformation" = "1"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\"LowRiskFileTypes" = ".exe"

HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE

HKEY_LOCAL_MACHINE\SOFTWARE\avSofT

HKEY_CURRENT_USER\Software\avSofT

Delete files:

[RANDOM CHARACTERS]tssd.exe

Delete directories:

%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]

OR

AV Security Suite is a rogue anti-spyware program from the same family as Antispyware Soft and Antivirus Soft. Once installed, this fake program will display fake security alerts and state that your computer is infected with spyware, adware and other types of malware. Then it will prompt you to pay for a full version of the program to remove the infections and to make your computer more secure. Of course, that's not true, because AV Security Suite is an infection itself and obviously won't protect your computer from malware. Most importantly, don't purchase this bogus program. If you have already purchased it, then you should contact your credit card company and dispute the charges. Finally, please follow the removal instructions below to remove AV Security Suite from your computer as soon as possible either manually or with an automatic removal guide.

Probably the most annoying thing about AVSecuritySuite is that it actually blocks legitimate software and certain system tools. It may even make your computer very slow. When running, it will display several fake pop-ups and state that your anti-virus or anti-spyware program is infected and that you should uninstall it. Furthermore, it will impersonate Windows Security Center and state that your computer is not protected against malware. It will then recommend you to buy a full version of AV Security Suite. Again, don't do that, otherwise you will simply lose your money. It's very important to mention that you may have to reboot your computer is safe mode with networking in order to remove this virus from your computer. AV Security Suite Basic changes Internet Explorer settings and enables proxy server. You need to restore those settings, otherwise, you won't be able to download malware removal tools from the Internet. If you fins that your computer is infected with this bogus and very annoying program, then please follow the removal instructions below.

AV Security Suite removal instructions

1. Restart your computer. As your computer restarts but before Windows launches, tap "F8" key constantly. Use the arrow keys to highlight the "Safe Mode with Networking" option as shown in the image below, and then press ENTER.

2. Open Internet Explorer. Click on the Tools menu and then select Internet Options.

3. In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.

4. Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.

5. Download an automatic removal tool from this page and run a full system scan. Or download it form alternative location.

bigugly11

2010-08-14 05:57:26 UTC

Manual Removal:

1-Edit Windows registry and DELETE *AV Security Suite entries. [**how to edit registry]....SEE * & ** below

2-Exit registry editor.

3-Remove AV Security Suite start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):

(random characters).exe

4-Click Apply and restart the computer.

* AV Security Suite Registry Entries:

HKEY_CURRENT_USER\Software\avsoft

HKEY_CURRENT_USER\Software\avsuite

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:1041″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = “1″

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “(random characters)”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = “1″

HKEY_LOCAL_MACHINE\SOFTWARE\avSofT

HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE

HKEY_CURRENT_USER\Software\avSofT

HKEY_CURRENT_USER\Software\AVSuitE

** It is important to back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files.

To edit Windows registry:

1. Click Start > Run

2. Type regedit at the box

3. Click OK

4. Windows registry will appear.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese