AV Security Suite is a rogue antispyware program from the same family of rogues as previously published Antispyware Soft, Antivirus Suite, Antivirus Soft, Antivirus Live, etc. This program classified as rogue antispyware because it reports false infections, displays various fake security alerts, hijacks an Internet browser as a method to force you to believe that your computer is infected. Like other similar malicious programs, AV Security Suite distributed through the use of trojans that come from various misleading websites or a malware that pretend to be flash player updates or even video codecs required to watch a video online.
When the rogue is started, it will register itself in the Windows registry to run automatically when you login to Windows. Further AV Security Suite will start an imitation of system scan. Once finished, it will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as well as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
As method, to create the fully illusion that your computer is heavy infected, AV Security Suite will display numerous warnings, fake security alert and notifications from Windows task bar. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Spyware alert
Application cannot be executed. The file rundll32.exe is
infected.
Do you want to activate your antivirus software now?
Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an
internet virus. It could be a password-stealing
attack, a trojan-dropper or similar.
However, like the scan results, all these alerts, screens and pop-ups are a fake, so you can safely ignore them!
In addition to the above-described, while AV Security Suite is installed, it will hijack an Internet Browser by configuring it to use a malicious proxy server so, it will randomly show a warning page that stats “This website has been reported as unsafe”. Last but not least, the rogue can block most legitimate Windows applications, so that they will not even start. If you try to run a program, your computer will display a warning that stats:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Do not trust the warnings, like false scan results, AV Security Suite uses them to scare you into thinking that your computer is infected with viruses and malware.
As you can see, AV Security Suite is scam and designed only for one – to force you into thinking that your computer is heavy infected as a method to trick you into buying the software. If you find that your computer is infected with this malware, then be quick and take effort to uninstall it immediately. Use the removal guide below to remove AV Security Suite from your computer for free.
More screen shoots of AV Security Suite
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
Use the following instructions to remove AV Security Suite (Uninstall instructions)
Step 1.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;
When you finished, you will see a screen similar below:
Internet Explorer – Proxy settings
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 2.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe. Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog. If you still can not download the program, the repeat first step above.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Place a checkmark against each of lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
Once finished you will see a screen similar to the one below.
HijackThis
Note: list of infected items may be different. Template of the malicious entry is: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}.exe, look for examples above. If you unsure, check them in Google.
Please be very careful, do NOT check any other boxes!. Once you have selected all entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.
Step 3.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for AV Security Suite infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start AV Security Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
AV Security Suite creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
AV Security Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable=”1″
It keeps requiring me to do a smart update and because I do not have internet I get stopped there. Please please help me….
Marc, probably your computer infected with a trojan that reinstalls the rogue. Begin a new topic in our Spyware removal forum, I will check your PC.
Laura, you have completed the firsts two steps ?
I’m working on step two again…now working on Malwarebytes again. I will keep you posted if I have further questions…Thanks.
Wellm I did steps one and two again. Restarted the computer and still no internet. Trying it all one more time. If it doesn’t work, any other suggestions…I searched and found a website that guided me more in which files to check for hijack this but it is so difficult to truly understand which ones to keep and delete. I saved a logfile of them this time in case I delete too much. Malware found 7 infected files this last time which was nice to know since it found none every other time. Crossing my fingers that i can get it to work this time…
hey everyone. this rouge virus infiltrated my pc and well not i just have a blank white screen… 🙁 the program wouldnt let me uninstall any programs and it wouldnt let me start task manager. then eventually it to my start bar away. maybe i have an advanced version of this virus but my attempts to save my computer were unsuccessful. But this is a very informative Forum.
Marie, ask for help in our Spyware removal forum.
When I try to run Hijack I get the following message “This file does not have a program associated with it for performing this action. Create an association in the folder options control panel.”
amanda, right click to HijackThis and select Open or Run as…
I found another way for people, including people who can’t use Task Manager
Do a search for taskmgr.exe
Copy to your desktop
Rename to iexplore.exe
Open it
In Applications, look for AV Security Suite demo
Right-click, Go to Process
Search for the name of it on C:/
End Process in Task Manager
Shift-Delete the file.
thank you! this was great.
by the way, for those whom are lost…
after i booted safe mode, it made more sense… so here:
1. restart comp
2. before windows is booted continuously press F8
– select “safe mode with networking”
3. open internet… then follow the directions here!
(i had 46 trojan viruses…haha…. thank you!)
I tried doing this on firefox, but it won’t work.I downloaded the Hijack scan, but when I open it, the stuff I’m supposed to delete isn’t there.
Patrik (Sorry about the mispell of your name in the forums) you are a life saver! Thank you, man! I don’t know how else I can express my gratitude to you! Just…THANK YOU SO MUCH!
HI i have down loaded software above and installed hijack this and followed teh instructions, unfortunately the anti vir will not allow me to run it? the window pops up and quickly dissappears cany you help??
jhro, open a new topic in our Spyware removal forum. I will help you.
Hey all,
This works great, helped me remove some of the files I missed on my own.
Here is a HUGE TIP:
Restart your PC, as soon as you logon,
hit CTRL ALT DELETE to launch task manager.
If you do this before the AVSuite loads, taskmanager will stay open.
I also had time to open Regedit and MSCONFIG.
With taskmanager open, you can kill the .exe, mine was dygawiutssd.exe (random string), and then proceed with the removal process.
I was able to delete everything using Regedit and MSConfig, and this webpage to direct me to what files and reg entries to modify.
Goodluck.
I’ve been having this problem ever since this morning, but VC Security Suite is only infecting one of accounts I have on this computer. I’m currently using a friend’s account(who made herself the main account). I downloaded HiJackthis and I couldn’t check off these;
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
Hi Patrik,
Got similar problem, would love to try your fix however my laptop is still stuck on the boot up mode, with just the blank screen, not even glimpse of the boot up function key options?
Any ideas how can get around this? Canot get to safe mode or anything!
Tried puttng my HP restore disc in but nothing happens, drive runs a bi but then nothing….
Just to say….Muchas Gracias/ Thank you very much. It really worked
Jani, open a new topic in our Spyware removal forum and post your HijackThis log into it. I will help you.
Schoob2, if you cannot boot from the CDROM, this is probably due to the boot order of your devices being incorrect. You can change this in the BIOS.
You can enter to the BIOS from the first screen you see when you turn your computer on. To enter your BIOS,you need press the DEL key. Most Dell, Toshiba, Gateway, Sony & HP systems will press F2. Compaq users will usually have to press F10. IBM typically uses F1 or F2.
Whats your Windows version ?
Hi Patrik,
Running Windows Vista, the only thing with changing the boot order is that when I am re-booting I get nothing on screen, just blank and the HDD runs, no visible options come up like on a usual boot.
I will try when I get home to boot up and hit F2 to see if this works, but failing that is it a case of a lost HDD?
hi mate i have this problem with av antivirus thing. it is on my laptop but my internet wont let me open because it says there may be malware on your computer or something.
so if i downloaded these programs put them on a usb and transferred them over to my laptop which is in safe mode would this process still work?
Schoob2, check the disk at another PC.
Tom, yes you can process the steps above in Safe mode.
Thanks – WORKED 100% I HATE THIS SHIT
you guys are so lucky. i cant even get to the login screen. after i got the av security suite virus, i continued by restarting my computer. bad idea. now i cant get to the login screen. when i turn on my computer it shows the asus logo then it goes to a black screen with a blinking “_” then the “_” dissapears and the screen stays black until i restart again. any ideas how to bypass it? f8 just brings me to a blue screen where i can choose to boot from my computer or cd.
Press F8 again and you will see the Advanced boot menu.
Try boot your PC in Safe mode or Last good configuration mode.
i have taken the steps shown above as well as used the hijack this but am unable to identify any of the files shown & have already used malwarebytes to quarantine the virus but i am still affwcted by this virus, any suggestions would be greatly appreciated.
thanks for the response but when i press f8 when in the blue wndow, the window quickly flickers once and returns to the blue window.