Guide Last Update on 8-14-2010 for AV Security Suite
ATTENTION: AV Security Suite is slightly different than Security Suite. If your fake client does not have AV in front of it then you should go to this Security Suite guide for more accurate help and VIDEO.
Update: Browse down and watch the Proxy removal video first. Then download the SDA client we recommend and continue on with the rest of the AV Security Suite removal guide.
Another Update: We need your help locating were you got infected. Please take a second to post a comment about what sites you think may of infected you or the actual URL.
Description: AV Security Suite is a new fake security client and a clone of 3 others Antispyware Soft, Antivirus Suite and Antivirus soft. All the scan results from this client are fake. The warnings and scan results are there to trick the user into making a purchase of this bogus security client.
What makes this threat hard to remove is it will change the users proxy settings. Because Chrome and Internet Explorer use these settings many users may find they can not go to regular websites. Don't worry we have created a video below to help you get around this little issue.
Like most rogue security clients it can be hard to remove AV security Suite. Many users report most regular programs to be blocked so they can not run security scans or even download security software. The warnings that AV Security Suite give off can be very alarming and convincing but please remember that it is all just a ploy to get you to purchase the client. None of the warnings are true.
AV Security Suite
As soon as you find yourself infected with this threat you need to take immediate action to remove it. AV Security Suite removal can be a little challenging for non savvy computer users but we have included a removal video for Antispyware Soft that is very similar to this threat and it should help provide guidance. Also be sure to watch the Proxy re-set video as well.
Antivirus Soft Removal Video ( NOT AV Security Suite but it's basically the SAME EXACT THREAT. This should work for you. Just substitute out the correct names and files)
HELP US: We took the time to make this video and help you. Please rate us on http://www.mywot.com/en/scorecard/removevirus.org . It will only take you a minute to register and add a comment. We would also welcome any posative facebook or social bookmark comments.
We have just produced another video on this. It's a remote repair of a follower to removevirus.org. We only have it on youtube at the moment but if we here good responces we will add it in here as well. The repair was down on an XP computer while in Safe mode with Networking
Don't forget. If it's too hard for you to remove yourself or things just aren't working for you then a cheap route for repair is www.pcninja.com.
Remove Proxy Setting so You Can Connect to the Internet Again.
AV Security Suite Manual Removal Procedures
The first step you must take in order to remove AV Security Suite is to stop the following process:
- [random]tssd.exe [random].exe Normally 6 random characters
Top Stop this process you can either browse to the file location and re-name the file like we did in the video above, or you can download our process killer tool under SOFTWARE tab above. Be sure to download the one already re-named explorer.exe
We also want to point out that your Internet Explorer and or Chrome will not be able to connect to the internet in many cases. You need to remove the proxy setting first. View the video above on how to do this.
The next step in AV Security Suite removal is to delete the following file:
- %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe
- %User%\AppData\Local\[random characters ]\[random characters]tssd.exe
UPDATE 8-14-2010: This threat is mutating. You may not have the tssd.exe anymore at the end. However it still have the random characters and is in the same folder paths as above.
AV Security Suite Registry Removal Procedures
Removing files and folders alone is not sufficient to completely remove AV Security Suite. The following keys and settings should also be removed from the Windows registry to complete AV Security Suite removal:
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" ="1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ""
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = "1"
Updated Regsitry traces: May not apply to you
- HKEY_CLASSES_ROOT\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVSecurity (and AVscan)
You should now run a full security scan to ensure no other threats are installed on your computer.
AV Security Suite Directories:
- Vista and Windows 7 Users: %User%\AppData\Local\[random characters ]\
- XP Users: %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\