Antispyware Soft is a new rogue antispyware from the same family of rogues as Antivirus Suite, Antivirus Soft, Antivirus Live, etc. All brothers are identical except for their names and partially modified core files, which is necessary in order to remain undetected by legitimate antivirus and antispyware applications. As well as other similar malicious programs, it infects your computer with the help of trojans. When the trojan is activated, it will download and install Antispyware Soft onto your computer without your permission and knowledge.
In first step, Antispyware Soft will register itself in the Windows registry to run automatically when you logon into Windows. Once started, it will simulate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore the false scan results.
While Antispyware Soft is running, it may block any programs from running as an attempt to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Also you will be shown a lot of nag screens, warnings and fake security alerts. In addition, Antispyware Soft will hijack your browser (Internet Explorer, Firefox) by changing its proxy settings, so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!
As you can see, Antispyware Soft is a scam, that created with one purpose to scare your into purchasing so-called “full” version of the program. Most importantly, do not purchase it! If you find that your computer is infected with the rogue, then be quick and take effort to remove it immediately. Follow the removal guidelines below to remove Antispyware Soft and any associated malware from the system for free.
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Use the following instructions to remove Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKCU\..\Run: [apcmuqeo] C:\Documents and Settings\user\Local Settings\Application Data\oweiriewo\kjskdjftssd.exe
O4 – HKCU\..\Run: [vbcqtaea] C:\Documents and Settings\user\Local Settings\Application Data\sdklflksdf\mnsdmnfstssd.exe
Note: list of infected items may be different, but all of them have “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antispyware Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antispyware Soft creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Antispyware Soft creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
Mattias, open a new topic in our Spyware removal forum and post your HijackThis log.
Woah, that worked like a dream…
Thanks to you my evening is saved!
Its really great there are people out there willing to help those in need against irritating stuff like these. Hats off.
Thank you so much for the easy to follow instructions. Got rid of the antispyware soft. Now to get rid of the buggers who started it. You deserve a medal.
Jenny, ask for help in our Spyware removal forum.
thanks Patrik! I figured it out!
Great instructions, I killed it, yeahhhh! Thanks a lot for your help.
thank you sooo much!
everything worked fine 🙂
hey i can’t rename this file is there any way?
how do you resave the file in different name it does let you change it?
After deleting the trojan, my internet browsers don’t work anymore! They all get a connection refused error, even after uninstalling and reinstalling the browser, and rebooting the machine! Help, please?
Thank you so much! This spyware is so annoying I swear that if I ever meet the ones who made it, I will torture them will all the most annoying stuff they can think of. lol
Thanks again! 🙂
Thanks you so much.. simple instruction and got the job done..
I had Norton 360 not sure how this let it through..
-Sanjay
Agh pressed fix for all 04 code lines and now obviously no internet connection got great protec tion though – whats the best fix now?
Thanks for the help
lee, you need remove a HijackThis.exe in a Save dialog.
Alex, you have fixed “R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555” ?
this seemed to work for me, i installed hijack this, then installed mbam, at which point my kaspersky caught the *tsd.exe files and did a quarantine, asked for a reboot and everything seems okay now…
in the future i am definetly going to install both anti virus and MBAM
Theo Abbs, you need fix an infected entries only.
IE would not keep the change in LAN settings, I have Firefox too, downloaded and changed name of file to iexplore.exe I see no sysguard.exe files nor ftav.exe following is the file list, am I to delete all “04”..nevermind could not copy and paste, they all have either HKLM, HKCU, HKUS…..do I delete all of them….this
OK, I’ve run malware twice and restarted PC each time, virus removed, I Explorer will not connect, called ISP, all checked on their end, re downloaded IE8, still no go, how do I get IE8 to connect again?
Mark, you have checked IE proxy settings ?
I’ve done every step, removing, deleting, but after a few hour it comes back, any solution?
Henry, looks like your PC is infected with a trojan that reinstalls the rogue. Please begin a new topic in our Spyware removal forum. I will help you.
Thank you so~~~much!
Patrik, proxy box is checked under LAN settings, it was checked when I went to look at it….still not working….thanks for your assistance!
hi ya patrik, this may sound silly but what you have put up above ( the MBAM ) doesnt come up with malwarebytes, it comes up with spyware doctor which you have to pay for. obvious problem, i havent got the money and dont wish to pay for it. if you could help that would be lovely
i have done this several times. as soon as i log out of safe mode and back in to my normal account its back….. what can i do??
Thank you melware! great program, no need to buy. Fixed my problem perfectly!
Work fantastic. Followed exactly how you said, worked like a charm!!
Bless you folks! You are truly doing God’s work. Your information cleaned my system after many failures to do so on my own. I will seriously consider your advertisers for updates to my security. Thank you very much.
Mark, you need uncheck the proxy box.