How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)

ASC AntiSpyware and his brother Win Antivirus Vista/XP are rogue antispyware programs.The software is distributed through the use trojans. During installation, Win Antivirus Vista/XP (ASC AntiSpyware) configures itself to run automatically every time, when you start your PC. The rogue antispyware may drastically slow the performance of your computer.

Once running, Win Antivirus Vista/XP (ASC AntiSpyware) will scan your computer and list a large amount of infections, but some of these “infections” (Trojan-PSW.Win32. OnLineGames.sxa, Trojan-Keylogger.Win32.QQHelper.aoc, Net-Worm.Win32.Kido.fx) are actually legitimate Windows files. Then Win Antivirus Vista/XP (ASC AntiSpyware) said that you should purchase the program in order to remove them and protect your computer. Please ignore these alerts. Use the free instructions below for removing the fake antivirus program from your computer.

Symptoms in a HijackThis Log.

O2 – BHO: AntiSyware (IE PlugIn) – {2F3D01F3-2A8E-4814-AA0F-8315172D22BF} – C:\Program Files\Win-Antivirus\modules\IEPlugin163.dll
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
O4 – Startup: ASC-AntiSpyware.lnk = C:\Program Files\Win-Antivirus\WinAntivirus.exe
O23 – Service: AntipyWarex32_ (AntipWinsx32_) – Unknown owner – C:\WINDOWS\svchost.exe

Use the following instructions to remove Win Antivirus Vista/XP (ASC AntiSpyware) (Uninstall instructions).

1. Remove Win Antivirus Vista/XP (ASC AntiSpyware) registry entries and files.

• Download Avenger from here and unzip to your desktop.
• Run Avenger, copy,then paste the following text in Input script Box:

  Drivers to delete:
AntipWinsx32_

  Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F3D01F3-2A8E-4814-AA0F-8315172D22BF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}

  Files to delete:
%windir%\system32\setupixs.dat
%windir%\system32\bills.dat
%windir%\system32\ssddat.dat
%windir%\system32\ersddat.dat
%windir%\system32\dddesot.dll
%windir%\system32\lpsdat.dat
%userprofile%\Start Menu\Programs\Startup\ASC-AntiSpyware.lnk

  Folders to delete:
%programfiles%\Win-Antivirus

  Then click on ‘Execute’.

• You will be asked Are you sure you want to execute the current script?. Click Yes.
• You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
• Your PC will now be rebooted.

2. Remove Win Antivirus Vista/XP (ASC AntiSpyware) associated malware.

• Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
• Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select “Perform Quick Scan”, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: If you need help with the instructions, then post your questions in our Spyware Removal forum.

Win Antivirus Vista/XP (ASC AntiSpyware) creates the following files and folders.

%windir%\system32\bills.dat
%windir%\system32\dddesot.dll
%windir%\system32\ersddat.dat
%windir%\system32\lpsdat.dat
%windir%\system32\setupixs.dat
%windir%\system32\ssddat.dat
%windir%\system32\tdferte.dat
%userprofile%\Desktop\Win Antivirus.lnk
%userprofile%\Start Menu\Programs\Win Antivirus
%userprofile%\Start Menu\Programs\Startup\ASC-AntiSpyware.lnk
%userprofile%\Start Menu\Programs\Win Antivirus\Win Antivirus.lnk
%programfiles%Win-Antivirus
%programfiles%\Win-Antivirus\AntiSpyware_Uninstall.exe
%programfiles%\Win-Antivirus\default.xml
%programfiles%\Win-Antivirus\fastcam.exe
%programfiles%\Win-Antivirus\ignore.xml
%programfiles%\Win-Antivirus\quarantine.xml
%programfiles%\Win-Antivirus\settings.xml
%programfiles%\Win-Antivirus\WinAntivirus.exe
%programfiles%\Win-Antivirus\conf
%programfiles%\Win-Antivirus\conf\clamd.conf
%programfiles%\Win-Antivirus\conf\freshclam.conf
%programfiles%\Win-Antivirus\data
%programfiles%\Win-Antivirus\data\block.reg
%programfiles%\Win-Antivirus\data\block_un.reg
%programfiles%\Win-Antivirus\data\daily.cvd
%programfiles%\Win-Antivirus\data\database.dat
%programfiles%\Win-Antivirus\Microsoft.VC80.CRT
%programfiles%\Win-Antivirus\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
%programfiles%\Win-Antivirus\Microsoft.VC80.CRT\msvcm80.dll
%programfiles%\Win-Antivirus\Microsoft.VC80.CRT\msvcp80.dll
%programfiles%\Win-Antivirus\Microsoft.VC80.CRT\msvcr80.dll
%programfiles%\Win-Antivirus\modules
%programfiles%\Win-Antivirus\quarantine