Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Monday, April 19, 2010

How to remove Antispyware Soft (Uninstall guide)

Tell your friends:
Antispyware Soft is a fake anti-spyware program that reports false system security threats to make you think that your computer is infected with malicious software. Basically, it's a clone of widely spread rogue program called Antivirus Soft. Some users wrote for us that Antispyware Soft just appeared and started to scan their computers and that they got disconnected from the Internet. They cannot run any programs at all or install anything. They are actually right; these are the main symptoms of AntispywareSoft malware. If you are reading this article then your computer is probably infected with pesky virus. Thankfully, this fake program can be removed for free using legitimate anti-malware programs. Please follow the removal instructions below to uninstall Antispyware Soft from your computer.



Antivirus Soft video: (http://www.youtube.com/watch?v=LYHXOkRlOdM)


The most annoying thing about this fake program is that Antispyware Soft blocks nearly all legitimate programs and of course it blocks anti-virus and anti-spyware programs in the first place. It displays an error message with the following text:

"Security warning
Application cannot be executed. The file rundll32.exe is infected. Do you want to activate your antivirus software now?"

In reality, thought, rundll32.exe isn't infected; Antispyware Soft just wants to make you think that it is. As usual, rogue programs display many fake security warnings and AntispywareSoft is not an exception. It also constantly displays fake alerts stating that your computer is infected with malware. The rogue program impersonates Windows Security Center and reports several fake infections, for example:

"Antvirus software alert
Infiltration alert - Virus attack
Your computer is being attacked by internet virus. It could be a password stealing attack, a trojan - dropper or similar.
Threat: Win32/Nuqel.E
Threat: BankerFox.A"

It gives another threat every few seconds. This fake program is prompted through the use of such misleading web sites as Alphaantivir.com or Trojans. It may come bundled with other malware too.



Now, the most important question is how to remove this malware from PC? First of all, you will have to reboot your computer is Safe Mode with Networking, disable proxy server for Internet Explorer and download free and reputable anti-malware program to remove this infection. If you can't reboot your computer is Safe Mode with Networking then you will have to use HijackThis tool to stop the main processes of Antispyware Soft malware. Please follow detailed Antispyware Soft removal instructions below. Most importantly, don't purchase it. If you have already purchased this fake program then you should contact your credit card company and dispute the charges. If you have any questions or additional information about this virus please don't hesitate and leave a comment. Good luck and be safe!


Antispyware Soft removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.



3. Download SUPERAntispyware, MalwareBytes Anti-malware or Spybot - Search & Destroy and run a full system scan. NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. Launch the program and follow the prompts. Don't forget to update the installed program before scanning. Then reboot your computer in "Normal Mode" and run  a system scan again. That's it!
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Alternative Antivirus Soft removal instructions using HijackThis (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for similar entries in the scan results:
O4 – HKLM\..\Run: [mxdeorsw] C:\Documents and Settings\User\Local Settings\Application Data\rmqwne\lkwctssd.exe
O4 – HKCU\..\Run: [mxdeorsw] C:\Documents and Settings\User\Local Settings\Application Data\rmqwne\lkwctssd.exe
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555


The process name will be different in your case. But it has the same structure: [RANDOM]tssd.exe
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

3. Download SUPERAntispyware, MalwareBytes Anti-malware or Spybot - Search & Destroy and run a full system scan. NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Antispyware Soft associated files and registry values:

Files:
  • %UserProfile%\Local Settings\Application Data\[random]
  • %UserProfile%\Local Settings\Application Data\[]random\[random]tssd.exe
Registry values:
  • HKEY_CURRENT_USER\Software\AvScan
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[random]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random]

Share this information with other people: 

39 comments:

Anonymous said...

help, cnt use networking safe mode and hijackthis tool dont work either, help!!, contact me on ash.95@live.co.uk please!!

Anonymous said...

Thank you so much for this, worked great

Anonymous said...

Thanks so much. Worked like a charm!

Anonymous said...

it's worked very good! thank you very much :)

Anonymous said...

Thank you SO much! I followed the "safe mode" steps and voila, problem gone. Cheers.

Anonymous said...

You are a lifesaver. This worked on the most stubborn virus I've ever had.

Anonymous said...

I followed your instructions in 'normal' mode...but none of my entries in the scan have a (random0tssd.exe structure...could the virus still be on my PC under something else?

Admin said...

Follow the "Safe Mode" removal steps if you can.

Anonymous said...

tried evreything and it isnt working was just infected yesterday!

Anonymous said...

Used HijackThis and SUPERAntispyware. Worked like a charm. Many thanks!

Anonymous said...

wow thank you for this

Anonymous said...

HijackThis & SUPERAntispyware { thumbs up ! }

Shroukie said...

Hey
Thanks a lot
I do have a problem tho, how do I rename "installer" ? I don't know what that is? =/
thanks x

Anonymous said...

MalwareBytes Anti-malware did it.Thanks a lot.
Registry keys were in folder named avsuite and avsoft

Anonymous said...

Thanks got that dopey program off my PC!!

Anonymous said...

god damn, thank you so much

Anonymous said...

it worked but it changed name its now something tqys lol just look for something fishy with alot ot of letters

jaclyn.hx.lim said...

Oh My God!

THANK YOU!!!Did the Highjack this and super anti spyware and it really did the trick!

Anonymous said...

thanks for the clear instructions seems to have done the trick

Anonymous said...

Thank you so much for such great instructions We did exactly as you instructed and my son is now back to enjoying Facebook, MySpace, and YouTube. Thanks again.

Anonymous said...

Found one entry in Hijackthis like above mentioned: the R1 proxy server thing. Then I found 3 different entries that I recognized as "random" entries starting with 04 and ending up with randomletters.exe. Well, shuold have tried the SuperAntispyware, am currently waiting for SpyBot to Search and Destroy. Taking a long time... Bur of Course it will be worth it. Hope it works for me t. Thanks!

Anonymous said...

Used hijack this and malwarebytes. currently its not finding anything. Do you think it might be because I couldnt figure out how to rename malwarebytes when I save it? Help please!

Anonymous said...

I used Highjack this and superantispyware and looks like everything got cleaned but I still can't access the internet. Please help!

Anonymous said...

I've managed to get this malware twice (sad I know). The second time I got it, the program was able to deny me from opening Hijackthis. Going into safe mode works though.

For the comment above me: I think you need to go to tools -> internet options -> connections tab -> LAN settings -> uncheck "use a proxy server for your LAN" and also delete that proxy address by going into "Advanced"

Anonymous said...

Thanks for the help. Everythings working fine now. Installed MalwareBytes. It worked with no problems. Antispyware soft is evil. Hope they jail the pricks that created this program.

Anonymous said...

I went into Safe Mode with Networking, but once I went to install SUPERAntispyware, it wouldn't let me. It won't let me install anything. Any suggestions would be GREATLY appreciated.

Anonymous said...

i have symantec endpoint as my anti-virus, because my school told us to put it on our computer. I have run scans and it caught the virus, but it says it cannot do anything. what should I do?

Anonymous said...

Thanks a million for this awesome guide! Followed the 'safe mode' steps and it worked like a charm. I really appreciate that you explained everything in such a way that a technologically-impaired person (AKA Me) could follow each step properly. You're a life-saver!

Anonymous said...

Wow. This is one of the best tutorials that I've ever read. It was easy to understand and it actually worked. Thank you soooooo much!

Anonymous said...

Thank you so much! Your solution was remarkable!

Anonymous said...

I followed the first part of the instructions all the way up to changing the LAN settings but I don't understand how to get to the program to download. I do not have Internet access this way (I am using other computer). Thanks

Anonymous said...

Thank you sooo much!!!! I was about to buy a new laptop for crying out loud

Anonymous said...

So do I have to buy spyware doctor and how do I rename installer??

Admin said...

Q: "So do I have to buy spyware doctor and how do I rename installer??"
A: No, you don't have to buy Spyware Doctor. You can use MalwareBytes instead of it. Also, if you have downloaded Spyware Doctor with Antivirus from Google pack page then you should have a full version, not trial.

phone spyware said...

Thanks for the information! I love it. This is going to be very helpful for me. I am always confused with this stuff.

Anonymous said...

not working-- i tried both safe modes but keep getting ANTISPY SAFEUARD STARUP SCREEN..CAN YOU HELP?

Anonymous said...

thank you so much for your information on this article. I followed your information and it has worked.

Anonymous said...

MY laptop got infected with the "antivirus virus" which disabled macafee and did not allow any programme. I was disgusted. I thank God for chancing upon this blogspot. I followed the instructiona dn used spy boot which effectively solved the problem

Anonymous said...

My laptop was infected with "antivirus virus" which disable my macafee automatically and started running spurious virus scan prog. it was disgusting. I chanced upon this blog and followed the instructions. I downloaded spy boot which worked well. Thanks a lot