Description: Antivir Solution Pro is just the latest in a long line of fake security clients. the 4 others are AV Security Suite, Antispyware Soft, Antivirus Suite and Antivirus soft. The security warnings and viruses this program finds on your computer are all made up. It is a scam to steal money from you.
The thing that really makes this program hard to remove is it blocks you from accessing the internet. It does this by changing the Internet connetion to Proxy. You first need to remove this proxy setting to be able to surf the web again. PLEASE VIEW THE BOTTOM VIDEO ON HOW TO DO THIS..
Like most rogue security clients it can be hard to remove Antivir Solution Pro. This program will often times block the install and updates of security clients that are well known. It may also disable the Windows Task Manager and a number of other things like change the Windows Hosts file.
If you are infected with this threat WE HAVE YOU COVERED. Our virus removal guides have videos and we tell you what security software is well known to remove this threat.
Antivir Solution Pro
» Download Antivir Solution Pro Removal Software
As soon as you find yourself infected with this threat you need to take immediate action to remove it. Antivir Solution Pro removal can be hard but we have the know how to help you through removing this virus. Our Virus removal guides have been viewed millions of times and helped countless numbers. We have included videos to help instruct you as well as some very good guides under the "How To Guides" section on top.
Antivir Solution Pro Video
HELP US: We took the time to make this video and help you. Please rate us on http://www.mywot.com/en/scorecard/removevirus.org . It will only take you a minute to register and add a comment. We would also welcome any posative facebook or social bookmark comments.
Don't forget. If it's too hard for you to remove yourself or things just aren't working for you then a cheap route for repair is www.pcninja.com.
Remove Proxy Setting so You Can Connect to the Internet Again.
PLEASE NOTE: We are getting some reports that you may need to be in Safe mode with networking in otder to turn off the proxy settings. So if it does not work in normal mode then boot into safe mode.
Antivir Solution Pro Manual Removal Procedures
The first step you must take in order to remove Antivir Solution Pro is to stop the following process:
- [random]tssd.exe [random].exe Normally 6 random characters. Example would be wsjmsntssd.exe or vwnstftssd.exe
To Stop this process you can either browse to the file location and re-name the file like we did in the video above, or you can download our process killer tool under SOFTWARE tab above. Be sure to download the one already re-named explorer.exe. If you can not stop this process then re-boot into safe mode with networking. In safe mode the process will no longer be running and you can then just browse to the file location and delete it. See our How to Guides for directions on booting into safe mode.
We also want to point out that your Internet Explorer and or Chrome will not be able to connect to the internet in many cases. You need to remove the proxy setting first. View the video above on how to do this.
The next step in Antivir Solution Pro removal is to delete the following file: The process can not be running for you to delete the below files.
Windows XP:
- %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe
Windows Vista/7:
- %User%\AppData\Local\[random characters ]\[random characters]tssd.exe
Antivir Solution Pro Registry Removal Procedures
Removing files and folders alone is not sufficient to completely removeAntivir Solution Pro. The following keys and settings should also be removed from the Windows registry to complete Antivir Solution Pro removal: Please note you may not have all of these entries. The best thing to do is to scan using Spyware Doctor with Antivirus to see what entires you have.
- HKEY_CURRENT_USER\Software\SolutionAV
- HKEY_CURRENT_USER\Software\avsoft
- HKEY_CURRENT_USER\Softwar\eavsuite
- HKEY_CURRENT_USER\Software\AVSolution
- HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
- HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
- HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution
- HKEY_LOCAL_MACHINE\SOFTWARE\SolutionAV
- HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" ="1"
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ""
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555"
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".exe"
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = "1"
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random]"
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "[random]"
Updated Regsitry traces: May not apply to you
- HKEY_CLASSES_ROOT\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVSecurity (and AVscan or AntivirSolutionPro)
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASAPI32
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASMANCS
You should now run a full security scan to ensure no other threats are installed on your computer.
Antivir Solution Pro Directories:
- Vista and Windows 7 Users: %User%\AppData\Local\[random characters ]\
- XP Users: %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\
Outside Resources:
http://deletemalware.blogspot.com/2010/07/how-to-remove-antivir-solution-pro.html
http://www.symantec.com/security_response/glossary/define.jsp?letter=a&word=antivir-solution-pro
I did exactly what was sed on the video, but the tssd file keeps coming back after i delete it… im pretty sure i have other viruses on this laptop, but I dont know what to do.. I delete the tssd file and then don’t know where to go from there, b/c i tried downloading avast, but it says the file is infected? Do you have any suggestions?
AVG is not going to cut it.
Boot into safe mode with networking. Download Spyware Doctor with antivirus as the guide states and run a full scan there. Ensure you update the client first. In safe mode the threat should not be running. You have a secondary infection “Root Kit” that is most likely re-installing the program. No way to know what the trojan is with out running a full scan. SDA does cost money to remove threats. However the free trial will still scan and block threats. From there you can see what files you need to delete.
Did you ever run a scan using Spyware Doctor with Antivirus? This is the first thing I tell everyone who has issues locating the virus threat. The SDA client will show you exactly were the files are located when you run a FULL scan. From there you can manually delete them. The free trial will NOT remove threats but it’s awesome at stopping the threat from getting worse and will show you the exact folder locations of the viruses so you can then browse down to them and manually delete them. You may need to be in safe mode to delete the viruses.
Initially i rebooted my computer and a message came up whether to run or dont run. I located this folder and deleted this and i was able to get back on the internet however i cannot watch videos etc. i still feel that the virus is still on the computer but i cannot now locate it to delete it. (This was before i saw your post on how to delte it)
I have now run scans with spyware doctor and malwarebytes but they have not located any threats. I used stopzilla which did locate the threats but then i went to the places that it said the threats were at but they were not there.
To be 100% clear here.
You already removed the Antivir Solution Pro or at least you think you did. Then because you could not watch videos you did more research and found our site. After following our manual guide you could not locate any of the traces to this virus threat. However you feel your computer is still infected because of the video issue.
The SDA client and Malwarebytes found zero threats. You are not being redirected in your browser and Antivir Solution Pro is not popping up on you.
Maybe it is just a video issue and coincidental. Are you trying to watch videos from youtube or your computer?
If youtube then I suggest re-downloading the Adobe flash player and installing it. Perhaps it got corrupt, removed or disabled.
If it’s videos on your computer I suggest you download the latest codec pack.
Reply and we can go to the next level if the above does not work for you. At this time from the information you provided I am unsure your actually infected.
P.S. We do not support people via e-mail normally but I’ll make an exception here because I’m curious about your issue. Feel free and hit the contact button and describe the issue again. Include a time when you will be in front of your computer so I can remote in if need be.
hey i have removed the virus and re-setted the host file and re-setted ie and i followed every step on the video but when i got on the internet google was still acting strange. The internet redirects me and when i search on google it gives me sites that dont even have the fields i searched in.What do i do?
As per our disclaimer and terms of use we only help people age 18 and above. We can not be held liable for any actions you take.
With that said we can only help people who help themselves. You made no mention of what you could not do in the virus removal guide we wrote. Follow the guide. It works. Watch the video it works. Just asking for help and not stating what you already tried in the guide will get you no were.
Did you run the FULL scan with Spyware Doctor with Antivirus? That is the first step to see what you are infected with. From there the answer will very.
It sounds like you have a BHO that is causing the issue. Re-setting IR normally resolves this issue. Run the scan and report back the results
Okay ill give it a go in the next 24 hours as i do not have access to my computer at the moment. i think that may be case that the internet got corrupted as everything else seems to be fine apart from internet explorer as not just youtube videos etc dont work i cannot download anything. it just seems to be running quite slower than usual. ill let you no when i reinstall adobe flash player.
I downloaded Spyware Doctor with Antivirus but I cannot run it because after double clicking it said “Security Warning- Application cannot be executed. The file pctsgui.exe is infected. Do you want to activate antivirus software now?”
i cannot download anything online including adobe flash player. i am a bit unsure what do next wondering what you would recommend.
Ok, the problem i’m having is i cant open “internet options” to change my proxy settings, not even in safe mode. Now what? Help!
I got this last night and have removed it. I am very worried in case they have stole personal details. Can this happen with this particular virus and what are the signs??
Hi Debbie,
While there are programs out there that steal user data this virus alone does not do that. Unless you actually pay for the thing anyways.
To be sure I recommend running a full scan with Spyware Doctor with Antivirus. The nice thing with the free scan is you can dive into the threats and read what PCTools has to say about the threat. In most cases it will not steal personal information.
I would still keep a close eye on your bank account if you use a debit card. The safer practice is to never use a Debit card online. Only use a credit card or better yet Paypal. It’s safer because going that route you can get your money back. Using a debit card the bank will just shrug their shoulders and say we can get you a new card but that is it.
You can run the client in Safe mode with Networking. Be sure to update the client first. In safe mode it will run. Other wise the virus is blocking it. If you wish to run the client in normal mode you need to follow the manual guide first and stop this process from running
Reset IE. We have the tool in the side bar to do it.
I just want to be clear on the registry removal instructions. I get that registry entries such as “HKEY_CURRENT_USER\Software\SolutionAV” should be deleted (which I did), but the entries such as HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload “RunInvalidSignatures” =”1″
… Should I delete these entries, or make sure that the value is the one listed?? For example in this entry, are you saying the value should be “1”… or do I just delete the entire entry??
I have located the wierdly named folder, there are two actually, but there is no tssd file in either of them. Both of the folders say the date modified was the day I tried to get rid of the virus, so at least they have to be connected to AntiVir. What do I do?
The problem with registry keys is you may actauly want that value on for some other software program you may have. However that is unlikely. This registry key basically means “Allow software to run or install even if the signature is invalid”. This is a big no no in most cases. By changing the “1” to “0” we basically turn this value off.
This can be SUPER confusing for most people. It is also dangerous for people who do not know what they are doing to poke around in the registry. We are very hesitant to actually straight out tell people what they should change the value to because we can not be held liable for any damages. However this is a great question and I’m surprised more people do not ask it.
What is the folder name and location?
What files are in the folder?
Did you run a full scan using Spyware Doctor with Atnivirus. If you are having troubles downloading the client or installing it you will want to go into safe mode with networking and install it there. Be sure to run the FULL scan. This will tell you the exact file name that you need to manually delete.
With out knowing the above we really can’t help much.
I had the Antivir virus so I went in to safe mode like you said and I downloaded Spyware Doctor w/ Antivirus. I ran the full scan, and I actually went ahead and purchased it and removed all of the threats it found on my computer. After completion it asked me to reboot, so I did. Now, the antivir virus appears to be gone because I can actually get on the internet now. But everything is running extrememly slow. All programs take forever to open, and the internet takes forever to open up pages. Also, after I rebooted, my desktop changed (icons were rearranged and my background picture had changed). So I shut down and rebooted in safe mode again, and everything runs fast and smooth while in safe mode.
Any idea why everything has slowed down so much? I’m thinking I may have other issues than the ones deleted w/ Spyware Doctor. But all of my programs were running fine even while I had the Antivir virus (except for the internet of course). Any help would be appreciated. Thanks
Glad to see you got rid of the virus. Or at least it seems that way. What I would do is boot into safe mode with networking and download Malwarebytes and run a scan with that just to ensure everything is gone. If it picks something else up then great. It may not because like you said your purchased the SDA client and everything seems to be good except your computer is really slow.
If the above does not work I would uninstall the SDA client and reboot. See if your computer runs faster with out the client installed. If you notice a huge difference in speed it means you most likely have little computer memory to handle a good solid internet security product. I would still re-install the client again but perhaps leave out things like the browser defender and see if that does not help pickup more speed.
I recommend no less then 2G’s of ram. 4 Gig’s is the recommended amount of memory. You can see how much memory is installed on your computer under the properties tab of the Computer or MY Computer Icon. If it’s less then 2g’s I would Google memory configuration and look up your model to see what type of memory your computer can use and what the cost is.
If your computer is very old and lets say it only has 512MB of memory then running any security client that is up to date for 2010 will cause a BIG decrease in system performance.
Let us know if you find the root cause. I’m interested.
The answer to your question is already in the guide. Read it again and follow the proxy removal vid.
If you want to learn how to remove or edit registry keys you can go under the how to guides section and read that article.
You do not have to re-name the file the the prefetch folder. I would still delete it but it really does not matter.
Got this virus and think I was able to get rid of by using Symantic Antivirus…did a Live Update and then ran a full scan…it found 6 or so files after which I had to reboot my computer and now everything seems to be back to normal.
However the ttssd file is still in my prefetch folder. Do I still need to rename it and go through the processes of deleting the registries? How do I delete registries?
IE doesn’t seem to work it says it cannot display the webpage?
Think I need to switch to FireFox!
As stated in the video the path for XP is %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe.
You do have a local Settings folder. Again as stated in the guide it is a hidden folder. Watch the video. You need to either un hide the folders or manually type in the LocalSettings path.
Hi first thaks for such a great video, I as able to follow step by step and remove the virus…and then bought spyare doctor to be able to clean my comp, the problem as that a day ater the antivir pro came back again, I will do the scan and at the end it ill say no threats detedtec evendough the antivir as running. i don’t understand hy it is not pickig it up, I had to go back to your video and deleted it manually again. Is this going to keep happening, for tp days every time I turn on my comp the virus ius back. Please help. Thaks
I can’t find it. I’ve searched for it, but its not there. I’m using Windows Professional, and I’m currently in Safemode with networking.
So i removed the tssd files and all that nonsense. (ended processes and whatnot) but upon entering regedit not one of the keys mentioned above seemed to exist.. this might be because the second in saw signs of this crap i shut down and booted in safe to prevent further damage until i had a game plan. the only thing is one registry key CURRENT_USER/Software/wpyyaxvbft remove this? thanks
When it comes to registry keys and the potential to really screw things up on your computer We can not tell you what to delete and not to delete. Does this look like a false entry to me? Yes. Would I delete it? Yes. But before all of that I would of ran a full scan with Spyware Doctor with Antivirus to let it tell me if this was really a threat to remove or not.
In the end the choice is yours and your alone but if it was my computer I would delete that funky name because it just looks wrong.
Here is what I would do because you already purchased the SDA client.
1. Ensure the product is fully up-todate
2. Run a FULL scan on my computer.
3. Download Malwarebytes, install, run full scan at the same time as the SDA scan. We are using a second client to ensure nothing is being left over by the first security client. SDA does a great job at blocking threats and removing them in the first place so you must have a rootkit on your computer that is re-installing this virus before the SDA client is up and running on boot. The above steps should solve this issue for you.
You may also want to take a look at the start-up Menu. Go to the run/AKA Search box. Type in MSCONFIG . Than select the Startup tab. Under there go through and look for any very wierdly named files. Pay close attention to Temp file locations and System32 locations. If there is something there that looks really off, chances are it’s what is re-installing the threat. Un-check the box and see if that stops the threat. My guess is if the SDA client does not pick it up after a full scan you may have to wait a day or so for another update that will include whatever rootkit is installing this threat. PCTools also offer free support so you may just want to go that route as well.
i have the antivir virus so i tried to boot my laptop in safe mode but it just keeps on freezing while it loads up. do you have any ideas on how to fix this?
Hard to answer the question with out knowing what OS you are using. Does it boot into normal mode? If so you can still follow the guide and remove the threat in normal mode. I have removed this threat about 30 times now and do it in normal mode almost every time. Try the guide and if you have a question on a specif step please ask.
As far as not being able to boot into safe mode your computer may be missing some core OS files. You can always use the backup computer disc to do a soft system restore.
Earlier this week, I got this ugly bugger, and using sypware doctor microsoft security essentials and malaware anti bytes got it removed. Then 3 days later in the middle of searching google I got it again, so I had to remove it…. again.
Now, 3 days after that, while microsft security essentials scanned, found the random tssd.exe file still lurking even though earlier the week said that all 3 antivirus programs removed so…..
You mentioned something about a “root-kit” that might reinstall this, but neither of the 3 programs can find anything about a root-kit virus that I might have
Im pretty sure how I got it, from all my active downloading, so I delted all known downloads I made withen the last week succesfully.
Any help? :3
If you followed the proxy video you should not need to do anything else in most cases.
I would remove the entry but make a backup first. If you have not followed the guide and did not remove the proxy settings from IE I would do so. We also recommend resetting IE.
Ensure Spyware Doctor with Antivirus is up to date and run the FULL scan. Not just the short quick one. We just retested it against this threat and it did pickup the traces.
You may also want to look at the Windows Hosts file. Check out the How to Guides section. We have an article detailing what it is and how to re-set it manually and using software.
Thks for everything got rid of it , but I still got redirected after opening IE , i did everything u guys said , even ran Spyware Doctor, any other tip on that , i got a key :
•HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “ProxyServer” = “http=127.0.0.1:6522”
should i remove that one too??
I need to stress that not everyone will have the hidden rootkit. However you did ALL the regular ground work and it sounds like you are Using Microsoft Security Essentials for up front protection.
If your a little tech savvy I would recommend downloading and installing Highjack this. Run the scan and look at the entries. Pay attention to the 04 areas. If you see some very funky looking files I would remove them. This is a great program to see running processes and startup programs. However it is not user friendly and in the wrong hands you can royally screw yourself over by removing things you should not remove.
If that does not work for you then another great program for rootkits is Combofix. Again very powerful stuff. However Combofix is more of an install and just run type of program. But it has been none to screw things up as well. Run it at your own risk. In 97% of all cases you should be just fine. However in the other 3% you may damage the operating system.
The above advice in NOT for novice computer users. Do not use the tools above unless you are tech savvy with computers or have an expert helping you. I only offer this advice because this individual has done all the ground work already.
Thanks for replying.
I ran hijack this, and found nothing that looks weird. Combofix isn’t compatible according to most sites for windows 7 so I didn’t run it. Thanks!
Good call. I would not use it on Windows 7 either. Not knowing your OS I took it as being XP because most computers still are XP based.
I would encourage you to take caution over the next week. Keep your security program up to date and if possible run a full scan every day for the next 7 days to see if it picks anything else up. It could simply be the sites you have been going to on a regular basis are infected and that is were the new infections are coming from.
Highjack this would of showed the rootkit running in most cases.
Hey I found this link describing the same registry files you were talking about. I had the same ones and removed all the ones listed here. Hope this helps LINK REMOVED ( did not contain manual removal instructions )
Hi! I’m currently using my wireless to type this.I have the Antiviro solution on my desktop computer. I have Webroot as my antivirus protector. I can’t get on the internet to remove it. Help!!!. I’m a school teacher.
I got infected by the antivir solution pro. But unlike most antivir solution pro infections it let me open things and it didn’t change my proxy settings. I got rid of it manually and used malwarebytes to remove the trojan that downloaded it. The main executable didn’t end with tssd.exe. It was a disguised svchost.exe.
Did you follow our guide? It works to remove this threat. We can only help those who help themselves. If you have a specific question about the guide or can not do a specific step we would be MORE then happy to help you out.
As for NO Internet Access. I suggest you read the guide. We have a section on this already. Please try that. You can also go under the How To Guides section and read the manual proxy removal guide we created.
OUCH! svchost.exe is a common executable for windows in which hundreds of other programs can run. This makes it very challeging to remove now that it mutated to this file name.
However you can user the process killer tool we have to drill down to the file location for future refference to people reading this comment.
Question????? What folder path location was the infected /corrupt/false svchost.exe file in? Was it the system32 folder? a temp folder? This will really help us out and we can update the guide if you have this info. We are looking for the latest trace right now so we can test this variant out.
i have a new virus trying to get rid of.. shdw.exe is the tag..
can’t find root file to delete.
shdw.exe is part of Security Suite. Just do a search for Security Suite to find the right guide.
Im not that good with computers but i saw the antivir solution and bought it is there any way i can get money back?
Please read the article “What to do if you paid for a fake security client” under the Great Articles and Advice section.
I like this article, harvesting is also great, Thank you for sharing.
OMG thank you so much you have no idea what i was going through. “AntiVirStress” took over my computer and it almost fooled me and made me purchase it, but i thought something was fishy. I could not open my internet and my computer is new, i also couldnt open my anti-virus which i paid for! So i google “Antivirstress scam” and your page was the first one to pop up. The youtube video was so comprehendable that an 8-year old could do it! I was about to give up and take my computer to the shop(who knows how much they would have charded me) but your video helped me get back online! 🙂 Thank you, i hope those scammers get caught and sued bigtime!
thanks,
It’s comments like this that keep us going.