AV Security Suite Virus Removal

Guide Last Update on 8-14-2010 for AV Security Suite

ATTENTION:  AV Security Suite is slightly different than Security Suite.  If your fake client does not have AV in front of it then you should go to this Security Suite guide for more accurate help and VIDEO.

Update:  Browse down and watch the Proxy removal video first.  Then download the SDA client we recommend and continue on with the rest of the AV Security Suite removal guide.

Another Update:  We need your help locating were you got infected.  Please take a second to post a comment about what sites you think may of infected you or the actual URL.

Description: AV Security Suite is a new fake security client and a clone of 3 others Antispyware Soft, Antivirus Suite and Antivirus soft. All the scan results from this client are fake. The warnings and scan results are there to trick the user into making a purchase of this bogus security client.

What makes this threat hard to remove is it will change the users proxy settings. Because Chrome and Internet Explorer use these settings many users may find they can not go to regular websites. Don't worry we have created a video below to help you get around this little issue.

Like most rogue security clients it can be hard to remove AV security Suite. Many users report most regular programs to be blocked so they can not run security scans or even download security software. The warnings that AV Security Suite give off can be very alarming and convincing but please remember that it is all just a ploy to get you to purchase the client. None of the warnings are true.

AV Security Suite

AV Security Suite

» Download AV Security Suite Removal Software

As soon as you find yourself infected with this threat you need to take immediate action to remove it. AV Security Suite removal can be a little challenging for non savvy computer users but we have included a removal video for Antispyware Soft that is very similar to this threat and it should help provide guidance. Also be sure to watch the Proxy re-set video as well.

Antivirus Soft Removal Video ( NOT AV Security Suite but it's basically the SAME EXACT THREAT. This should work for you. Just substitute out the correct names and files)

This text will be replaced

 

HELP US:  We took the time to make this video and help you.  Please rate us on http://www.mywot.com/en/scorecard/removevirus.org .  It will only take you a minute to register and add a comment.  We would also welcome any posative facebook or social bookmark comments.

We have just produced another video on this.  It's a remote repair of a follower to removevirus.org.  We only have it on youtube at the moment but if we here good responces we will add it in here as well.  The repair was down on an XP computer while in Safe mode with Networking

http://www.youtube.com/watch?v=Abb_snLbGDw

Don't forget.  If it's too hard for you to remove yourself or things just aren't working for you then a cheap route for repair is www.pcninja.com.

Remove Proxy Setting so You Can Connect to the Internet Again.

Proxy Settings

 

AV Security Suite Manual Removal Procedures

The first step you must take in order to remove AV Security Suite is to stop the following process:

  • [random]tssd.exe [random].exe  Normally 6 random characters

Top Stop this process you can either browse to the file location and re-name the file like we did in the video above, or you can download our process killer tool under SOFTWARE tab above.  Be sure to download the one already re-named explorer.exe

We also want to point out that your Internet Explorer and or Chrome will not be able to connect to the internet in many cases.  You need to remove the proxy setting first.  View the video above on how to do this.

The next step in AV Security Suite removal is to delete the following file:

Windows XP:

  • %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe

Windows Vista/7:

  • %User%\AppData\Local\[random characters ]\[random characters]tssd.exe

UPDATE 8-14-2010: This threat is mutating.  You may not have the tssd.exe anymore at the end.  However it still have the random characters and is in the same folder paths as above. 

AV Security Suite Registry Removal Procedures

Removing files and folders alone is not sufficient to completely remove AV Security Suite. The following keys and settings should also be removed from the Windows registry to complete AV Security Suite removal:

  • HKEY_CURRENT_USERSoftwareavsoft
    HKEY_CURRENT_USERSoftwareavsuite
    HKEY_LOCAL_MACHINESOFTWAREavsoft
    HKEY_LOCAL_MACHINESOFTWAREavsuite
    HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" ="1"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ""
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".exe"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = "1"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random]"
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "[random]"

Updated Regsitry traces: May not apply to you

  • HKEY_CLASSES_ROOT\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVSecurity (and AVscan)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASAPI32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASMANCS

You should now run a full security scan to ensure no other threats are installed on your computer.

AV Security Suite Directories:

  • Vista and Windows 7 Users: %User%\AppData\Local\[random characters ]\
  • XP Users: %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\
RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.