Antivirus Suite is a new rogue antispyware program from the same family of rogues as Antivirus Soft. Nothing new here, as before, it usually installed through the use of trojans. When the trojan is initialized, it will download and install the core component of Antivirus Suite onto your PC and also, will register it in the Windows system registry to run automatically every time when your logon into Windows.
Once running, Antivirus Suite will start a system scan and report a lot of infections that will not be fixed unless you first purchase it. Doing this is not necessary since the scan results, and the scan itself – a fake. It is only a method created to trick and force you to believe that your computer is infected. So you can safely ignore the false scan results.
While Antivirus Suite is running, it may block any program from running. You will be shown a variety of nag screens, fake security alerts, popups and notifications from Windows task bar. An example:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Last but not least, Antivirus Suite will hijack Internet Explorer so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!
From the above, obviously, Antivirus Suite is a dangerous program and unwanted guest on your computer. When the first symptoms of infection stop using the computer to perform any action, ranging from document editing and finishing shop on the Internet. You need as quickly as possible to remove the rogue antispyware. To do this, use the instructions below to help you remove Antivirus Suite and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
Use the following instructions to remove Antivirus Suite (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [vcspymsv] “C:\Users\Owner\AppData\Local\bbenmt\badwsftav.exe”
O4 – HKCU\..\Run: [udcqinjy] “C:\Users\Owner\AppData\Local\rhjimj\bogjsftav.exe”
O4 – HKLM\..\Run: [kjwerkje] C:\Documents and Settings\user\Local Settings\Application Data\asdasd\qweqwetssd.exe
O4 – HKCU\..\Run: [qlweklqw] C:\Documents and Settings\user\Local Settings\Application Data\qweqwe\adasdastssd.exe
Note: list of infected items may be different, but all of them have “sysguard.exe” or “ftav.exe” or “tssd.exe”string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Antivirus Suite infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antivirus Suite. MalwareBytes Anti-malware will now remove all of associated Antivirus Suite files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivirus Suite creates the following files and folders
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe
Antivirus Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
thanks for this ,worked just as it said ,,,i was having big problems till i found this ,,,,,,,thanks!
I followed the directions of step one, but wasn’t able to open HijackThis (even saved as “iexplorer.exe”). It was immediately closed by the virus program, which stated it couldn’t be executed because ‘iexplorer.exe’ is infected. Any other way to get around it? Should this be done in safe mode?
Thank you so much, you’ve saved me a whole lot of trouble. Very easily explained and it’s totally gone from my computer as well as tons of other stuff my former anti-virus program couldn’t catch.
You’re site has been so helpful before but this set of instructions isnt working. The virus isnt letting me run anything, immediately killing all applications i try to run, even task manager and g the renamed hijackthis or a rootkill program ive downloaded in the past. The virus gives me a windows type pop up message saying that the file is infected and would i like to activate my antivirus software now. i obviously click no. please help!
Alex, you have made a small mistake: you should use “iexplore.exe”. Its very important.
Mark, check twice that you using “iexplore.exe” filename. If the trick does not help, try these names: sysguard.exe, tssd.exe, winlogon.exe, userinit.exe, smss.exe.
I have a problem with removing it with this program. XP is in safe mode and I run the iexplore.exe file and installed this program. I did not get rid of it. What else can I do?
So. I ran HijackThis, but it informed me that the virus denied it access to the Hosts file. However, due to the virus preventing me from opening any programs, I have no way to get into the Hosts file and to take out the lines of text that it is telling me to remove. Suggestions?
THANK YOU a million times over! I used these instructions to rid myself of this trojan with success! I’ve come across this one before, but not to the degree that it wouldn’t let me open my Task Manager or Programs. This was so helpful!!
this worked perfectly. was panicing a little bit since i couldnt access anything but mozilla firefox. Thank you to whoever put this up, you rule!
i am having the same problems with this antivirus suite thing, i have read and read and downloaded everything. did the hijack thing.. renamed it.. went through that all, then did the malware but the antivirus didnt show up.. just 4 other files that i deleted and still nothing, does anyone have any other solutions???
Luka and lito, open a new topic in our Spyware removal forum. I will help you.
OMG cant believe how many people faced the same problem in the last 2-3 days! THANK YOU THANK YOU THANK YOU so much! I nearly had a heart attack seeing all those pop ups! Good thing i googled them before clicking on them!
GOD BLESS YOU!!
Got infected, followed your instructions, and it worked perfectly. Thanks for publishing this fix!!
restart computer
just after log on hit alt+ctrl+del to activate win task mannager
sheet processes, disable jaotbditssd.exe
start>search>file or folder
in advenced settnigs mark hidden files or folders
search for that file
jaotbditssd.exe
delete it
problem solved
you can also remove info abot tis from reg.
start>run> type “regedit”
F3 and type/paste jaotbditssd.exe
delete any info in reg and pres F3 until end of search
Thank you! Thank you!
You saved the day!
THANX. SAVED ME. WHAT ELSE CAN I SAY.
Thanks millions. You saved day, too.
Um small problem, I’m in Safe Mode right now and it won’t let me in Internet Explorer. Only Firefox. IE just flashes in the page then disappears. I have all the other programs needed on my flash drive but can’t do anything until this is fixed.
you.re cool …i am doing it now. if it works god bless you…
Hi Patrick,
It takes pretty much longer to search for that file, and it just does not find it. I do have vista, what else should i do? Anytime I try to access any web page, it does not allow me. Thank you pls in advance :)) DIana
it is called …..qcxylxdttssd.exe …and i will remove it from task manager …wish me luck…yes that was the one…for some reason it ends in tssd
Thank you soooo much!
This worked & was easy to follow.
I really can’t thank you enough.
REALLY WORKS
Suzie, you have tried scan your PC with Malwarebytes ?
Diana, Antivirus Suite still hijacking your browsers ?
Diana, you need run HijackThis and fix all lines that have “tssd” string. Read the instructions above.
Very helpful article – the hijack this section that helped me look for thr ‘Antivirus Suite’ strings was especially good. I removed the .tssd stuff and everything seems copacetic now. Isn’t there any agency that can track down the people who put this kind of destructive spyware out on the internet?
im on mozilla and i cant change the name before i save it how can i do it?
I tried to download the program in a different name, but it couldn’t. I’m using Firefox, as Internet Explorer won’t even open this page.