AV Security Suite
AV Security Suite is a bogus anti-malware application that will sure to dominate computers around the world, playing as a ransomware that will make annoyances on computer and asks its victims to pay for the registered version of the program to be able to stop these computer unstability. AV Security Suite is another product of cyber-criminals who also introduced Antispyware Soft months ago. AV Security Suite masquerades the same graphical user interface as its predecessor and also drops by a Trojan created specifically for the purpose of spreading this bogus security program.
To convince its victim that it was a legitimate program, it will display a slogan “Innovative protection for your PC” on its scanner windows. Aside from that, it will scan a computer and detects threats that does not really present on computer in its effort to persuade a target user from obtaining the licensed version of AV Security Suite. Please be aware that this rogue program should be remove from computer as soon as possible and getting its licensed version should not be an option.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of AV Security Suite Infection?
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\avsecuritysuite
- HKEY_CURRENT_USER\Software\avsuite
- HKEY_LOCAL_MACHINE\SOFTWARE\avsecuritysuite
- HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings “ProxyOverride” =”<local>”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Associations “LowRiskFileTypes” = “.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Attachments “SaveZoneInformation” = “1″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “[random]“
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “[random]“
The threat will drop the following malicious files:
- %UserProfile%\Local Settings\Application Data\[random]
- %UserProfile%\Local Settings\Application Data\[random]\[random]tssd.exe
How to Remove AV Security Suite Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove AV Security Suite
1. Download and run Removal Tool to remove this computer threat.
Protection Center Sysinternals Antivirus
I used the free version of Malwarebytes to automatically remove this nasty malware. Worked like a charm.
You can check out the legitimacy of Malwarebytes on CNET
cnet.com/1770-5_1-0.html?query=malwarebytes&tag=srch
It’s been downloaded over 44 MILLION times by users, and and gets excellent ratings by both CNET and users.
The only problem I had was downloading it, as the AV malware blocks such downloads. So I downloaded the install file to another computer, and then sent it to the bad computer via email attachment. From there, it went smoothly. The program installed easily, and found and deleted the bad AV files.
I’m back up and running.Still a minor problem or two. Internet Explorer no longer works because AV somehow threw off my settings for Internet access for that program, and I’m too ignorant to know how to fix that. So I switched to Foxfire (which I prefer anyway) and bypassed that remaining glitch. Probably reinstalling Internet Explorer would work as well, but not sure.
@Richard Rider — the malware in questions sets the Proxy Server setting in IE to block you from getting out to the Internet. It sounds like that might still be set, even after you cleaned up the malware. To clear this, go into IE and to Tools –> Internet Options –> Connections –> LAN Settings and clear the check box to use a Proxy Server. I think this might fix your IE problem.
I used Ad-Aware pro to remove it by going into safe mode and doing a full scan, found it and removed it with no problems.
To go into safe mode press F8 at the start up of the computer immediately after restart. Press F8 continuously as that sometimes makes sure it goes through, then select Safe Mode and do what you need to as you normally would, then restart. :)
My friend uses Microsoft Security Essentials for AV software. Its greatest attribute is that it’s free, especially since my friend is cheap. Personally, I use a Mac and don’t deal with any of this crap. Anyway, the MSE wouldn’t even launch due to this virus. When I managed to get a sneak launch before the virus kicked in during one boot, the virus froze it when it did kick in. The safe boot with the manual regedit cleanup was the only way I could get his machine back up and running. Now, I remind him how lucky he is that all his work data is still intact. So, thanks for posting all the details for the regedit cleanup!
And men, get a clue and get off the porn sites. Those sites carry as many diseases as the women portrayed on them.