Antispyware Soft is a new rogue antispyware from the same family of rogues as Antivirus Suite, Antivirus Soft, Antivirus Live, etc. All brothers are identical except for their names and partially modified core files, which is necessary in order to remain undetected by legitimate antivirus and antispyware applications. As well as other similar malicious programs, it infects your computer with the help of trojans. When the trojan is activated, it will download and install Antispyware Soft onto your computer without your permission and knowledge.
In first step, Antispyware Soft will register itself in the Windows registry to run automatically when you logon into Windows. Once started, it will simulate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore the false scan results.
While Antispyware Soft is running, it may block any programs from running as an attempt to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Also you will be shown a lot of nag screens, warnings and fake security alerts. In addition, Antispyware Soft will hijack your browser (Internet Explorer, Firefox) by changing its proxy settings, so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!
As you can see, Antispyware Soft is a scam, that created with one purpose to scare your into purchasing so-called “full” version of the program. Most importantly, do not purchase it! If you find that your computer is infected with the rogue, then be quick and take effort to remove it immediately. Follow the removal guidelines below to remove Antispyware Soft and any associated malware from the system for free.
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Use the following instructions to remove Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKCU\..\Run: [apcmuqeo] C:\Documents and Settings\user\Local Settings\Application Data\oweiriewo\kjskdjftssd.exe
O4 – HKCU\..\Run: [vbcqtaea] C:\Documents and Settings\user\Local Settings\Application Data\sdklflksdf\mnsdmnfstssd.exe
Note: list of infected items may be different, but all of them have “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antispyware Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antispyware Soft creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Antispyware Soft creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
Thank you so much this is much appreciated
still getting fake popups from “antispywaresoft” even after cleaning registry and running spyware doctor
I can’t download HijackThis. I can’t even open my Internet options long enough to unclick the proxy box. Any suggestions? thanks so much. This thing is terribly annoying.
Tony, please start a new topic in our Spyware removal forum. I will help you.
BigCat, boot your computer in Safe mode with networking and try the steps above once again.
HijackThis won’t open!
Lora, you have renamed it before running ?
I downloaded hijack this and renamed it, but the nasty program is keeping me from opening it still. Any help?
Josh, try run hijackthis in the Safe mode. Read my comments above.
Do I need to delete all the 04’s or just the ones with tssd somewhere in the line?
Thanks for the help!
HijackThis works for me =) thanks a lot
if you restart and quickly restore system it seems to get rid of it for me. quick and easy
Alison, you should remove only O4`s entries with tdss.
early during bootup, press ctrl-alt-del then start task mgr before the annoying programs load. i end process for asam.exe, and processes ending with “tssd”. total 3 processes which i did not want running. then open browser internetExplorer-tools-internet options-connections-settings (diff from LAN settings)- proxy server delete the address 127.xx.xx.xxx
i next was able to run hijackthis which was on my desktop from prior download. (i did NOT rename the hijackthis.exe) check boxes and got rid of the processes beginning 04 end tssd, the asam, and the R1 HKCU proxy 127.xx.xx.xxx
at this point my computer was now working. i downloaded,saved and ran the myantispyware.com program which scanned my computer. but i would’ve had to buy that program to initiate the “fix checked”. no money, no credit card so i simply closed the program.
thx for the help.
Thanks a lot, this spyware is a real pain in the ass…
Thank very much for your invaluable help. I was really frustrated and panicked. My business computer caught a nasty malware – a scam: Antispywear Soft – a criminal enterprise. Infect with a Trojan, hijack your compouter, disable all functions (no internet except to thier site). I had to download Hi Jack this and your MalwareBytes programs to another computer, rename to firefox.exe and iexplorer.exe (as you recommeded), save to a CD, copy to the infected computer briefcase, and run them from there. Two scans with each program and I was squeeky clean. Right on! Thank you. I am buying your program!
This worked like a charm! Thanks SO much!
Can someone help me?I found R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555, but none of them have tssd.You can’t even see the entire path of some.
tazmaniak, open a new topic in our Spyware removal forum and post your HijackThis log. I will check it.
Thank you so much
Thank you SO much for this! I was in a panic and no one else’s instructions made sense (and none of their programs actually REMOVED the junk, either). I have almost all of this thing off my PC, but there is one area where it’s still living.
I was unable to do anything with any of my F-keys, and so I had to do a Start–Run–msconfig to get the startup crap from this to stop. I’ve gotten all of this off as near as I can tell, using the steps you outlined and the Malwarebytes program. However, it’s still \in\ the startup registry, it’s just not selected. I can’t find it anywhere else via any kind of search, but I also can’t get it into the trash.
I’ve run every scan, and Malwarebytes (the free one, getting the full one as soon as I know this thing is GONE), but nothing shows it as there OTHER than in this startup in the registry.
Do I need to worry about this, as in, is it still there, ready to infect, or is it de-fanged since it’s not selected and there’s nothing of it anywhere else?
I did a selective startup and unchecked the 2 tssd lines but when I ran hijack I don’t see any tssd files to check. these are he 04 lines…
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 – HKLM\..\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 – HKLM\..\Run: [Zune Launcher] “c:\Program Files\Zune\ZuneLauncher.exe”
O4 – HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 – HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 – HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 – HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 – HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [IObit Security 360] “C:\Program Files\IObit\IObit Security 360\IS360tray.exe” /autostart
O4 – HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [EA Core] “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent
O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 – HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat
Jeanne, try update Malwarebytes and perform a fresh scan. if result is zero, then you`re clean.
Scott, these entries are ok.
THANKS! Got the Antispyware Soft removed!
Had to save the hijack program to a flashdrive and was then able to load it on the infected computer. was able to download the malware program, BUT when i try to scan the computer turns itself off. any suggestions?
Hello. I downloaded HiJackThis, but i cant find any tssd entries. What should i do?
I got the code 2 error and I dl’ed the random name executable file and I ended up getting to the Malaware program but right after i click \run scan\ the program closes
Thank you so much!!! I could not find anything in hijack log but i went ahead and downloaded malwarebytes and it found 26 infected files, i removed them and restarted, by the way I did have to run in safe mode, anyways I use AVG for virus protector and it let this get pass, does anyone have advice on a new virus protector that is better then AVG? Thanks again so much for help, so far my computer seems to be ok again!
Jackie, try run HijackThis in Safe mode.