Fake virus scan called AV Security Suite

Thread Starter

Maintenance Man

Joined May 12, 2010
25
:mad:Could someone please let me know how I can get the fake virus scan called AV Security Suite off my computer? I have found a way to shut it down but it keeps coming up when I start my computer. We do not have it come up on the other users that share my computer. I think this virus might have come from an email. I would like to get it out of my computer. Thank you for your help in advance. I have bought new virus scan that did not detect this virus. I think it is imbedded deep in my computer.
 

Wendy

Joined Mar 24, 2008
23,415
There is a site similar to this one, but geared to computers, called MajorGeeks.com . Many viruses block access to this site if they can, higher praise can not be managed. I would recommend you drop them a line.
 

SgtWookie

Joined Jul 17, 2007
22,230
Remove AV Security Suite. Description and removal instructions

Title: AV Security Suite
Also known as: AVSecuritySuite, AVSecurity Suite, AV SecuritySuite

Type: Spyware
Severity scale: (72 / 100)

AV Security Suite is a rogue anti-spyware program from the same family as Antispyware Soft and Antivirus Soft. Once installed, this fake program will display fake security alerts and state that your computer is infected with spyware, adware and other types of malware. Then it will prompt you to pay for a full version of the program to remove the infections and to make your computer more secure. Of course, that's not true, because AV Security Suite is an infection itself and obviously won't protect your computer from malware. Most importantly, don't purchase this bogus program. If you have already purchased it, then you should contact your credit card company and dispute the charges. Finally, please follow the removal instructions below to remove AV Security Suite from your computer as soon as possible either manually or with an automatic removal guide.

Probably the most annoying thing about AVSecuritySuite is that it actually blocks legitimate software and certain system tools. It may even make your computer very slow. When running, it will display several fake pop-ups and state that your anti-virus or anti-spyware program is infected and that you should uninstall it. Furthermore, it will impersonate Windows Security Center and state that your computer is not protected against malware. It will then recommend you to buy a full version of AV Security Suite. Again, don't do that, otherwise you will simply lose your money. It's very important to mention that you may have to reboot your computer in safe mode with networking in order to remove this virus from your computer. The rogue program changes Internet Explorer settings and enables the proxy server. You need to restore those settings, otherwise, you won't be able to download malware removal tools from the Internet. If you find that your computer is infected with this bogus and very annoying program, then please follow the removal instructions below.

AV Security Suite removal instructions

1. Restart your computer. As your computer restarts but before Windows launches, tap "F8" key constantly. Use the arrow keys to highlight the "Safe Mode with Networking" and press "ENTER"

2. Open Internet Explorer. Click on the Tools menu and then select Internet Options.

3. In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.

4. Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled "Use a proxy server for your LAN" under the "Proxy Server" section and press OK.

5. Download an automatic removal tool and run a full system scan. http://www.pctools.com/downloads/afl_2-spyware/sdsetup.exe

AV Security Suite manual removal:
Kill processes:
[RANDOM CHARACTERS]tssd.exe

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[EIGHT RANDOM CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]tssd.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[CHARACTERS]" = "%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\"RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"EnabledV8" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments"SaveZoneInformation" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations\"LowRiskFileTypes" = ".exe"
HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE
HKEY_LOCAL_MACHINE\SOFTWARE\avSofT
HKEY_CURRENT_USER\Software\avSofT

Delete files:
[RANDOM CHARACTERS]tssd.exe

Delete directories:
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]

MalwareBytes Anti-Malware should remove it, and many others as well.
You can download it from this page: http://www.2-spyware.com/review-malwarebytes-anti-malware.html
 
Last edited:

tom66

Joined May 9, 2009
2,595
For when I have to use Windows, prevention is the best protection, followed by actual protection. What antivirus did you use before the infection?
 

SgtWookie

Joined Jul 17, 2007
22,230
Even fairly experienced users can "get got" by the viruses, downloader 'bots, Trojan Horses and other malware that's around nowadays. No single tool can keep all of them off of your computer, and unfortunately multiple tools require frequent updating.

Javacools' Spywareblaster is a very useful tool for prevention of infection from a large number of "known bad" sites; it prevents getting to the "known bad" sites to begin with, in a passive manner.

Spybot Search & Destroy also has an "inoculate" function, which works in a similar manner. It adds entries to your HOSTS file to re-direct known-bad URL references to your own computer, preventing access to those sites. Spybot also has active adware/spyware locate/removal tools. Tea-Timer can be useful to prevent registry changes, but it's a real pain in the neck on Windows Vista; you'll click yourself silly.

I've been using AVG Anti-Virus Free for years. It takes a few extra minutes for the system to stabilize after booting up, but after that it is pretty transparent.

Malwarebytes Anti-Malware is a very good tool. You should run it at least every couple of weeks, just to see if anything "snuck by" AVG Free.

HijackThis is a reporting tool that tells you what all gets run, and is running when you start up your computer. Optionally, it can remove some Registry entries. Be aware that modifying your registry can cause your computer to become non-functional.

Process Explorer is an important tool available as a free download from Microsoft:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Think of it as Task Manager on steroids wearing a Superman cape. Are you getting pop-up messages and can't figure out what program is generating them? Start Process Explorer, then drag the target from the toolbar and drop it on the message. Process Explorer temporarily hides itself until you drop the target on something, then it pops back up with the process that the item belongs to highlighted.
 

tom66

Joined May 9, 2009
2,595
The user is often the cause of viruses, but it doesn't help if the operating system runs everything as Administrator. Vista tries to fix this, but kind of fails because I know very few people who actually check what the Allow or Deny dialog is asking them to.

Anyway this is getting off topic...

There are plenty fake virus scanners which infect your system. I get several fake Windows dialogs when I visit websites on my Linux PC and I guess I laugh them off, but it saddens me how people can ruin other peoples' computers, mostly for money.
 

Wendy

Joined Mar 24, 2008
23,415
MajorGeeks as several suites of programs, geared to individual operating systems, all free ware or share ware you can download from the site (they also have a huge library of software, which they vet most carefully). You follow their procedure and run around 6 different spyware scanners, along with your virus scanner, to try to clean out your machine. Some of the software has been written by guys on their site.

If that doesn't succeed (some of the junk out there is pernicious) they have a special forum where they use people (not quite mod status) who have been cleared to help. The idea is Joe Blow doesn't confuse the issue with half baked ideas. If the lower level folks (who have quite a bit of experience) can't help it gets bumped up to higher level experts. A thread started by you really is yours, outsiders can't interfere. The service is volunteer only, and free.

It's where I go when I need help.

They also have a decent set of forums in their own right, none electronics related.
 

Thread Starter

Maintenance Man

Joined May 12, 2010
25
:)Thank you all so very much for your help; I greatly appreciate it a lot. The reason I got this virus is my own fault, because I did not keep my virus scan up to date. It is a valuable lesson in keeping things up to date. It is just too bad that people out there get a thrill by making software that causes problems with computers. Again, thank you very much for all your help.
Sincerely:
M maintenance Man
 

sceadwian

Joined Jun 1, 2009
499
Not even that, even if you keep your scan up to date you're still vulnerable. The only virus you can get on modern systems is by NOT knowing what you're doing when you click something.

It has nothing to do with a thrill, it's big buisness. Fake AV software rakes in tons of cash a year. There are many so called zero day vulnerabilities in many piece of software. Virtually every one of them requires the user to click on a button that says 'okay' first though, passive system infiltration is nearly impossible unless someone chooses not to update their systems.

I haven't used anti-virus software deliberately in the last 20 years, and I've only had one virus and that's cause _I_ installed it, no virus software would have picked up what I got. You can't it looks just the same as regular software.
 

Wendy

Joined Mar 24, 2008
23,415
Then you don't google much. Even websites that are clean can be taken over and infected without the owners consent. Like you said, it is big business.
 

sceadwian

Joined Jun 1, 2009
499
If your browser is kept patched up to date the chances of a website you visit will be able to execute malicious code without some kind of direct intervention from the user is so low it's difficult to calculate, even some of the 0 day vulnerabilities in IE Flash and the PDF format were never utilized for any mass infections.
Websites themselves is a totally different story, the number of web services that have outdated software with published vulnerabilities is staggering. It's all chalked up to lazy system admins that don't keep their software up to date.
 

Wendy

Joined Mar 24, 2008
23,415
Again, not quite true. I've run into several just accessing the sites tries to install a virus. I backed out as fast as possible, the virus scanner seemed to have handled it. The problem is the bad guys are as smart as the good guys, it is a measures/countermeasures game.

One of the sites was a straight up reference I had never been to, I was doing some informal research. According to several newletters I subscribe to this is a ongoing problem. You think AAC going down or ElectroTech being hacked was their fault? I don't.

This is a war of sorts, and people who haven't done anything wrong do get hit.
 

dataman19

Joined Dec 26, 2009
135
You should get a hold of an AVG Rescue Disc..
..
Then all you have to do is set the computer to Boot to CD..
Pop in the Rescue Disc..
Restart the computer..
Let the ISO Lynx CD Boot and the AVG Rescue Disk load..
Run it..
then after about 2-5 hours (Depending upon how large your hard drive is) you get a result telling you which boot virus and how many root viruses and worms are in your machine.
..
At this point you need only "delete" then exit the program..
Remove the CD
..
Reboot and go about your business..
..
You may also want to run the Microsoft Utility AUTORUNS to make sure your Registry is intact afterwards..
..
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
...
Also.. We have found that the AVG Business Internet Security Suite is the top of the line answer to internet security (but I am naturally partial to AVG)..
..
My only pitch is to tell you that whichever Anti-Virus suite you use - use the Paid Version. The free Versions are subject to hacking and the current round on Virus Worm launchers are tailored to attack the free versions.
...
Incidentally, I have removed this virus launcher suite from at least 100 or more client computers in the last year. So far I have 100% Success and no data lost.
..
Complete File recovery and 100% Satisfied clients.
..
Take care all..
Dave R. Mason
dataman19
 
Top