Antivirus Suite is a new rogue antispyware program from the same family of rogues as Antivirus Soft. Nothing new here, as before, it usually installed through the use of trojans. When the trojan is initialized, it will download and install the core component of Antivirus Suite onto your PC and also, will register it in the Windows system registry to run automatically every time when your logon into Windows.
Once running, Antivirus Suite will start a system scan and report a lot of infections that will not be fixed unless you first purchase it. Doing this is not necessary since the scan results, and the scan itself – a fake. It is only a method created to trick and force you to believe that your computer is infected. So you can safely ignore the false scan results.
While Antivirus Suite is running, it may block any program from running. You will be shown a variety of nag screens, fake security alerts, popups and notifications from Windows task bar. An example:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Last but not least, Antivirus Suite will hijack Internet Explorer so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!
From the above, obviously, Antivirus Suite is a dangerous program and unwanted guest on your computer. When the first symptoms of infection stop using the computer to perform any action, ranging from document editing and finishing shop on the Internet. You need as quickly as possible to remove the rogue antispyware. To do this, use the instructions below to help you remove Antivirus Suite and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
Use the following instructions to remove Antivirus Suite (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [vcspymsv] “C:\Users\Owner\AppData\Local\bbenmt\badwsftav.exe”
O4 – HKCU\..\Run: [udcqinjy] “C:\Users\Owner\AppData\Local\rhjimj\bogjsftav.exe”
O4 – HKLM\..\Run: [kjwerkje] C:\Documents and Settings\user\Local Settings\Application Data\asdasd\qweqwetssd.exe
O4 – HKCU\..\Run: [qlweklqw] C:\Documents and Settings\user\Local Settings\Application Data\qweqwe\adasdastssd.exe
Note: list of infected items may be different, but all of them have “sysguard.exe” or “ftav.exe” or “tssd.exe”string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Antivirus Suite infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antivirus Suite. MalwareBytes Anti-malware will now remove all of associated Antivirus Suite files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivirus Suite creates the following files and folders
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe
Antivirus Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
Had it, followed guideance above and now it’s gone! Thank you!!!!
THANKS SO MUCH FOR THIS ARTICLE!!!!!!
Kim, right click to a link and select Save as.You will see a Save dialog.
Elizabeth, read my comment to Kim.
i cant find all the lines in the hijackthis
alexb, open a new topic in our Spyware removal forum (include your HijackThis log). I will help you.
i got nailed with this tonight… hope this works out. lol have no way to repair or reformat the pc atm so id lose everything on it …….. Ok it worked yay for useful guides on the internet . tyvm who ever made this guide. it worked n ill keep the programs incase it happens again..
I downloaded MalwareBytes, ran it, and it successfully removed everything on the list. However, Antivirus Suite wasn’t one of those programs.
I still can’t bring up the task manager to disable it or anything.
sysguard.exe, tssd.exe, and ftav.exe do not appear when I bring up the search program. Other sites say to bring up Add/Remove Programs in the Control Panel to manually remove it, but it doesn’t show up there either.
I don’t know what to do.
Sorry for the double post. Ii had thought that MalwareBytes automatically updated on launch, but apparently it doesn’t/didn’t. I updated it manually and reclicked the quick scan, and it’s already found two infections. This looks promising, but I’ll post again if that doesn’t work. This situation is scary for me as this is my father’s computer and he’s sleeping (with an hour until the scan finishes, that could be a problem). I’ve only been to what Google has termed as “safe” sites, but I was still infected with this thing. Is it really that easy to infect computers with malware?
Ran Malwareebytes Anti-Malware and found 12 infected files but now I must enter a code and my email address so the program will delete is this a scam? A little hard to do when internet explorer is not working. Seding this from another computer.
Ed
Probably your PC has been infected through the use an exploit in Internet Explorer, Adobe Acrobar Reader, Adobe Flash Player. Update all of them. Also visit to Microsoft Update to update Windows.
Ed, probably you have downloaded Spyware Doctor from Google Ad. Download Malwarebytes Anti-malware from here (scroll down to direct links).
I too have this Antivirus Suite problem, but didn’t get very far with the instructions. I run the HijackThis.exe (renamed it first to iexplore.exe), but non of the items listed had “sysguard.exe” “ftav.exe” or “tssd.exe”, it did show a lot of “O4″ items, but again non of the exe files you’ve mentioned above. Can you tell me what else I can try?
I looked through the hijack this log and none of the lines had “sysguard.exe” or “ftav.exe” or “tssd.exe”string on the right side.
I cant even open internet explorer on my computer to install that program. Suggestions??
(Im on my other laptop)
i use firefox, and when i download the hijackthis file i cant name it whatever i want.
and i cant even use internet explorer because this thing wont let it open.
help
Dennis and Jason, probably your PC is infected with a new version of the rogue. Open a new topic in our Spyware removal forum.
Samantha,
method 1. try boot your computer in the Safe mode with networking, then follow the steps above.
method 2. download all suggested above programs to another PC, them move them to infected computer using a flash or cd disk.
telly, if you using Firefox, then use right click -> Save as, to download HijackThis.
thanks, nice to know there are people out there to help those of us nailed by those ‘other’ people. again, thanks!!
this virus is not allowing me to do ANYTHING at all on my computer. i am in my campus library right now using their comp because my laptop is literally useless right now. i have MalwareBytes already on my laptop because i downloaded it long time ago and it wont let me open it up because it claims that it is “infected”…. even my Microsoft Word wont open up! this is becoming a huge drag for me because it is preventing me from getting my notes that i saved on my laptop or even complete any assignments from my instructors. how can i fix this? i cant even go on the internet because of the fake blocking page that automatically comes up as soon as i open my browser window. can you please help me?
Jo, you need use HijackThis before malwarebytes (first step).
thank you very much for the help
i thought i would lose all my work!!
ty so much for this guide. it works! 🙂
This worked. I cannot thank you enough.
thank you sooo much…..u saved me the trouble and time of taking my pc to the store……thnks a million….all ur steps work and did fix my problem!!
THANK YOU SO MUCH!I was gonna buy the antivirus software. haha. THANK YOU!
THANX MUCH!!! for me i couldn’t do anything until i put it in SAFE MODE – for anyone else who might be having a problem. everything seems OK now.
I’m having trouble fixing the Connection settings in step 1. After I uncheck the box for “Use a proxy server”, it won’t let me click apply and then it just reverts to the original settings. HEllp!!!!!
I was able to change the settings once I put my computer in safe mode. THANK YOU!!!!!!!!!!!!!!