Antispyware Soft is a new rogue antispyware from the same family of rogues as Antivirus Suite, Antivirus Soft, Antivirus Live, etc. All brothers are identical except for their names and partially modified core files, which is necessary in order to remain undetected by legitimate antivirus and antispyware applications. As well as other similar malicious programs, it infects your computer with the help of trojans. When the trojan is activated, it will download and install Antispyware Soft onto your computer without your permission and knowledge.
In first step, Antispyware Soft will register itself in the Windows registry to run automatically when you logon into Windows. Once started, it will simulate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore the false scan results.
While Antispyware Soft is running, it may block any programs from running as an attempt to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Also you will be shown a lot of nag screens, warnings and fake security alerts. In addition, Antispyware Soft will hijack your browser (Internet Explorer, Firefox) by changing its proxy settings, so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!
As you can see, Antispyware Soft is a scam, that created with one purpose to scare your into purchasing so-called “full” version of the program. Most importantly, do not purchase it! If you find that your computer is infected with the rogue, then be quick and take effort to remove it immediately. Follow the removal guidelines below to remove Antispyware Soft and any associated malware from the system for free.
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Use the following instructions to remove Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKCU\..\Run: [apcmuqeo] C:\Documents and Settings\user\Local Settings\Application Data\oweiriewo\kjskdjftssd.exe
O4 – HKCU\..\Run: [vbcqtaea] C:\Documents and Settings\user\Local Settings\Application Data\sdklflksdf\mnsdmnfstssd.exe
Note: list of infected items may be different, but all of them have “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antispyware Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antispyware Soft creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Antispyware Soft creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
Hey patrik
i am not able to log onto safe mode and hijack this is not running even after renaming
p;z help urgent
Patrik – you saved the day. I echo all of the comments on here about your work; I got this virus 3 days ago and have been struggling to find a solution; it’s consumed most of my time. When I found this site, I rushed home and it took 20-minutes to entirely remove this virus. You’re a good man, and it’s nice to know there are good people out there helping others to fight the morons who have too much time on their hands and need to invent viruses like this. Thank you, a million times over…
Justin,
ping, instant messengers and others network apps don`t work too ?
San, press CTRl + ALT + DEL. Task Manager opens. Look for processes that have a “tssd” string at right and stop them. Download and run Malwarebytes.
Had to do it all in safe mode but it worked perfectly
Hi Thanks so much for this page.
1 thing – chrome now does not load pages. Anymore help on this?
I completed the steps above and the antispware soft is still on my desktop and a bottom right icon on my screen. Have I done something wrong?
I thought for sure your instructions would eliminate this crazy thing, but it keeps coming back when I get out of safe mode. In safe mode, I deleted all known problems, restart normally, and it is back instantly. I cannot open anything. Any new suggestions? Thanks!
matt, try the instructions. If it does not help, please start a new topic in our Spyware removal forum.
Michelle, try update Malwarebytes and perform a fresh scan. If it does not help, please start a new topic in our Spyware removal forum. I will help you.
Chris, begin a new topic in our Spyware removal forum. I will check your PC and help you.
if you are able to get on the net google Hitman Pro 3.5 download and install and scan…it is amazing! 30 day free trial, but I’m on my 2nd 30 days and its still free. Have it on several of my pc’s now. I also use malware bytes. Good luck guys!
Question – I deleted my user account that I was logged into when I got this spyware, and then created a new administrator account. (I saved all the files from the original user account under the default Administrator account that comes with XP).
I am on the new account I created now, and there is no sign of the spyware at all. Does this mean I killed it by deleting the affected account, or is it still lurking in the saved files from the old account?
I am running Spybot as I type, while logged into the new account to see if I can find anything, and if it is clear, I was going to move my saved files from the default Administrator folder to the new folders I have created.
Does anyone have any idea if this is all safe? Or have I inadvertently managed to tangle this spyware up in my system even more than it was before?
Thanks, Jess x
After removing antispyware my google chrome is telling me it can’t display page, like it isn’t connected to the internet but mozilla firefox works…help!
Patrik, I used many things. I tried kaspersky (blocked), malwarebytes (blocked), iobit security (blocked), norton (blocked). I’m at a loss and when I try to download hijackthis the site is blocked by Antispyware Soft on internet explorer. On Firefox it does not give me the option to rename it. please help me!!!!
Is the system restore on startup working for this virus? Dammit i hate people who are too lazy to work their ass off for money.
Oh and by the way the virus has practically blocked every single internet browser like safari, chrome, IE, but not firefox (strangely).
I found how to rename the file, but the virus has now obtained the ability to automatically close any type of software that can possibly fight it off. This virus is a B*T*H. My OS is vista home edition if that helps.
Thank you so much for explaining everything and providing help! I’ve downloaded so many software and researched a lot about removal methods but ur instructions worked!
After 24 hrs of tackling this virus it seems to have gone. But my Internet Explorer and Chrome won’t work…only FireFox. I don’t really mind IE since I don’t use it much but it keeps on popping up, saying unfound page.I tried to just uninstall IE but unfortunately I can’t find it in neither Programs & Features nor Updates on my Vista~
btw, the virus won’t let me open or d/l anything until I read ” safe mode w/ internet” step 🙂 You’ve no idea how much I appreciate this! God bless & may good triumph over evil 😀
THANK YOU!! Your detailed instructions are perfect, and worked like a charm.
Jessica, looks like you are clean. But anyway, scan your PC with Malwarebytes.
Ore, start a new topic in our Spyware removal forum. I will check your PC.
Danny, to open a Save dialog in Firefox follow the steps:
Right click to a link and select Save Links as. Save dialog opens.
This guide saved me a whole lot of headache last night. I couldn’t believe how easily this dam program go on my system. I have the latest security updates. Use Firefox for my internet browsing. I have Windows 7 64bit and use Microsoft Security Essentials. Which did detect the virus but couldn’t remove it. I thought I was going have to do a clean install of Windows. Thanks again.
Malwarebytes worked perfectly, I didn’t need to run IE and do the LAN stuff or do the PCDoctor,all I did was run Malwarebytes in SafeMode. Thank You all who wrote this tutorial
Thank you very much for publishing! I cant even fathom how pathetic you would have to be to create such garbage. would love to meet the creator in person.
Hi, I did all the steps and i’m pretty sure I got rid of the spyware, but now i’m unable to connect to the internet with ie or firefox. I went to internet explorer and unchecked the proxy server box but it’s still not working. Any ideas?
are malwarebytes and hijack free?
thank you so much, you are truely a lifesaver!
It keeps popping up inappropriate sites