AV Security Suite is a rogue antispyware program from the same family of rogues as previously published Antispyware Soft, Antivirus Suite, Antivirus Soft, Antivirus Live, etc. This program classified as rogue antispyware because it reports false infections, displays various fake security alerts, hijacks an Internet browser as a method to force you to believe that your computer is infected. Like other similar malicious programs, AV Security Suite distributed through the use of trojans that come from various misleading websites or a malware that pretend to be flash player updates or even video codecs required to watch a video online.
When the rogue is started, it will register itself in the Windows registry to run automatically when you login to Windows. Further AV Security Suite will start an imitation of system scan. Once finished, it will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as well as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
As method, to create the fully illusion that your computer is heavy infected, AV Security Suite will display numerous warnings, fake security alert and notifications from Windows task bar. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Spyware alert
Application cannot be executed. The file rundll32.exe is
infected.
Do you want to activate your antivirus software now?
Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an
internet virus. It could be a password-stealing
attack, a trojan-dropper or similar.
However, like the scan results, all these alerts, screens and pop-ups are a fake, so you can safely ignore them!
In addition to the above-described, while AV Security Suite is installed, it will hijack an Internet Browser by configuring it to use a malicious proxy server so, it will randomly show a warning page that stats “This website has been reported as unsafe”. Last but not least, the rogue can block most legitimate Windows applications, so that they will not even start. If you try to run a program, your computer will display a warning that stats:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Do not trust the warnings, like false scan results, AV Security Suite uses them to scare you into thinking that your computer is infected with viruses and malware.
As you can see, AV Security Suite is scam and designed only for one – to force you into thinking that your computer is heavy infected as a method to trick you into buying the software. If you find that your computer is infected with this malware, then be quick and take effort to uninstall it immediately. Use the removal guide below to remove AV Security Suite from your computer for free.
More screen shoots of AV Security Suite
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
Use the following instructions to remove AV Security Suite (Uninstall instructions)
Step 1.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;
When you finished, you will see a screen similar below:
Internet Explorer – Proxy settings
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 2.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe. Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog. If you still can not download the program, the repeat first step above.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Place a checkmark against each of lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
Once finished you will see a screen similar to the one below.
HijackThis
Note: list of infected items may be different. Template of the malicious entry is: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}.exe, look for examples above. If you unsure, check them in Google.
Please be very careful, do NOT check any other boxes!. Once you have selected all entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.
Step 3.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for AV Security Suite infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start AV Security Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
AV Security Suite creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
AV Security Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable=”1″
Thanks Patrik, Worked like a charm in regular mode…Didn’t even have to go into safe mode!
pressing f8 just makes the blue screen quickly flicker once and then return back to the blue screen.
I am like you Khris from July 7, I restarted thinking I might be able to restore. Since restart my computer only shows windows starting and then goes to a blank screen, with no menus no desktop and stays black until I restart and repeats the same pattern. I am stuck as to what I should do next.
jim/g, open a new topic in our Spyware removal forum. I will check your PC.
Khris, in the boot menu select your harddisk and press Enter, after that immediately press F8.
Christina, try boot your computer in Safe mode or Last Good Configuration.
Thank you Patrick.
Wow!!! THis was the only site i could get to remover the AV virus suite!!!! tried 2 or 3 websites. Easy to follow instructions!!! Removed it right off and removed registry keys!!! thanks!!!
Thanks for the help in removing AV Security Suite from my computer. This malware was a real pain to remove even with your guideance. I had to rename the malware remover to iexplore.exe before I could get it to run. The LAN proxy server setting would not reset, etc. A lot of perseverance is definately needed but pays off in the long run. Keep trying – this definately works.
Thanks Again
Thanks for the help. I followed all the steps, but when I ran MalwareBytes Anti-Malware, it didn’t find any infected files. Is that normal?
From bad to worse!!!
I purchased and installed the spyware doctor software, ran the scan, and followed the prompts to fix the problems. Rebooted and now I get the blue screen of death! I can’t go into safe mode any more no matter which option I choose. No safe mode option gets me past the “SESSION3_INITIALIZATION_FAILED” blue screen. What do I do now?
Patrick, I tried several times to do both. What happens is the computer appears to run through a series of executeable files for a short time I would say approximately ten or so. And then it just hangs there and can not get past. This happened with every option that I selected from the f8 menu. Except that some options the executeable files were not listed but there was a progress bar at the bottom of the screen, the same thing happened it appears to work to a certain point and then it just hangs there. I left it for several minutes and it never got past the point. Any ideas? I have been stuck at this point since, just can’t seem to get beyond it.
oops apologies I see I spelled your name incorrectly. sorry for that.
Patrik = love
Melinda, try update Malwarebytes and perform a fresh scan.
Dennis, you have tried “Last good configuration” option ?
Christina, open a new topic in our Spyware removal forum.
Thanks for the help. This worked great and removed everything easily (for the most part).
worked a treat, thank you so much – follow the instructions carefully mind, no problems now its all gone within an hour!
hi my cmputer won’t open taqsk manger and the ie8 says tha’t all my dsites are unsafe. when i go into safe mode the internet goes away .all of the appps and proogramS EXCEPT INTERNET EXPLORER don’t work.i at first it wuz on just oneuser so i tried to delete that user from my other one… it didn’t work it just spread it. help please. oh and can you by any chance still use usb ports to ghet prograqms in. thnx 🙂
OMGmycomputerwuzhacked, you have completed the steps above exactly ?
i got stuck at step two, trying to install Hijack.
warning pops up: administrator settings
do not allow this procedure, or something close to that.
any ideas?
thanks a lot,
Ross
This simple solution actually works!
Start computer in safe mode (F8 for Vista, check the web for other op systems). Start restore in the command prompt, this is explaned by microsoft in help. A window will allow you to go back and the monster will be gone after the computer restarts. Pick the oldest restore date you can.
You can buy or try all these spyware programs, but there is no assurance that they will always work. Good luck.
Patrik, I posted to the forum but wasn’t sure if you would see it. Thank you so much for your help my computer is up and running again. There is no way that I would have been able to do that without you. You are a gem, what you do here is truly inspiring and I am enternally thankful for all of your help!
Ross, ask for help in our Spyware removal forum.
This somehow occurred w/my new laptop. does this virus damage my hard drive and what programs do u recommend to prevent such disasters again?
A well protected computer should have at least an antivirus and firewall, an antispyware is also great addition to your computers security.
A few good and free antivirus apps: AVG, Avast, Avira.
Install Spybot – Search and Destroy.This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software.
You should use a firewall. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
Many of the exploits are directed to users of Internet Explorer. Use only an alternate browser – Firefox or Opera.
Patrick I’ve completed step 1 but every time i try opening my hijackthis program(renamed to iexplorer) I get a security warning saying the application cannot be executed because it’s infected. haaallpp!
JW, you have made a mistake. You need remove HijackThis.exe to iexplore.exe. It`s very important.
i’ve renamed the Hijackthis.exe to iexplorer.exe like you said to but it’s still getting blocked. anything else i can try?