Antispyware Soft is a new rogue antispyware from the same family of rogues as Antivirus Suite, Antivirus Soft, Antivirus Live, etc. All brothers are identical except for their names and partially modified core files, which is necessary in order to remain undetected by legitimate antivirus and antispyware applications. As well as other similar malicious programs, it infects your computer with the help of trojans. When the trojan is activated, it will download and install Antispyware Soft onto your computer without your permission and knowledge.
In first step, Antispyware Soft will register itself in the Windows registry to run automatically when you logon into Windows. Once started, it will simulate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore the false scan results.
While Antispyware Soft is running, it may block any programs from running as an attempt to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Also you will be shown a lot of nag screens, warnings and fake security alerts. In addition, Antispyware Soft will hijack your browser (Internet Explorer, Firefox) by changing its proxy settings, so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!
As you can see, Antispyware Soft is a scam, that created with one purpose to scare your into purchasing so-called “full” version of the program. Most importantly, do not purchase it! If you find that your computer is infected with the rogue, then be quick and take effort to remove it immediately. Follow the removal guidelines below to remove Antispyware Soft and any associated malware from the system for free.
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Use the following instructions to remove Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKCU\..\Run: [apcmuqeo] C:\Documents and Settings\user\Local Settings\Application Data\oweiriewo\kjskdjftssd.exe
O4 – HKCU\..\Run: [vbcqtaea] C:\Documents and Settings\user\Local Settings\Application Data\sdklflksdf\mnsdmnfstssd.exe
Note: list of infected items may be different, but all of them have “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antispyware Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antispyware Soft creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Antispyware Soft creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
wattsy, probably you have clicked to a google ads above. Open the page, scroll down to “download malwarebytes” and click to a link.
kieran, start a new topic in our Spyware removal forum. I will check your PC.
Thanks! The message stop popping up. One thing I noticed was that I wasn’t able to open the Internet Explorer Internet Option under Tools. Luckily, I was on Firefox and set my download folder to desktop. I only had one of the tssd or whatever. I hope one was the only one I need to remove!
i am currently doing what is mentioed above..i hope it works buut diffnetly the only website that has come closest
After a bummer of a morning I found your site and it made my day better! Thank you soooo much for clear simpelk instryctions
Phew! Couldn’t download on affected user account. Couldn’t get network access in safe mode, even with networking selected, so created another user account and then followed the instructions from there. Worked like a charm. Thank you. Panic was setting in.
Wow – step-by-step service that got the job done. Thank you so much. A++
thank you thank you thank you. A while back i thought the only way to get this thing off my friends computer was to do a clean sweep of the hard drive. you just saved me a few hours on my own pc. amazing
Hey, this worked great! I was browsing the web and getting ready to sleep, then I saw the virus and I was sort of freaking out since I couldn’t open anything. Luckily I had firefox opened at the time and I googled the problem and the steps were great, it fixed everything. 🙂
I only found your site after fighting the virus for a couple of days–figured out that I could open my VZAccess if I clicked on it before Antispyware Soft fully opened. Same with Explorer 8. Downloaded Malwarebytes,–could only open it in safe mode and managed to clean the computer after two scans. I had Panda and Iobit 360 Pro running but both let the malware through.
My computer now refuses to restore to any date, even in safe mode and explorer 8 won’t open even unchecking the proxy setting. Any other ideas??
thank you very much! i followed the instructions in the suggested order and was able to successfully remove the ugly virus in <10 mins. this was second infection in last 10 days and i had to reformat my HD last time.
I can't thank you enough for the simple yet very effective instructions…
Hello, thank you for the quick and useful guide this has worked and it’s fully removed from my pc, but 1 problem remains my IE won’t load i’ve checked everything and nothing seems to work, is there a solution to this, thank you once again keep up the good work.
Ok downloaded HiJack This and changed to iexplore.exe scanned deleted what files from previous posts that looked infected. Also downloaded and ran scan from Malware however, when I select Remove Selected. MBAM says it was unable to fix/delete all infected files. Everything is running ok(a little slow) big problem is if I use my search toolbar(google,bing, etc..) everytime I get rerouted to other sites. I didn’t get rid of everything yet. Help please!
Hi i did all of this but now explorer will not run. When i log onto my account only the desktop background will load but no desktop items or the task bar. This is also the case when in safe mode. does anyone have any ideas as to how i can go about fixing it. Thanks
I discovered that pulling the network cable, rebooting, and logging on as local user instead of domain user allowed me to run virus scan. Hopefully I won’t need anything else. I’ll go grab MalwareBytes just in case and check the proxy and registry settings too.
You sir, are a lifesaver. Thank you so much for doing this.
Thanks alot, this was doing my head in for an hour. Weird thing is though, I scanned my PC with Malwarebytes after I deleted the entries and the scanner came up with nothing. Anyone else had that happen?
Whoo, definitely did the job. Currently scanning with Malwarebytes, hope nothing suddenly appears. A well deserved great big Thank You ;).
Ran HiJack in safe mode.
Still same issue
Please begin a new topic in our Spyware removal forum. Post your HijackThis log.
Jason, start a new topic in our Spyware removal forum. I will check your PC.
Miles, looks like “explorer.exe” is blocked from running.Try the following:
once Windows loaded, press CTRL + ALT + DEL. Task manager opens. Click File, New task. Type explorer and press Enter. It should back your icons and Start button. Run Malwarebytes, update it and perform a fresh scan.
Adam, try update Malwarebytes and perform a new scan.
I performed a full scan on my system and that came up with the goods, thanks Patrik.
thanks this worked fine but i had to down load hi-jack this from another computer and then down load
on the messed up comp. then ran the hi jack this
THANK A BUNCH
when you have downloaded and installed go to your program files and rename malwarebytes to ‘ iexplore.exe , this will let you run malwarebytes , make sure you preform a full scan
These steps worked for me too. Thanks!
hey, i was running windows security essentials and it got through. after i clean my comp will spyware doctor keep it clean?
when i did a scan with spyware doctor if found the trojan but when i clicked fix and restarted my comp it still started on startup. so i went to msconfig and foudn the program and unchecked the box for the rogue program and it nolonger started. this allows me to run programs however the program is still on my comp. if i go to the actual file location (c:\user\me\appdata\local\wlntvlnse\jsnvqtttssd.exe) and just delete it there will this fully get rid of the program?