Antispyware Soft is a new rogue antispyware from the same family of rogues as Antivirus Suite, Antivirus Soft, Antivirus Live, etc. All brothers are identical except for their names and partially modified core files, which is necessary in order to remain undetected by legitimate antivirus and antispyware applications. As well as other similar malicious programs, it infects your computer with the help of trojans. When the trojan is activated, it will download and install Antispyware Soft onto your computer without your permission and knowledge.
In first step, Antispyware Soft will register itself in the Windows registry to run automatically when you logon into Windows. Once started, it will simulate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore the false scan results.
While Antispyware Soft is running, it may block any programs from running as an attempt to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Also you will be shown a lot of nag screens, warnings and fake security alerts. In addition, Antispyware Soft will hijack your browser (Internet Explorer, Firefox) by changing its proxy settings, so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!
As you can see, Antispyware Soft is a scam, that created with one purpose to scare your into purchasing so-called “full” version of the program. Most importantly, do not purchase it! If you find that your computer is infected with the rogue, then be quick and take effort to remove it immediately. Follow the removal guidelines below to remove Antispyware Soft and any associated malware from the system for free.
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Use the following instructions to remove Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKCU\..\Run: [apcmuqeo] C:\Documents and Settings\user\Local Settings\Application Data\oweiriewo\kjskdjftssd.exe
O4 – HKCU\..\Run: [vbcqtaea] C:\Documents and Settings\user\Local Settings\Application Data\sdklflksdf\mnsdmnfstssd.exe
Note: list of infected items may be different, but all of them have “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antispyware Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antispyware Soft creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Antispyware Soft creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
Thank you so much. I tried 3 other techniques before finding this one. I’ve been working on this for 2 hours and you’re recommendations are much appreciated =) To anyone put in this terrible situation – this really works!!!
thank you sooooooooo much Patrik! I used hijackthis 1st, then disabled iexplArer from the startup, then ran malwarebytes; restarted the pc and everything seems fixed now!!
And thanks hijackthis & malwarebytes developers <3
p.s. i always wondered who the hell spends their time creating viruses, malware and all kinds of popups? get a life, people..
Pete, looks like you are clean.
Thank you so much, I was about to give up when I found this website! It seems to work, hope it doesn’t reappear. Really nice of you to help people with no computer skills like me! 🙂
I simply downloaded Hi-jackThis from another computer, loaded it on a flash drive and uploaded it onto my infected computer. It immediately got rid of the nasty popups from Antispysoft. Thanks so much for all the info. It’s a huge help!
HELP. i have the same problem but this time, its seriously worse. i try to open up the programs like spyware doctor and hijack this but it wont let me. as soon as it opens, it closes and the antispyware soft claims that it is infected. i also don’t know how to rename hijack this into the name given before saving the file. any help? please???
Can someone help me out? I downloaded MWB and did scan and removed all off it. Pretty much all of the symptoms are gone except i still can’t use IE or Chrome and for some reason only Firefox works. I downloaded HiJack but couldn’t find any tssd files. Help?
I could open hijackthis but was unable to find the two tssd.exe files, I couldn’t even open MalwareBytes Anti-malware at all. After restarting in safe mode, did hijackthis again, and found the files, Malwarebytes also ran okay in safe mode and killed the files that it caught. Restarted back in regular mode, worked fine 😀
Thank you very much for the detailed instructions. This is the second time i used you guys for cleaning up nasty spy-ware, the instructions are simple and easy to follow. Thanks again!!
Thanks for the help, it worked out 🙂
johnathan, “rename” is simple. If you using Internet Explorer, then click to a link. Save dialog opens. In the Filename field type a new name (iexplorer.exe) and click Save button. If you using Firefox, then you need right click to a link and select Save Link As. Save dialog opens. Type a new name and press Save.
Pat, check the proxy settings. Read the first part of the first step above.
Thanks alot. Saved my life man. is it normal for my computer to be a tad bit slower?
I had the antispyware soft and did the quick restore, it worked magically….thanks for the advice.
Thank you very much. This saved me today. For what its worth, starting in safe mode was key. I skipped that step and it didn’t work. After I got to safe mode, though, this nasty problem went away.
Thanks again.
I can’t open anything without the stupid pop up comming like I’m trying to restore my computer but itblockd it
This thing is taking me over! I cannot open my control panel, internet explorer is completely taken over, firefox still works but i can’t rename anything. nothing is working! Someone please help me!!!
Don, you have tried to rename HijackThis to iexplore before running ?
Wes, if you using Firefox, you need right click to a link and select Save link as. Save dialog opens. In the filename field type iexplore.exe and press Save. Run it.
I restarted in SAFE mode and got rid of this shit. Thanks all and Patrik
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:12 PM, on 5/13/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Users\Kelly.KellyBethke-PC\Downloads\HiJackThis.exe
C:\Windows\system32\DllHost.exe
…
—
End of file – 9351 bytes
I dont know what to do!!
Oh thanks so much! I was panicking for the better part of an hour! I was wondering where this so called “security software” came from since I sure as hell didn’t download it, and was also wondering why my own security program didn’t detect these “32 risky viruses”. Thank god I found this site and realised my computer wasn’t fully stuffed up. Just one pesky program!
Thank you so much for these instructions, worked like a dream. However, my laptop does not seem to be running as fast as it was before it got infected. Is it possible that I could still have some infected files on there?
kelly, run HijackThis and fix the following lines:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKCU\..\Run: [tyvdetmy] C:\Users\Kelly.KellyBethke-PC\AppData\Local\knwnpcclk\suksgnetssd.exe
Rachel, try scan your PC with an online virus scanner or start a new topic in our Spyware removal forum. I will check your PC.
i can’t rename the hijackthis file on my computer!
i’m using mozilla firefox since my ie is completely taken over..
i right click, save file as, but it just downloads and won’t let me rename!
please help me..
this virus is freaking me out..
i managedto get the hijack program working..
but..
when i scan, it says “for some reason, your system denied write access to the host file..
ahh, i got rid of the virus..
but my internet explorer won’t work..
when it said to fix check on hijacks..
i sorta just fixed everything since i couldn’t find what i needed!
what do i do? ><
paige, begin a new topic in our Spyware removal forum. I will help you.
Thank you very much! Very useful guide compared to the other confusing ones I found.
I removed Antispyware Soft, but now I can’t seem to get any connection. I tried with a different account on the same computer and connection seemed fine.