Antivirus Soft also known as Antispyware Soft is a new rogue antispyware program from the same family of malware as Antivirus Live. The program is distributed with the help of trojans. When the trojan is started, it will download and install Antivirus Soft onto your computer and configure it to run automatically when you logon to Windows.
When Antivirus Soft is started, it will imitate a system scan and detect a lot of various infections that will not be fixed unless you first purchase the program. Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that Antivirus Soft gives you.
While Antivirus Soft is running, it will block the ability to run any programs as a method to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
What is more, the rogue will flood your computer with warnings and fake security alerts. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Windows Security alert
Application cannot be executed. The file rundll32.exe is
infected.
Do you want to activate your antvirus software now?
Last but not least, Antivirus Soft will hijack Internet Explorer so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. Of course, all of above warnings and alerts nothing more but a scam and like false scan results should be ignored!
As you can see, Antivirus Soft is a scam that designed with one purpose to trick you into purchasing so-called full version of the program. Do not be fooled into buying the software! Instead of doing so, follow the removal guide below in order to remove Antivirus Soft and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe
Use the following instructions to remove Antivirus Soft or Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [vcspymsv] “C:\Users\Owner\AppData\Local\bbenmt\badwsftav.exe”
O4 – HKCU\..\Run: [udcqinjy] “C:\Users\Owner\AppData\Local\rhjimj\bogjsftav.exe“
Note: list of infected items may be different, but all of them have “sysguard.exe” or “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antivirus Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivirus Soft (Antispyware Soft) creates the following files and folders
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
Antivirus Soft (Antispyware Soft) creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
Jonathan, try run HijackThis in the Safe mode.
Marco, to open a Save dialog in the Firefox you need click to a link and select “Save link as” option.
Kait, look also lines that have “tssd” in right part.
Thanks! I will remember it for the future.
Hey
i tryed what Kathrine sayed, about restoring computer to a few saus before this issue happend, bit does that mean im totally free of it ??
I was reading my say down, i was about to do all that seems to help others, but my only problem was i couldnt go to any other web site, so couldnt download hijackthis..im using my iPhone atm to read this forum…
But now after restoring i can surf the nett again..so would i need to download hijackthis etc now?
Ps: no idea why i suddenly got small letters on parts of this post 😛
Hehe nvm the small letters i was talking about, Must have been my iPhone 😉
Thx a lot!!
Found a “tssd” in the right after a lot of different letters! Crappy thing!!
LIke this:
O4 – HKCU\..\Run: [madrycgk] C:\Users\…\AppData\Local\ihyxfdsxa\duhdakytssd.exe
if it weren’t for this site and the helpful recommendations i think i would’ve died. this antispy virus was a nightmare, but after i followed the instructions and downloaded hijackthis i got rid of it. so thank you, thank you, thank you, thank you. you really dont know how much i appreciate what you;ve done just by having this page.
whoever the sad jackass(es) who sit at their desks and create these viruses are, i’d like to get my hands on them.
If you download this file, it will stop the errors, thus allowing you to deinstall it somehow.
It’s a .com file instead of .exe and it wont be stopped
http://download.bleepingcomputer.com/grinler/rkill.com
In my case, the name of this malware ujgewjttssd.exe, it still appears in the notification. But it is not bothering now, I did everything but it seems somefiles are still there. hijackthis was the one thar pause this nightmare. Any way, thank you for this post.
I did what Katherine sayed, and restored my computer to an erlier stage. 2 days before this issue happend, so will that say i dont have it anymore? at all atm?
And wouldnt have to download HijackThis etc…?
Cause everything seems to run fine now..
Hmm sry for 2 posts about this, i coudnt see my post i made from iphone, when i was on my computer now, tought it might not have gone throu or something…
I FIGURED A REALLY REALLY EASY WAY!!
all you do is… Right click that pop up antivirus soft page… Copy the url it has..(location is somewhere in your App Data)
Open up My Computer , Paste it into the url bar BUT DELETE the last part of the url…delete it all the way after the exe part
example…
C:\Users\Christopher\AppData\Local\qwooiwtuwi\eriowuep.exe
delete the exe part so..
C:\Users\Christopher\AppData\Local\qwooiwtuwi\
(Something like that, i dont remember i deleted already…)
Then you will see the .exe File…
RENAME IT to whatever…preferably soemthing like NOTGOODeriowuep.exe 😛 (just so you can find it easier later)
The Antivirus Soft is still in use… Reboot your computer And it should no longer start 🙂
GO back to the location of the file and delete it permanently. 🙂
I tried to download hijack this but couldnt seem to get it working. Downloaded malewarebytes after following ie reconfig steps. ran malewarebytes and was good to go. Malewarebytes removed 52 infections. I am upset that this antispyware soft got onto my computer in the first place as I was running an updated System Mechanic Professional program that didnt catch it. I am going to ask system mechanic why I should continue to pay for a program that doesnt catch what a free program did. Thank you Malewarebytes and to the operators of this site. System mechanic youve got some splaning to do.
Works
I cannot find systeguard or ftav.ev I have made a printscreen of hijack can you look it for me.
i39.tinypic.com/29fruad.jpg
Vikingskog, anyway scan your computer with Malwarebytes Anti-malware.
Vinesh, open a new topic in our Spyware removal forum and post your HijackThis log. I will help you.
Thank you – this was really helpful.
Yep i downloaded & installed malwarebyte.
I first preformed a quick scan, and it didnt find anything.
Then i did a full scan, but it was late so i whent to bed, when i woke uptoday my computer had restarted, so not sure it found anything then either, but i dont think so.
So still eveything seems to work as normal 😉
And yes Thanks alot for this website (and my iPhone so i could access it)
shyt thanks guys…. u guys are life savers…
Just wanted to say thank-you to the makers of this site.
There was a small part of me that thought perhaps THIS SITE was an elaborate scheme to get me to download more viruses, but rest assured it’s legit (other sites offer similar, if not the same solution, just do a search).
Just run the HijackThis file, you’ll get a TON of data that makes 0 sense at all, but take 5 minutes to look through .exe files that do not look familar, and “fix” them, which deletes them.
Really simple, just follow the steps.
Thanks again,
All I can say is wow. Simple and effective!!!
thank you it worked great
Thank you so much. Okay guys, the Hijack system works at first shot. Everyone should have the R1 file. However, the people have changed the endings from sysguard.exe and ftav.exe.. to other random stuff. Mine was “fatssd.exe” something. Just any name that looks weird, delete it. There will be more than ONE of that file. I deleted 4 in total, I’m pretty sure if you delete enough files that are related to Antispyware Soft, that it will be deleted off your pc. I don’t think all of them need to deleted because frankly, we don’t know if we deleted ALL of them. But if you delete at least 4, then you should be good 🙂 Hope this helped! Thanks again ♥
If you guys are having any problems, you can contact me at \luv_devka55@hotmail.com\. I dont open random emails so please write \Antispyware Soft Help\ as the message title. I’ll be glad to help you out ♥
This is the easiest little virus I have ever seen to get rid of.
Honestly, just follow the steps above. I noticed I was infected and within 15 mins I was cured of it by READING THE INSTRUCTIONS ABOVE.
A minimal amount of effort goes a long way…
Thanks for the advice on the best (and easiest) way of kicking this sucker to the curb. Now the real challenge is figuring out where exactly I got infected from and how.
VERY SIMPLE SOLUTION
this nasty program take a few seconds to load when the windows starts
In these few seconds you can run the task manager
it appears in the task manager soon (but can’t close it while open)
stop the process after knowing the exact file source location
after stopping its process, go to location and delete it
then apply the setting described earlier in internet options to access the net again (unchecking the proxy in LAN setting)
CHEERS
The file I had to delete using Hijack this ended in tssd not sysguard.