Antivir Solution Pro

AVG is not going to cut it.

Boot into safe mode with networking. Download Spyware Doctor with antivirus as the guide states and run a full scan there. Ensure you update the client first. In safe mode the threat should not be running. You have a secondary infection “Root Kit” that is most likely re-installing the program. No way to know what the trojan is with out running a full scan. SDA does cost money to remove threats. However the free trial will still scan and block threats. From there you can see what files you need to delete.

im scare he gonna blame it on me that i mess it up the desktop and i didn’t do nothing wrong cause im the only 1 using the computer for this week please i need your help how to take it out from is pc contact me my email Removed for Privacy and im only 13 years old please i need your help…………………….god bless u

Did you ever run a scan using Spyware Doctor with Antivirus? This is the first thing I tell everyone who has issues locating the virus threat. The SDA client will show you exactly were the files are located when you run a FULL scan. From there you can manually delete them. The free trial will NOT remove threats but it’s awesome at stopping the threat from getting worse and will show you the exact folder locations of the viruses so you can then browse down to them and manually delete them. You may need to be in safe mode to delete the viruses.

Initially i rebooted my computer and a message came up whether to run or dont run. I located this folder and deleted this and i was able to get back on the internet however i cannot watch videos etc. i still feel that the virus is still on the computer but i cannot now locate it to delete it. (This was before i saw your post on how to delte it)

I have now run scans with spyware doctor and malwarebytes but they have not located any threats. I used stopzilla which did locate the threats but then i went to the places that it said the threats were at but they were not there.

To be 100% clear here.

You already removed the Antivir Solution Pro or at least you think you did. Then because you could not watch videos you did more research and found our site. After following our manual guide you could not locate any of the traces to this virus threat. However you feel your computer is still infected because of the video issue.

The SDA client and Malwarebytes found zero threats. You are not being redirected in your browser and Antivir Solution Pro is not popping up on you.

Maybe it is just a video issue and coincidental. Are you trying to watch videos from youtube or your computer?

If youtube then I suggest re-downloading the Adobe flash player and installing it. Perhaps it got corrupt, removed or disabled.

If it’s videos on your computer I suggest you download the latest codec pack.

Reply and we can go to the next level if the above does not work for you. At this time from the information you provided I am unsure your actually infected.

P.S. We do not support people via e-mail normally but I’ll make an exception here because I’m curious about your issue. Feel free and hit the contact button and describe the issue again. Include a time when you will be in front of your computer so I can remote in if need be.

hey i have removed the virus and re-setted the host file and re-setted ie and i followed every step on the video but when i got on the internet google was still acting strange. The internet redirects me and when i search on google it gives me sites that dont even have the fields i searched in.What do i do?

As per our disclaimer and terms of use we only help people age 18 and above. We can not be held liable for any actions you take.

With that said we can only help people who help themselves. You made no mention of what you could not do in the virus removal guide we wrote. Follow the guide. It works. Watch the video it works. Just asking for help and not stating what you already tried in the guide will get you no were.

Did you run the FULL scan with Spyware Doctor with Antivirus? That is the first step to see what you are infected with. From there the answer will very.

It sounds like you have a BHO that is causing the issue. Re-setting IR normally resolves this issue. Run the scan and report back the results

Okay ill give it a go in the next 24 hours as i do not have access to my computer at the moment. i think that may be case that the internet got corrupted as everything else seems to be fine apart from internet explorer as not just youtube videos etc dont work i cannot download anything. it just seems to be running quite slower than usual. ill let you no when i reinstall adobe flash player.

I downloaded Spyware Doctor with Antivirus but I cannot run it because after double clicking it said “Security Warning- Application cannot be executed. The file pctsgui.exe is infected. Do you want to activate antivirus software now?”

i cannot download anything online including adobe flash player. i am a bit unsure what do next wondering what you would recommend.

Ok, the problem i’m having is i cant open “internet options” to change my proxy settings, not even in safe mode. Now what? Help!

I got this last night and have removed it. I am very worried in case they have stole personal details. Can this happen with this particular virus and what are the signs??

Hi Debbie,

While there are programs out there that steal user data this virus alone does not do that. Unless you actually pay for the thing anyways.

To be sure I recommend running a full scan with Spyware Doctor with Antivirus. The nice thing with the free scan is you can dive into the threats and read what PCTools has to say about the threat. In most cases it will not steal personal information.

I would still keep a close eye on your bank account if you use a debit card. The safer practice is to never use a Debit card online. Only use a credit card or better yet Paypal. It’s safer because going that route you can get your money back. Using a debit card the bank will just shrug their shoulders and say we can get you a new card but that is it.

You can run the client in Safe mode with Networking. Be sure to update the client first. In safe mode it will run. Other wise the virus is blocking it. If you wish to run the client in normal mode you need to follow the manual guide first and stop this process from running

Reset IE. We have the tool in the side bar to do it.

I just want to be clear on the registry removal instructions. I get that registry entries such as “HKEY_CURRENT_USER\Software\SolutionAV” should be deleted (which I did), but the entries such as HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload “RunInvalidSignatures” =”1″
… Should I delete these entries, or make sure that the value is the one listed?? For example in this entry, are you saying the value should be “1″… or do I just delete the entire entry??

I have located the wierdly named folder, there are two actually, but there is no tssd file in either of them. Both of the folders say the date modified was the day I tried to get rid of the virus, so at least they have to be connected to AntiVir. What do I do?

The problem with registry keys is you may actauly want that value on for some other software program you may have. However that is unlikely. This registry key basically means “Allow software to run or install even if the signature is invalid”. This is a big no no in most cases. By changing the “1″ to “0″ we basically turn this value off.

This can be SUPER confusing for most people. It is also dangerous for people who do not know what they are doing to poke around in the registry. We are very hesitant to actually straight out tell people what they should change the value to because we can not be held liable for any damages. However this is a great question and I’m surprised more people do not ask it.

What is the folder name and location?
What files are in the folder?
Did you run a full scan using Spyware Doctor with Atnivirus. If you are having troubles downloading the client or installing it you will want to go into safe mode with networking and install it there. Be sure to run the FULL scan. This will tell you the exact file name that you need to manually delete.

With out knowing the above we really can’t help much.

I had the Antivir virus so I went in to safe mode like you said and I downloaded Spyware Doctor w/ Antivirus. I ran the full scan, and I actually went ahead and purchased it and removed all of the threats it found on my computer. After completion it asked me to reboot, so I did. Now, the antivir virus appears to be gone because I can actually get on the internet now. But everything is running extrememly slow. All programs take forever to open, and the internet takes forever to open up pages. Also, after I rebooted, my desktop changed (icons were rearranged and my background picture had changed). So I shut down and rebooted in safe mode again, and everything runs fast and smooth while in safe mode.

Any idea why everything has slowed down so much? I’m thinking I may have other issues than the ones deleted w/ Spyware Doctor. But all of my programs were running fine even while I had the Antivir virus (except for the internet of course). Any help would be appreciated. Thanks

Glad to see you got rid of the virus. Or at least it seems that way. What I would do is boot into safe mode with networking and download Malwarebytes and run a scan with that just to ensure everything is gone. If it picks something else up then great. It may not because like you said your purchased the SDA client and everything seems to be good except your computer is really slow.

If the above does not work I would uninstall the SDA client and reboot. See if your computer runs faster with out the client installed. If you notice a huge difference in speed it means you most likely have little computer memory to handle a good solid internet security product. I would still re-install the client again but perhaps leave out things like the browser defender and see if that does not help pickup more speed.

I recommend no less then 2G’s of ram. 4 Gig’s is the recommended amount of memory. You can see how much memory is installed on your computer under the properties tab of the Computer or MY Computer Icon. If it’s less then 2g’s I would Google memory configuration and look up your model to see what type of memory your computer can use and what the cost is.

If your computer is very old and lets say it only has 512MB of memory then running any security client that is up to date for 2010 will cause a BIG decrease in system performance.

Let us know if you find the root cause. I’m interested.

The answer to your question is already in the guide. Read it again and follow the proxy removal vid.

If you want to learn how to remove or edit registry keys you can go under the how to guides section and read that article.

You do not have to re-name the file the the prefetch folder. I would still delete it but it really does not matter.

Got this virus and think I was able to get rid of by using Symantic Antivirus…did a Live Update and then ran a full scan…it found 6 or so files after which I had to reboot my computer and now everything seems to be back to normal.

However the ttssd file is still in my prefetch folder. Do I still need to rename it and go through the processes of deleting the registries? How do I delete registries?

IE doesn’t seem to work it says it cannot display the webpage?

Think I need to switch to FireFox!

As stated in the video the path for XP is %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe.

You do have a local Settings folder. Again as stated in the guide it is a hidden folder. Watch the video. You need to either un hide the folders or manually type in the LocalSettings path.

Hi first thaks for such a great video, I as able to follow step by step and remove the virus…and then bought spyare doctor to be able to clean my comp, the problem as that a day ater the antivir pro came back again, I will do the scan and at the end it ill say no threats detedtec evendough the antivir as running. i don’t understand hy it is not pickig it up, I had to go back to your video and deleted it manually again. Is this going to keep happening, for tp days every time I turn on my comp the virus ius back. Please help. Thaks

I can’t find it. I’ve searched for it, but its not there. I’m using Windows Professional, and I’m currently in Safemode with networking.

So i removed the tssd files and all that nonsense. (ended processes and whatnot) but upon entering regedit not one of the keys mentioned above seemed to exist.. this might be because the second in saw signs of this crap i shut down and booted in safe to prevent further damage until i had a game plan. the only thing is one registry key CURRENT_USER/Software/wpyyaxvbft remove this? thanks

When it comes to registry keys and the potential to really screw things up on your computer We can not tell you what to delete and not to delete. Does this look like a false entry to me? Yes. Would I delete it? Yes. But before all of that I would of ran a full scan with Spyware Doctor with Antivirus to let it tell me if this was really a threat to remove or not.

In the end the choice is yours and your alone but if it was my computer I would delete that funky name because it just looks wrong.

Here is what I would do because you already purchased the SDA client.

1. Ensure the product is fully up-todate
2. Run a FULL scan on my computer.
3. Download Malwarebytes, install, run full scan at the same time as the SDA scan. We are using a second client to ensure nothing is being left over by the first security client. SDA does a great job at blocking threats and removing them in the first place so you must have a rootkit on your computer that is re-installing this virus before the SDA client is up and running on boot. The above steps should solve this issue for you.

You may also want to take a look at the start-up Menu. Go to the run/AKA Search box. Type in MSCONFIG . Than select the Startup tab. Under there go through and look for any very wierdly named files. Pay close attention to Temp file locations and System32 locations. If there is something there that looks really off, chances are it’s what is re-installing the threat. Un-check the box and see if that stops the threat. My guess is if the SDA client does not pick it up after a full scan you may have to wait a day or so for another update that will include whatever rootkit is installing this threat. PCTools also offer free support so you may just want to go that route as well.

i have the antivir virus so i tried to boot my laptop in safe mode but it just keeps on freezing while it loads up. do you have any ideas on how to fix this?

Hard to answer the question with out knowing what OS you are using. Does it boot into normal mode? If so you can still follow the guide and remove the threat in normal mode. I have removed this threat about 30 times now and do it in normal mode almost every time. Try the guide and if you have a question on a specif step please ask.

As far as not being able to boot into safe mode your computer may be missing some core OS files. You can always use the backup computer disc to do a soft system restore.

Earlier this week, I got this ugly bugger, and using sypware doctor microsoft security essentials and malaware anti bytes got it removed. Then 3 days later in the middle of searching google I got it again, so I had to remove it…. again.

Now, 3 days after that, while microsft security essentials scanned, found the random tssd.exe file still lurking even though earlier the week said that all 3 antivirus programs removed so…..

You mentioned something about a “root-kit” that might reinstall this, but neither of the 3 programs can find anything about a root-kit virus that I might have

Im pretty sure how I got it, from all my active downloading, so I delted all known downloads I made withen the last week succesfully.

Any help? :3

If you followed the proxy video you should not need to do anything else in most cases.

I would remove the entry but make a backup first. If you have not followed the guide and did not remove the proxy settings from IE I would do so. We also recommend resetting IE.

Ensure Spyware Doctor with Antivirus is up to date and run the FULL scan. Not just the short quick one. We just retested it against this threat and it did pickup the traces.

You may also want to look at the Windows Hosts file. Check out the How to Guides section. We have an article detailing what it is and how to re-set it manually and using software.

Thks for everything got rid of it , but I still got redirected after opening IE , i did everything u guys said , even ran Spyware Doctor, any other tip on that , i got a key :
•HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “ProxyServer” = “http=127.0.0.1:6522″

should i remove that one too??

I need to stress that not everyone will have the hidden rootkit. However you did ALL the regular ground work and it sounds like you are Using Microsoft Security Essentials for up front protection.

If your a little tech savvy I would recommend downloading and installing Highjack this. Run the scan and look at the entries. Pay attention to the 04 areas. If you see some very funky looking files I would remove them. This is a great program to see running processes and startup programs. However it is not user friendly and in the wrong hands you can royally screw yourself over by removing things you should not remove.

If that does not work for you then another great program for rootkits is Combofix. Again very powerful stuff. However Combofix is more of an install and just run type of program. But it has been none to screw things up as well. Run it at your own risk. In 97% of all cases you should be just fine. However in the other 3% you may damage the operating system.

The above advice in NOT for novice computer users. Do not use the tools above unless you are tech savvy with computers or have an expert helping you. I only offer this advice because this individual has done all the ground work already.

Thanks for replying.

I ran hijack this, and found nothing that looks weird. Combofix isn’t compatible according to most sites for windows 7 so I didn’t run it. Thanks!

Agree! I didn’t get my solution from this site, but was just browsing to see if anyone had gone the Best Buy route. I had the issue last weekend and panicked like most do when they get something like that unless they are already pretty techy. I knew enough about computers to play around it, but first called Best Buy. The lovely Geek Squad stressed this was the worse virus ever (which I doubt since many seem to be able to remove on their own), but they could fix for a cool $199. AND…would take 2-4 days.

Capitilism at its best…seeing how I fixed on my own in an hour (most of that time was researching on the internet) and I fixed by restoring the computer back to a pre-virus date. Cost me $0. I have never been a big fan of Best Buy, but I will limit my shopping their even more since they are “in” with these folks apparently and not telling customers the truth.

Good call. I would not use it on Windows 7 either. Not knowing your OS I took it as being XP because most computers still are XP based.

I would encourage you to take caution over the next week. Keep your security program up to date and if possible run a full scan every day for the next 7 days to see if it picks anything else up. It could simply be the sites you have been going to on a regular basis are infected and that is were the new infections are coming from.

Highjack this would of showed the rootkit running in most cases.

Hey I found this link describing the same registry files you were talking about. I had the same ones and removed all the ones listed here. Hope this helps LINK REMOVED ( did not contain manual removal instructions )

I like this article, harvesting is also great, Thank you for sharing.

Hi! I’m currently using my wireless to type this.I have the Antiviro solution on my desktop computer. I have Webroot as my antivirus protector. I can’t get on the internet to remove it. Help!!!. I’m a school teacher.

I got infected by the antivir solution pro. But unlike most antivir solution pro infections it let me open things and it didn’t change my proxy settings. I got rid of it manually and used malwarebytes to remove the trojan that downloaded it. The main executable didn’t end with tssd.exe. It was a disguised svchost.exe.

Did you follow our guide? It works to remove this threat. We can only help those who help themselves. If you have a specific question about the guide or can not do a specific step we would be MORE then happy to help you out.

As for NO Internet Access. I suggest you read the guide. We have a section on this already. Please try that. You can also go under the How To Guides section and read the manual proxy removal guide we created.

OUCH! svchost.exe is a common executable for windows in which hundreds of other programs can run. This makes it very challeging to remove now that it mutated to this file name.

However you can user the process killer tool we have to drill down to the file location for future refference to people reading this comment.

Question????? What folder path location was the infected /corrupt/false svchost.exe file in? Was it the system32 folder? a temp folder? This will really help us out and we can update the guide if you have this info. We are looking for the latest trace right now so we can test this variant out.

i have a new virus trying to get rid of.. shdw.exe is the tag..

can’t find root file to delete.

shdw.exe is part of Security Suite. Just do a search for Security Suite to find the right guide.

OMG thank you so much you have no idea what i was going through. “AntiVirStress” took over my computer and it almost fooled me and made me purchase it, but i thought something was fishy. I could not open my internet and my computer is new, i also couldnt open my anti-virus which i paid for! So i google “Antivirstress scam” and your page was the first one to pop up. The youtube video was so comprehendable that an 8-year old could do it! I was about to give up and take my computer to the shop(who knows how much they would have charded me) but your video helped me get back online! Thank you, i hope those scammers get caught and sued bigtime!

thanks,

It’s comments like this that keep us going.

Im not that good with computers but i saw the antivir solution and bought it is there any way i can get money back?

if you reboot and pull up task manager before this software loads you can end task on the process and delete the stuff mentioned above

this is a nasty little sucker but got it removed

p.s. before deleting the registry entries yourself (if this is what you plan on doing), make a copy of the registy before removing any entries

Please read the article “What to do if you paid for a fake security client” under the Great Articles and Advice section.

I am somewhat out of the loop but will be able to do this one for my sister’s laptop…
Do you have any suggestion on how she got the virus so as we don’t unjustly blame her step son for his use of it this weekend?
Thank you again for this site, and again, any feed back on how she got the virus would be helpful…

You Can NOT blame kids or anyone for something like this. I often times find my test viruses by doing innocent searches in Google for things like Bald Eagle or liberty bell.

You need to ensure you have proper security software to protect your computer online.

When a child is using the computer they should have to log in under their own account that has limited permissions. This stops them from being able to get infected most of the time from viruses like this. Ultimately it is the responsibility of the computer owner to secure their own computer.

For all of you out there who are thanking us please take 1 minute and create WOT ( Web Of Trust Account and comment on our site. http://www.mywot.com/en/scorecard/removevirus.org

We have some people who never look at the facts and what this site does so they say false things. We do not create viruses. We just finish them . This will help us build a better brand name going forward.

Thanks,

Jacob

AVSolution is bad. Remove it.

Did you remove the proxy settings like we showed you in the video?

AVG offers zero protection to your computer and you will get infected again. At least the free revision offers no protection. Run a full scan as we stated in the guide with Spyware Doctor with Antivirus. It’s free to scan and will tell you if you have any other infections on the computer.

Thanks! Your instructions were straight forward and easy to follow- seems to have worked…

Two questions though…

Firstly, I got to the stage of removing the reg key entries, but cant seem to find the entries listed above for deletion? However I do see an entry which sounds similar: (not sure if this is the correct format, but here goes…) HKEY_CURRENT_USER>software>AVSolution. Reading/listening to your advice made me guess that I probably shouldnt go deleting stuff if I wasnt 100%- so i didnt! Ps I ran a program called CC cleaner which sorts out invalid reg entries and fixes them- but I checked the list it produced and none of the above entries were included??

Secondly, internet explorer comes up with the message ‘cannot display web page’. When I click ‘diagnose connection’, nothing happens at all? Wierd, as i’m using firefox at the moment and that seems to work fine??

I’ve run a full scan with the latest updated version of AVG, but it looks like nothing else is causing a problem… Do you have any suggestions?

Many thanks,

Jon

also, just realised that i cant seem to access the internet from other programs e.g. when using MS word, i cant ‘lookup’ words as i’m told that i’m not connected to the internet??

Hope you can help?

Jon

Amen to the backup registry first. Great tips and solid info.

Must have missed that bit- turned off the proxy settings and deleted AVSolution- everything seems back to normal again!

Thanks a load- was trying to write a presentation for work and thought I was in BIG trouble! Will try running the Spyware Doctor scan and see what happens!

Cheers,

Jon

No problems. Glad you got it sorted. Be sure to comment and rate us on the mywot . com website.

I already left a comment on WOT but I just wanted to say thank you SO much! I almost let myself get ripped off by Best Buy but instead I was able to remove the virus on my PC by myself and save money! This is such a great tool and I am so glad I found it. I would recommend you to anyone! Thanks again!

Big Thanks for rating us on WOT. We need the help there because people say false things with out even looking at our site.

Glad you were able to follow the guide and fully remove the virus yourself.

HKEY_CURRENT_USER\Software\SolutionAV

Same thing just another name…

Thanks!! Guide will be updated to reflect the changes.

I did exactly what was sed on the video, but the tssd file keeps coming back after i delete it… im pretty sure i have other viruses on this laptop, but I dont know what to do.. I delete the tssd file and then don’t know where to go from there, b/c i tried downloading avast, but it says the file is infected? Do you have any suggestions?