AV Security Suite is a rogue antispyware program from the same family of rogues as previously published Antispyware Soft, Antivirus Suite, Antivirus Soft, Antivirus Live, etc. This program classified as rogue antispyware because it reports false infections, displays various fake security alerts, hijacks an Internet browser as a method to force you to believe that your computer is infected. Like other similar malicious programs, AV Security Suite distributed through the use of trojans that come from various misleading websites or a malware that pretend to be flash player updates or even video codecs required to watch a video online.
When the rogue is started, it will register itself in the Windows registry to run automatically when you login to Windows. Further AV Security Suite will start an imitation of system scan. Once finished, it will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as well as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
As method, to create the fully illusion that your computer is heavy infected, AV Security Suite will display numerous warnings, fake security alert and notifications from Windows task bar. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Spyware alert
Application cannot be executed. The file rundll32.exe is
infected.
Do you want to activate your antivirus software now?
Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an
internet virus. It could be a password-stealing
attack, a trojan-dropper or similar.
However, like the scan results, all these alerts, screens and pop-ups are a fake, so you can safely ignore them!
In addition to the above-described, while AV Security Suite is installed, it will hijack an Internet Browser by configuring it to use a malicious proxy server so, it will randomly show a warning page that stats “This website has been reported as unsafe”. Last but not least, the rogue can block most legitimate Windows applications, so that they will not even start. If you try to run a program, your computer will display a warning that stats:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Do not trust the warnings, like false scan results, AV Security Suite uses them to scare you into thinking that your computer is infected with viruses and malware.
As you can see, AV Security Suite is scam and designed only for one – to force you into thinking that your computer is heavy infected as a method to trick you into buying the software. If you find that your computer is infected with this malware, then be quick and take effort to uninstall it immediately. Use the removal guide below to remove AV Security Suite from your computer for free.
More screen shoots of AV Security Suite
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
Use the following instructions to remove AV Security Suite (Uninstall instructions)
Step 1.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;
When you finished, you will see a screen similar below:
Internet Explorer – Proxy settings
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 2.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe. Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog. If you still can not download the program, the repeat first step above.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Place a checkmark against each of lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
Once finished you will see a screen similar to the one below.
HijackThis
Note: list of infected items may be different. Template of the malicious entry is: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}.exe, look for examples above. If you unsure, check them in Google.
Please be very careful, do NOT check any other boxes!. Once you have selected all entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.
Step 3.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for AV Security Suite infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start AV Security Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
AV Security Suite creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
AV Security Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable=”1″
Actually, the full string is: 04 – HKCU…Run:[Google Update]/”C:Documents and settings/comp/Local Settings/Application Data/Google/Update/GoogleUpdate.exe/c”. The R1 file only has a different proxy server.
Michael
Is there any way of repeating the first step using google chrome? I’ve tried scanning the computer with AVG in safe mode but the virus appears to have locked the folders its in.
-Luke
Problem sorted now this site was incredibly useful, thank you.
Michael, GoogleUpdate.exe is legitimate program. If you need a help, please start a new topic in our Spyware removal forum. I will help you.
Do i follow the above steps in Safe mode? Will the hijackthis and malware program run properly and find and fix stuff when run in safe mode? Please let me know since my laptop is also infected badly with this.
Thanks
I am on my home computer right now because this virus will not let me use internet on my laptop. I got the first step done but how am I supposed to complete step 2 if my laptop can’t access the internet?
-Kimberly
Thanks a lot!!! You rescued my computer and I’m very greatful for it!
RP, yes you can use Safe mode.
Kimberly, save both suggested programs above to a flash drive or cd disk and move them to your infected computer.
Patrik, thanks so much for all your help. I haven’t noticed any more pop-ups and everything seems to be working fine now. You’re a star!
Hiya, I got this virus yesterday after a supposedly blocked(avast, I thought we were best mates :C) trojan attempt and appeared to have killed it after running similar steps (rkill and malwarebytes, luckily I already had the installer files for MB), it didn’t pop up or change any proxy settings after the last restart.
So today I boot up and all seems clear, I have task manager open straight away just in case and AV suite did start up after a while, fff, so glad I got that task manager up.
It seems like it’s reinstalling, which is a bugger. I’ve just now d/l’d and run hijack this(fixed the proxy stuff and a [randomcharacters]tssd file, unsure if I got all the related stuff but I had a thorough look) and now MB is running another full scan.
Two questions: will hijack this need to be ran again if AV is still on my machine after MB reboots it? Is it better to run in safe mode? I’ve not needed to reboot yet, got in ahead of AV.
I’ll have to make a thread if it doesn’t work this time around, just bummed because it appeared to be fixed, I’ve not been surfing online since the infection either, just gaming on steam.
Help! I can’t even get to the safe mode option now. Tried to reboot and follow directions and I can’t even get past my black screen. I’m using another PC. Is there something I can download on this PC and boot up to on the other PC with a disk or something?
Any help appreciated.
luh, updated version of Malwarebytes should remove this malware w/o any problems. If it still reinstalls itself after reboot or some hours, then probably your computer infected with a trojan-downloader, then start a new topic in our Spyware removal forum. I will check your PC.
Gina, you can follow the steps above in Normal mode too.
thank you. it really helped me.
OMG! Thank you sooooo much, Patrik! My pc finally booted up completely and after some initial trouble (that virus works FAST to disable new windows opened), I was able to finish the whole thing and get rid of it. You are a life saver!
Interested note: I saw that my auto updates for Windows were turned off, which I know I didn’t do. I can only assume this was done by the virus. Just a reminder to check all your settings after you clean this badboy up.
Thanks Again!
Worked great. I did everything in safe mode with networking.
Hi!
I had the AV Security Suite virus. I thought it was finally removed but I kept on getting redirected on my search. I didn’t know I was so obsesive compulsive but this is driving me crazy… I ran the Malwarebyte’s antimalware which seem to help. I also ran the hijack this (i didn’t change the name though). It continued to redirect and AV started to pop up. I ran Malwarebytes. Now instead of one virus I had 4. I had to run and remove on safe mode. I just ran the SDfix.exe. I continue to get redirected. At this point I don’t know if it’s bc of the original AVSuite, a different virus, spyware or what. Pls Pls…Help!! I’m about to put my notebook in the oven 🙁 …..oh! I tried to follow the above instructions but there is no address on the proxy server (?!)
Claudia, please open a new topic in our Spyware removal forum. I will help you.
thanks for this. I dont see how some people are having problems with the instructions you are giving out. If everyone follows it CORRECTLY then these steps will fix it. trust me. Thanks again
Patrik’s AWESOME
I don’t know how to download Hijackthis because it won’t let me use the internet so I have no way to get to the link. I’m looking on here using my other computer. So now, I have no way to get rid of it. It also won’t let me go into safe mode.
Hi Patrick!!!
I just wanted you to know that you are the BEST!!!! Your instructions helped me in getting rid of the AV Security Suite virus. You were able to help me when Norton that I have on my computer was of no help!! Thank you, and thank you, again!!!
Okay, so, let me start off by saying I’ve tried almost every solution I could find to removing this virus, and none of them have worked. But I tried this one, and so far everything seems to be back to normal.
I only had to do a few downloads and then wait for 20 minutes, and restart my computer.
Thank you very much!
Anny, you have completed the first step above ?
Oh, please help! My notebook has this idntical problem – and I did what you said to do for step one – but I cannot get past their AV Security Suite to get to step 2. Please help. It wants me to buy their software and i cannot get around it at all. Please, please help! Thank you so very much in advance.
Cindy
cindy, you have done the first step above, but still can`t download HijackThis ?
i signed on in safe mode – and i just got online from the computer – and it doesnt show the virus – should i still continue with the next steps?? I am so sorry to sound so computer pathetic -but I am seriously trying – and I really thank you for helping!
i did step one but it wouldnt let me sign on the web so I logged off and signed in on safe mode – no problems – now should i do the rest of the steps? I am so thankful for your help!!
cindy
cindy, minimum you need complete the latest step (Malwarebytes). You need scan your PC with malwarebytes or another good antispyware tool to remove any associated malware.