AV Security Suite Virus Removal

Guide Last Update on 8-14-2010 for AV Security Suite

ATTENTION:  AV Security Suite is slightly different than Security Suite.  If your fake client does not have AV in front of it then you should go to this Security Suite guide for more accurate help and VIDEO.

Update:  Browse down and watch the Proxy removal video first.  Then download the SDA client we recommend and continue on with the rest of the AV Security Suite removal guide.

Another Update:  We need your help locating were you got infected.  Please take a second to post a comment about what sites you think may of infected you or the actual URL.

Description: AV Security Suite is a new fake security client and a clone of 3 others Antispyware Soft, Antivirus Suite and Antivirus soft. All the scan results from this client are fake. The warnings and scan results are there to trick the user into making a purchase of this bogus security client.

What makes this threat hard to remove is it will change the users proxy settings. Because Chrome and Internet Explorer use these settings many users may find they can not go to regular websites. Don't worry we have created a video below to help you get around this little issue.

Like most rogue security clients it can be hard to remove AV security Suite. Many users report most regular programs to be blocked so they can not run security scans or even download security software. The warnings that AV Security Suite give off can be very alarming and convincing but please remember that it is all just a ploy to get you to purchase the client. None of the warnings are true.

AV Security Suite

AV Security Suite

» Download AV Security Suite Removal Software

As soon as you find yourself infected with this threat you need to take immediate action to remove it. AV Security Suite removal can be a little challenging for non savvy computer users but we have included a removal video for Antispyware Soft that is very similar to this threat and it should help provide guidance. Also be sure to watch the Proxy re-set video as well.

Antivirus Soft Removal Video ( NOT AV Security Suite but it's basically the SAME EXACT THREAT. This should work for you. Just substitute out the correct names and files)

This text will be replaced

 

HELP US:  We took the time to make this video and help you.  Please rate us on http://www.mywot.com/en/scorecard/removevirus.org .  It will only take you a minute to register and add a comment.  We would also welcome any posative facebook or social bookmark comments.

We have just produced another video on this.  It's a remote repair of a follower to removevirus.org.  We only have it on youtube at the moment but if we here good responces we will add it in here as well.  The repair was down on an XP computer while in Safe mode with Networking

http://www.youtube.com/watch?v=Abb_snLbGDw

Don't forget.  If it's too hard for you to remove yourself or things just aren't working for you then a cheap route for repair is www.pcninja.com.

Remove Proxy Setting so You Can Connect to the Internet Again.

Proxy Settings

 

AV Security Suite Manual Removal Procedures

The first step you must take in order to remove AV Security Suite is to stop the following process:

  • [random]tssd.exe [random].exe  Normally 6 random characters

Top Stop this process you can either browse to the file location and re-name the file like we did in the video above, or you can download our process killer tool under SOFTWARE tab above.  Be sure to download the one already re-named explorer.exe

We also want to point out that your Internet Explorer and or Chrome will not be able to connect to the internet in many cases.  You need to remove the proxy setting first.  View the video above on how to do this.

The next step in AV Security Suite removal is to delete the following file:

Windows XP:

  • %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe

Windows Vista/7:

  • %User%\AppData\Local\[random characters ]\[random characters]tssd.exe

UPDATE 8-14-2010: This threat is mutating.  You may not have the tssd.exe anymore at the end.  However it still have the random characters and is in the same folder paths as above. 

AV Security Suite Registry Removal Procedures

Removing files and folders alone is not sufficient to completely remove AV Security Suite. The following keys and settings should also be removed from the Windows registry to complete AV Security Suite removal:

  • HKEY_CURRENT_USERSoftwareavsoft
    HKEY_CURRENT_USERSoftwareavsuite
    HKEY_LOCAL_MACHINESOFTWAREavsoft
    HKEY_LOCAL_MACHINESOFTWAREavsuite
    HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" ="1"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ""
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".exe"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = "1"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random]"
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "[random]"

Updated Regsitry traces: May not apply to you

  • HKEY_CLASSES_ROOT\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVSecurity (and AVscan)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASAPI32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASMANCS

You should now run a full security scan to ensure no other threats are installed on your computer.

AV Security Suite Directories:

  • Vista and Windows 7 Users: %User%\AppData\Local\[random characters ]\
  • XP Users: %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\
  • Anonymous

    how do I find the files on vista?

  • technical admin

    You simply follow the guide above. We list the paths to the threat.

  • Anonymous

    Your tutorial was great help to me!! thx!

  • TJ

    Looking at the video to remove the proxy settings – its the same 6:49 video about about it. At least on my computer it is.

  • TJ

    Never mind – my error ….. Thanks for all the help with the AVSS removal! Worked great. TJ

  • Jen

    I was freaking out about this AV thing and I was so upset that I was going to have to spend so much money to fix it. Lucky for me you guys created such a wonderful and helpful guide. The videos and this page saved my computer! THANK YOU!

  • Anonymous

    Okay, so I got this AV Security Suite thing today and have been at it all day to remove it. I followed another tutorial about how to remove it and I used malwarebytes which seemed to remove it, however for some reason now my computer will not connect to my wireless internet.

    I’ve tried searching for the files via the manual removal method listed here and none of the named files seem to be present anymore so I’m assuming it’s gone, but the wireless wont connect. It tries, but always fails.

    Does this have anything to do with this virus? Have I done something wrong in my attempt to rid my laptop of this which now prevents me from having internet access?

    Any help is appreciated.

  • technical admin

    Your issue sounds like a wireless one and not a virus.

    1. Ensure your Wireless is on in the laptop.
    2. Connect directly to your router via a cable instead of wireless to ensure the device is working. While there double check the password you were using.
    3. If the above fails you may need to re-load the Wlan drivers.
    4. Re-set your winsock using winsock fix. More of a last re-sort.

    No further answers will be provided on this subject. This is most likely not virus related.

  • spring

    Thanks !! I had run Malwarebytes several times under safemode but still not able to clean this virus until I came across this website.

    I am not a computer savvy person but I was able to follow the instructions. But I still have questions to ask.

    When I try to remove av security suite registry, instead of ((HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations “LowRiskFileTypes” = “.exe”)), my registry has ((HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations “”SaveZoneInformation” = “1”)), and instead of ((HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “ProxyOverride” = “”)), it has ((HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “ProxyOverride” local””))

    Should I just go ahead and delete them anyway ?
    Hope it is not a stupid question to ask.
    Thank you for your help!!

  • Colin

    hi, What would be the process to remove the registry errors.

  • Colin

    If I am able to open and run a McAfee virus check and it comes up clean, does that mean all of the virus is removed?

  • technical admin

    personally I don’t trust Mcafee. Use the Spyware Doctor with Antivirus or Malewarebytes.

    If they come up clean then you should be good to go.

  • Carry

    Thanks! with out this video I could not of done it.

  • technical admin

    Did you not read the guide above or watch the videos?

    If the above videos are too hard to follow then I strongly suggest you hire out http://www.onlinecomputerrepair.org.

  • technical admin

    I would not worry about those directly. As long as you have internet access and nothing odd going on and Spyware doctor with antivirus says your clean then you should be good to go.

  • Anonymous

    I am having major difficulty with this stupid AV Security Suite nonsense!
    It has taken over my personal laptop. I am currently on my work computer (who has blocks on pretty much everything)
    My issue is AV Security won’t let me click on any of my icons or run any of my programs. I can’t get into internet, microsoft office, or any other software in order to run the cleanup….
    Everything i do click on an icon, the security alerts pop up…
    How do I get rid of this thing if it won’t let me into any program???

  • Steve F

    Worked Great Thank You SOO Much took under an Hour

  • Kenneth

    Thank you so much for the help! Got rid of this stupid virus within 20 minutes.

    I’m using Avast Anti-Virus to help clean up the remains of this virus…

    And one question:
    Do you have any idea where this virus originates from? I’m guessing I got it from one of the many pop-ups coming from a strange video sharing website I was browsing yesterday night.. And if that’s the case, I’m going to stick with youtube and dailymotion from here on out.

  • technical admin

    WOOT! Glad it worked for you Kenneth.

    Most likely it did come in from a video codec or the like.

    Can You sent us an e-mail via the contact from with the urls of the video sites you were on. We like to maintain an internal lists of sites were we can get infections from to test out.

  • Kaicy

    Thank you very, very much! You probably get that a lot, but oh well. I’m very happy that I could easily remove it with no problem.

    But, maybe a guide or something to show how to reset the proxy in Firefox would be nice, though.

    Thanks again!

  • Lily

    I may have friends, but we’re all music geeks so I really didn’t have anyone tech savvy to help me with this. Thank you sooooooooo much! You saved me from bashing my computer with my piano…Or would it be bashing my piano with my computer?

  • Mcmcmcmcmc

    Thank you guys soooooooooooo much! Lifesaver indeed. seriously, though, Respect and keep doing what you’re doing!

  • Anonymous

    I wanted to thank you. I followed your directions and got rid of that nasty virus. Again, thanks sooooooo much!!!!!! πŸ˜‰

  • http://chaos.neonblade.com neonblade

    Thanks, worked beautifully! I have added it to my list of known Rogue security programs,…

    http://www.chaos.neonblade.com/RogueList.pdf

    Thanks again

  • Chad

    Dear technical admin- I want to express my sincerest thanks!

    I don’t know what I would do without my computer!

  • technical admin

    Hi Chad,

    Thanks for the kind words. We at RemoveVirus.org are glad to of helped you out.

  • Worried.

    Just need to ask, I went into safemode and ran malwarebytes and it said it removed the program before I saw this website. I then came here and followed the instructions on the video, but I didn’t HAVE the files to delete. Does that mean it’s all gone, or should I continue to be concerned?

  • Janae

    I came across this myself about 10 mins ago.. Go to Tools- Options- Advanced Icon- Network Tab- Settings, be sure to click on the OK button once you’ve selected your proxy setting. Hope that helps. =)

  • technical admin

    Janae You rock. Users helping users. Nothing is better then passing on the knowledge.

  • http://www.fitnessgaming.co.uk Martin

    I ran a repair on Microsoft Office which includes Outlook and that sorted out the problem. No problems before AV SS arrived, so it did something to Outlook that was not obvious from setting the account settings.

  • Chris

    My computer was hit with the AV Security Suite virus and I used your process to delete the virus off my xp computer. Thanks. However, I too am having no internet connection since I removed the virus. I have my pc hard wired to router. The LAN connection says it’s connected – but no packets sent or received. When I try repairing the connection, I get;

    ‘Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot proceed.’

    Any advice?

    Chris

  • skachel

    I am having the same problem connecting to the internet after I cleaned up from this virus. Outlook runs fine and but no internet. I cannot even connect to the router and I am hard wired to it also. It seams to be a firewall issue, but I cannot figure out what is wrong.

  • Chris

    I had the same issue. Go to IE and then tools. Then Internet options. Click on ‘connections’ tab. Click on ‘LAN settings’. uncheck the ‘proxy server box’.
    Worked for me. good luck

  • technical admin

    The above works. It’s exactly what we already tell you to do in the guide.

  • Anonymous

    I may have friends, but we’re all music geeks so I really didn’t have anyone tech savvy to help me with this. Thank you sooooooooo much! You saved me from bashing my computer with my piano…Or would it be bashing my piano with my computer?

  • Anonymous

    i ran both malwarebytes and spyware doctor accouple of times and they are both giving me diffrent results malwarebytes isnt finding any issues (i am using the free version) and spyware doctor is telling me i still have 80 infenctions on my comp would you mind explaining this? also what registry cleaner do you reccomend i been using CCleaner but it to is giving me conflicting results CCleaner is telling my registry is clean and every prodcut i use is giving me diffrent results 1000, 2000, 500 and i dont think those free fixes are doing a thing which one do i trust?

  • technical admin

    The SDA client and the MBMA client will show different scan results just like any security product would. They are all different and will pick up different traces. Chances are the SDA client is showing cookies as being bad (They aren’t ) however some sites are flagged because of scam issues. The SDA client normally does find more then MBMA and that is why we recommend it over the MBAM client.

    As far as registry cleaners they do little in the grand scheme of things. the only time I use one is when I have a known issue and need to re-set some settings. What you are better off getting is a all in one type of tool that helps to manage startup items, defrag, ect. A general PC tuneup tool. Try jv16 powertools. They have a 30 full functional trial and you can fully test it out. I have several licences for them and have fully tested out that program and for a tech guy like me it’s sweet. For a non tech person they may be better off using a more user friendly program. Something like PC Health Advisor. However JV16 is still better it’s just harder to use. You are using these tools more for the all in one settings rather then the registry cleaning.

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.