Tuesday, June 8, 2010

AV Security Suite removal instructions

AV Security Suite is a new rogue antispyware from the same family of rogues as Antispyware Soft, Antivirus Soft, Antivirus Live, etc.

HijackThis shows AV Security Suite infection:

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe

What AV Security Suite does

AV Security Suite is not a legitimate security tool. Unlike it, the rogue uses trojans to install itself and only looks like a normal antispyware tool, but in reality, this program can not remove viruses, trojans, etc., nor will be protect your computer from legitimate future infections. AV Security Suite created with one purpose to trick you into purchasing the full version of the software.

Scree shoot of AV Security Suite

During installation, AV Security Suite will configure itself to run automatically every time when your computer starts. After that, it will start a scan and detect a lot of infections. These fake infection can only be removed with a full version of the program. Obviously, such results are a fraud, the program want to scare you into thinking that your computer is infected with malicious software.

While AV Security Suite is running, it will flood your computer with fake security alert and notifications from Windows task bar. Furthermore, the rogue may disable Task Manager, block legit Windows programs, including antivirus and antispyware tools, from running and hijack Internet Explorer so, that it will display various misleading notifications about phishing websites and other security threats.

As you can see, AV Security Suite is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the removal guide below and remove AV Security Suite from your computer manually for free.

How to remove AV Security Suite


Download HijackThis from here, but before saving, in the Save dialog, rename HijackThis.exe to iexplore.exe and save it to your desktop.

Run HijackThis. In the main menu click to "Do a system scan only" button. Look for these lines and place a checkmark against each of the following, if still present

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe

When finished, you will see a window like below.



Make sure your Internet Explorer (or any other browser) is closed when you click Fix Checked! Close HijackThis.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software


Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.

Note: if you can`t download or run these suggested program above, boot your computer in Safe mode with networking and repeat the above steps once again.

If the instructions does not help you, then ask for help in the Spyware removal forum.

2 comments:

  1. What if you can't reboot, all I get is a black screen w/ prompt...

    ReplyDelete
  2. Try the video guide: http://youtube.com/watch?v=PuEOxLX_yE4

    ReplyDelete