Antivirus Soft also known as Antispyware Soft is a new rogue antispyware program from the same family of malware as Antivirus Live. The program is distributed with the help of trojans. When the trojan is started, it will download and install Antivirus Soft onto your computer and configure it to run automatically when you logon to Windows.
When Antivirus Soft is started, it will imitate a system scan and detect a lot of various infections that will not be fixed unless you first purchase the program. Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that Antivirus Soft gives you.
While Antivirus Soft is running, it will block the ability to run any programs as a method to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
What is more, the rogue will flood your computer with warnings and fake security alerts. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Windows Security alert
Application cannot be executed. The file rundll32.exe is
infected.
Do you want to activate your antvirus software now?
Last but not least, Antivirus Soft will hijack Internet Explorer so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. Of course, all of above warnings and alerts nothing more but a scam and like false scan results should be ignored!
As you can see, Antivirus Soft is a scam that designed with one purpose to trick you into purchasing so-called full version of the program. Do not be fooled into buying the software! Instead of doing so, follow the removal guide below in order to remove Antivirus Soft and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe
Use the following instructions to remove Antivirus Soft or Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [vcspymsv] “C:\Users\Owner\AppData\Local\bbenmt\badwsftav.exe”
O4 – HKCU\..\Run: [udcqinjy] “C:\Users\Owner\AppData\Local\rhjimj\bogjsftav.exe“
Note: list of infected items may be different, but all of them have “sysguard.exe” or “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antivirus Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivirus Soft (Antispyware Soft) creates the following files and folders
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
Antivirus Soft (Antispyware Soft) creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
THANK YOU SOOOO SOOOO MUCH!! I’m sure that the many of us that used your solution successfully, are eternally grateful to you!
With the HiJackThis Log, I couldn’t find the files which you specified in it, so I just checked the 04 files which looked suspicious.
Hi need some help!
When I do a system scan with HijackThis, I can only find 2 ‘infected lines’ which are not labelled sysguard:
I found ‘piesydntssd.exe’
Only 1 under ‘HKLM’
Only 1 under ‘HKCU’
Should there be more? Or is it good that there is only 1 infected file under ‘HKCU’ for me whereas your guide shows 3 infected lines?
I was able to launch Hijack but I could only find 1 out 5 you told and the remaining 4 was the 04
Control alt delete and deleting ‘ieuser.exe’ seemed to work for us – alongside deleting the one that had random letters next to it both in the title and the program name in the task manager program. This then allowed us to use avg scanner which has now picked up a number of trojan viruses and adware toolbars.
Good luck to all and thanks to everyone else for advice – you really saved us!
plzzzzz help me. iv already got malwarebytes-anti malware, and every time i try to open it so i can do the scan the fucked up antispyware soft keeps stopping me!!!!!! plz help!!!!!!
Thank you so much for creating this blog. I bought my Mom a netbook for Xmas, and she got the Antispyware Soft virus. Instead of taking it Geek Squad (a service I’ve already pre paid 3 years for) she nags me to do it. I don’t know anything about computers!! But your page helped me so much, and now it’s spyware free and running with a trusted antivirus/antispyware system.
I just want to extend my gratitude to this website. Without the help you provided, quite frankly, I’d have been absolutley stuffed! Thank you very much indeed.
All the best,
Matt.
Guys is SO EASY!!
Simply:
1. Go to Internet Explorer Internet Options
2. Go to LAN Settings
3. Uncheck Proxy
You can now RUN ALL PROGRAMS
4. Use Malware Bytes and job done 😉
Rob, its normal.
lolol, you need use HijackThis before Malwarebytes. Follow the first step above.
Thank you for this wonderful site. I noticed that when did a msconnfig there is a checked box for that antispyware. My question – Does that mean the trojan is still on my laptop?
Using HijackThis, I found only One (01). Do I need to redo another search? My computer is still running slow. Help! Please. Thank you.
the hijack program worked best for stuck with this virus for 3 hours but really looked hard at hijack and found 2 suckers after that pain sailing but it fought hard thanks so much x
OMG!! Please help! Have tried everything suggested on this site – HiJack this and Malwarebytes, but could only do this in Safe Mode. As soon as I start up my computer normally the virus is still there and I can’t open anything – no HiJack This, no Malwarebytes, no internet access, nothing. In fact, HiJack this doesn’t even show up on the desktop in normal mode. Then, when I go back into Safe Mode, and re-run HiJack This, more 04 codes show up, even though I removed them all the last time I ran it. No infections show up with Malwarebytes now, but I still can’t start my computer normally without the virus. Been working at this for hours – please help!!
Adeliade, start a new topic in our Spyware removal forum. I will check your PC.
Kel, try rename hijackThis.exe to iexplorer.exe and run it in the Normal mode. Fix all infected entries, run Malwarebytes, update it and perform a scan.
my hijackthis scan found no files that had the endings sysguard or ftav. 4 suspicious files apeared looking something like this
04-HKLM\..\Run:[lyjknz]lyjknz.exe
got rid of them & doing malwarebytes scan now.
thanks for your help patrik, you’re a champion 🙂
I cannot thank you enough, i was going insane trying to fight that f****** “antivirus soft”. I followed your instructions using “Hijack This” and it did exactly what said on the can. IT’S GONE !!!!
Once again thanks cus thats one fine piece of software.
Mick
Just got it half an hour ago and came straight to this website. Followed the instruction to turn the computer off, then when the desktop is loading press ctrl-alt-del and start task manager. looked for the dodgyest looking program wgttshte or something similar, and ended it. Sure enough the popups and the green shield dissapeard. To be extra careful I restored my computer to a few days ago, hopefully its completly gone. Does anyone know how you get it? Unfortunatly I was downloading a song AND watching a movie online =)
Patrik, have renamed hijackThis but it doesnt appear on my computer when i start my computer in normal mode. It only appears in safe mode??? Malwarebytes appears in normal mode but hijackThis doesn’t.
Kel
This is perhaps the absolute best anti-virus/ Mal-ware (what ever you want to call it) program i have ever used! I’d love to purchase the full version of it but i can’t because i got no cash. =(
By the way, THANKS!!! I seriously thought i would need to reformat my computer along with everything else in my computer. This program would be recommended to my friends for sure!
How do these guys even get by with selling this thing? I mean, you would think the FBI would be knocking on the door of whoever is receiving the money from the poor schmucks who bought it.
thanks a lot guys!
everything worked well, they just changing the file names.
wanted to express my many thanks, simple process for a scary project…thanks!!!!! John.
This is definitely a pain in the butt virus. I tried everything listed here to remove this thing. Tried open in Safe Mode- did not work. Change Proxy server- did not work. Tried downloading the Hijackthis- could not downlaod because it was Dos. The only thig that worked for me after reading all these posts was hitting CNTR-ALT-DEL as soon as windows was loading. It enabled me to open my processes and arrange them by memory usage. I googled the files listed and found one that was not found and closed it. That then closed the virus program and I was able to run MBAM! It is now removed successfully. Thank you for the help on this site. I just purchased the upgraded version of MBAM to run with my Norton as well.
This is my third time trying to get rid of this horrid thing and every time, MBAM doesn’t catch anything… so i tried to use other programs like spyware doctor and it seemed like it worked, but after i shut down and restart, antivirus soft just pops up again… any suggestions? this has got to be the most annoying malware i’ve had to deal with. alkdsf;jsaf
@Kirk: ooh i just tried your method of manually removing it from processes and i think it worked! i’m not that great with computer codes and whatnot, but i was able to catch something called csrss.exe. i’m still in the process of cleaning out my drive, but i’m really hoping this works! 😀
to the author of this post, thanks for all the help! you really save the sanity of people like me whose whole life is basically on their computer o_o
Sally, if the instructions above does not help you, then ask for help in our Spyware removal forum.
this is just another comment like the ones above. THANK YOU SO SO SO MUCH! this site was a life saver! my dad got infected with antispyware soft and actually bought it for 69.95 and he tried to install it into my comp!!! THANK GOD i found out it was a fake virus. THANK YOU!!!
HELP ME!!!
I can’t run the Registry, I can’t run Task Manager, I can’t run Anti Virus/Malware, etc…
AND I CANT RUN HIJACK!!!!
HELP ME!!!!
Have this virus on our computer, cannot connect to the internet. Saw the recommended solution beginning with pressing ctrl+alt+del as soon as the desktop appears, found a suspicious process, and ended it. The green shield in the bottom right corner and the popups have disappeared. However, we still can’t connect to the internet to proceed through the steps above re: Hijack This, etc. Our browser is Internet Explorer, and it says that it can’t display the webpage. Not very computer savvy. Can anyone send step-by-step directions to fix our problem? Would appreciate very much. Thx.