0

i have a program that acts like my anti virus software called av suite. i have searched all around the net to find a solution and all of the sites seem to be fake. It has put a proxy server on my internet properties so i cannot connect to the internet. I try to change the settings and the apply button never highlights. please help let me know what i info i need to provide to help fix this problem thanks everyone.

9
Contributors
10
Replies
11
Views
7 Years
Discussion Span
Last Post by jholland1964
0

I had this exact same issue. I was able to run the Maliscious Software Removal Tool from Microsoft to find and remove a portion of it. I also had to search my system for all newly created files and delete them before I regained control of my web browsers. Hope this helps.

0

i have a program that acts like my anti virus software called av suite. i have searched all around the net to find a solution and all of the sites seem to be fake. It has put a proxy server on my internet properties so i cannot connect to the internet. I try to change the settings and the apply button never highlights. please help let me know what i info i need to provide to help fix this problem thanks everyone.

Antivirus Suite is a rogue security software application cloned from Antivirus Soft that tries to trick users into purchasing its license by using scare tactics. Antivirus Suite gets installed on a user’s system via Trojan viruses that get downloaded through bogus websites which claim to have security scanners and along with fake video codec packs.

The first step you must take in order to delete Link to Questionable Website Removed is to stop the following process:

•[random characters]tssd.exe
The next step in Antivirus Suite removal is to delete the following files and folders:

•%UserProfile%\Local Settings\Application Data\[random characters]\
•%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]tssd.exe
After the above steps have been completed, Antivirus Suite no longer resides on your hard disk. In order to make sure of this fact it is recommended to scan the entire file system using genuine antivirus products such as Spyware Doctor with Antivirus.

Edited by jholland1964: Link to questionable website removed.

0

Antivirus Suite is a rogue security software application cloned from Antivirus Soft that tries to trick users into purchasing its license by using scare tactics. Antivirus Suite gets installed on a user’s system via Trojan viruses that get downloaded through bogus websites which claim to have security scanners and along with fake video codec packs.

The first step you must take in order to delete [questionable link removed] is to stop the following process:

•[random characters]tssd.exe
The next step in Antivirus Suite removal is to delete the following files and folders:

•%UserProfile%\Local Settings\Application Data\[random characters]\
•%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]tssd.exe
After the above steps have been completed, Antivirus Suite no longer resides on your hard disk. In order to make sure of this fact it is recommended to scan the entire file system using genuine antivirus products such as Spyware Doctor with Antivirus.

kristain: You have been warned numerous times previously, to RESEARCH what you post. These steps are NOT the steps recommended to remove this infection and on top of that you have included a link to a very questionable website in your post, I have removed that link. If you cannot abide by the rules of this forum you do run the risk of being banned from this site.

For the original poster, pdtgto I again request that you begin by using the steps given in our Read Me sticky and post back here with all the logs.
http://www.daniweb.com/forums/thread134865.html

0

I had the same problem last week, a customer came and asked me to remove AV Security Suite from his PC. I followed removal instructions at bleepingcomputer.com, but I couldn't reboot the computer in safe mode with networking (probably a new variant of this badware). The only working removal guide I've found was this:

1. Run Internet Explorer, Click Tools -> Internet Options
2. Select Connections Tab and click to Lan Settings button
3. Click Advanced button to open Proxy settings. Copy and paste the following text into "Do not use proxy server for addresses beginning with:"

bleepingcomputer.com;deletemalware.blogspot.com;malwarebytes.org;go.trendmicro.com;

4. Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
5. Download HijackThis. NOTE: before saving it onto your computer rename HijackThis.exe to iexplore.exe
6. Double click iexplore.exe. Then click "Do a system scan only" button and look for similar entries in the scan results as shown below:

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [utrfklpe] C:\Documents and Settings\[User]\Local settings\Application data\oprtklr\andqgs.exe
O4 – HKCU\..\Run: [utrfklpe] C:\Documents and Settings\[User]\Local settings\Application data\oprtklr\andqgs.exe

7. Once you have selected all entries, close all running programs then click once on the "Fix checked" button. Close HijackThis.
8. Download Malwarebytes and run a quick system scan.

Source:
http://deletemalware.blogspot.com/2010/06/how-to-remove-av-security-suite-free.html
http://www.bleepingcomputer.com/virus-removal/remove-av-security-suite

I hope this helps :)

Edited by mcmike: n/a

0

Hi All,

Here's what I did to try to remove this vake AV suite:

1. Restart my computer in Safe Mode (Restart, hit F8 as soon as it restarts, choose Safe Mode with Networking from the list)
2. Do a search of all the files modified on your computer on the day when AV happened, disable system restore.
3. Do a swip of registry looking for AVsuitE, backup anything you're about to remove just in case, but I think AVsuitE keys are pretty safe to remove, remove all keys you find, it's the fake AV.
4. Go through the list of all the files that came up in your search. Use your logic, look in directories, see if the files updated make sense, if you updated them. In my case the AV hijacked my Symantec anti-virus and installed a bunch of crap under Application Data in my local settings, including a new Temp directory.
5. Go through your %TEMP% directory sort it by date, remove any weird exe downloaded on a date virus appear, I found e.exe in my temp directory, I also removed any weird logs or dat files and etc... Anything in %TEMP% directory is pretty safe to remove.
6. I found a weird directory in application data for my user under C:\Document and Settings\my user\Local Settings\Application Data called stqbbedkr and I removed that.
7. All of the files above popped up in my Search for the files modified on a day I got the AV virus.
8. After all of this, I restarted the machine in a normal mode and I was able to get my Symantec to come up, I may not have cleaned up everything, but I damaged the Virus enough where it couldn't come up anymore. I am doing a full scan now and will remove whatever comes up. If you don't have Symantec or another anti-virus installed, then go to AVG.com they have a free copy of anti-virus which is pretty good.

I hope this helps someone else to get their computer back.

0

First of all, I'm a user of limited technical knowledge but I depend heavily on my computer. My computer got a very destructive, wicked virus similar to the one others describe as the "AV Antivirus" that wrecked my computer. I believe it is called the AV Anti-virus Suite because that is the name of the software it kept asking me if I wanted to download. It had installed a quick launch icon, from which it kept popping up warnings about my system. Clicking on the icon opened a fake web site window for the AV Antivirus Suite."

I got it by answering a short “survey” in order to watch a TV episode online. It was a weird, stupid quiz with 5-10 questions that showed a silhouette of the back of a shapely woman with a whip in her hand and a man lying down in a sexual position with a woman standing over him. After I answered the survey, it let me watch the episode, but it was so boring that I closed it within a few minutes. Then, the virus took over my computer, continuously popping up messages every few seconds, saying that my computer was infected and was being attacked, then opening the porn sites porn.com and porn.org and www.viagra.com, which showed a clip of a man and woman at a cafe, with a weird street noise in the background that, when I first heard it, made me wonder where that noise was coming from.

It was wicked in its blocking of my access to any tools to fix it, including all System tools, Task Manager, and it blocked me from any access to the Internet. I wasted a lot of time trying to call Norton. I found out that their service is terrible. After 3 service reps referred me to a different telephone number each time, finally the last number they referred me to was for the “Enterprise Group,” which served the product I have. However, the line was always busy and I never got through.

One thing I discovered about this virus is that it is a little slow to block access. By continuously clicking on the Norton quick launch, I was able to open it and run the scan, despite the virus’ trying to block me from it. However, Norton found nothing on my whole hard and external drives. The last service rep I talked to, a nice Asian lady, who said she could not help me because of the type of Norton product I had, said that she knew about the virus but the only thing she could tell me was to go to the Norton web site for virus removal tools, which, of course was useless advice because I had no Internet access. It turns out there is no such tool that removes the AV Suite virus on Norton’s web site.

I actually spent most of the day backing up my data files because I thought I was going to have to re-install Windows and all my software on my hard drive.

Finally, through a little luck and very basic PC knowledge, I was able to get rid of it and then was able to restore the system to a prior restore point. The first 3 restore points failed, but it finally worked the 4th time. I was so relieved!

Here's how I accomplished it. Although the virus blocked access to the Windows Task Manager, I had the AnVir Task Manager running, which allowed me to identify the Process causing the symptoms. The virus was located at C:\Documents and Settings\[User]\Local Settings\Application Data\gyvlvakqu\fsmjwavtssd.exe.

The file may be randomly named. The way I found it was to look at the description of each process, and look for one that had just been installed that day. This one showed that it had been installed on that same day. Where the Company name should have been listed, it was blank.

First, I "Killed" the process using the Anvir Task Manager right click command. This allowed me to access some things that I was not able to before, like my media player. The virus revived itself in only a couple minutes, so I only had a short time between killing it and doing things.

Anvir Task Manager Pro has an option to "Block" or permanently kill a process, but it would not let me because I don’t have the “Pro” version.

When I tried to delete the file at its source location, it gave me a system error message, saying I was not authorized to do that! Of course ... Instead, I renamed it and this seemed to largely de-activate it, transmuting it into a shell of its former self. It still gave the continuous pop ups but its effects were less virile.

I rebooted my machine and was able to rename the folder containing the file. It was only a 17 K file, but the virus program had written to my registry to generate the damaging effects.

Renaming the folder effectively stopped all the pop ups, but I still had no Internet access through Internet Explorer and that's the only browser I have on my computer. Outlook e-mail was also not working. It was unable to log in to my hotmail account.

Finally, after 3 tries that failed, I was able to successfully restore my computer to a system checkpoint 3 days earlier using the System Tools/Restore function. Now everything appears to be back to normal, except that at least one of my programs is not present, the Google toolbar, but it can be easily restored. I keep getting a notice from Anvir of an attempt to install the Google Toolbar, but I'm deleting that, preferring to install it myself from the Google web site. I never know now whether a virus is playing a trick on me.

If you don't have an alternative task manager running as I did, it might be possible to keep trying to access System Tools, repeatedly requesting it until it works. As I said the virus is a little slow sometimes to respond and I got Norton to open by repeatedly clicking the quick launch icon. I suspect the same could be done with Task Manager, although it requires a combination of keys and selecting it, making it hard to bang. A post I read here describes using the Kill command, but I believe one has to know the name of the process to effectively kill it, though not sure. Task Manager can help you identify the culprit file.

0

i have a program that acts like my anti virus software called av suite. i have searched all around the net to find a solution and all of the sites seem to be fake. It has put a proxy server on my internet properties so i cannot connect to the internet. I try to change the settings and the apply button never highlights. please help let me know what i info i need to provide to help fix this problem thanks everyone.

they got me too. They are the virus they say they will correct. They got me to the tune of 49.95 at the bank too. Where/how do we turn them in and how do we get out moneys back. any suggestions out there.. HELP

Edited by jholland1964: Phone number and email address removed.

0

Audie, you need to contact your bank. Never, ever post your email or phone number publicly online. That is the easiest way to be victim of scams. If you are still infected you need to begin your own thread right in this forum and somebody will assist you.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.