AV Security Suite is a rogue antispyware program from the same family of rogues as previously published Antispyware Soft, Antivirus Suite, Antivirus Soft, Antivirus Live, etc. This program classified as rogue antispyware because it reports false infections, displays various fake security alerts, hijacks an Internet browser as a method to force you to believe that your computer is infected. Like other similar malicious programs, AV Security Suite distributed through the use of trojans that come from various misleading websites or a malware that pretend to be flash player updates or even video codecs required to watch a video online.
When the rogue is started, it will register itself in the Windows registry to run automatically when you login to Windows. Further AV Security Suite will start an imitation of system scan. Once finished, it will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as well as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
As method, to create the fully illusion that your computer is heavy infected, AV Security Suite will display numerous warnings, fake security alert and notifications from Windows task bar. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Spyware alert
Application cannot be executed. The file rundll32.exe is
infected.
Do you want to activate your antivirus software now?
Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an
internet virus. It could be a password-stealing
attack, a trojan-dropper or similar.
However, like the scan results, all these alerts, screens and pop-ups are a fake, so you can safely ignore them!
In addition to the above-described, while AV Security Suite is installed, it will hijack an Internet Browser by configuring it to use a malicious proxy server so, it will randomly show a warning page that stats “This website has been reported as unsafe”. Last but not least, the rogue can block most legitimate Windows applications, so that they will not even start. If you try to run a program, your computer will display a warning that stats:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Do not trust the warnings, like false scan results, AV Security Suite uses them to scare you into thinking that your computer is infected with viruses and malware.
As you can see, AV Security Suite is scam and designed only for one – to force you into thinking that your computer is heavy infected as a method to trick you into buying the software. If you find that your computer is infected with this malware, then be quick and take effort to uninstall it immediately. Use the removal guide below to remove AV Security Suite from your computer for free.
More screen shoots of AV Security Suite
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
Use the following instructions to remove AV Security Suite (Uninstall instructions)
Step 1.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;
When you finished, you will see a screen similar below:
Internet Explorer – Proxy settings
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 2.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe. Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog. If you still can not download the program, the repeat first step above.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Place a checkmark against each of lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
Once finished you will see a screen similar to the one below.
HijackThis
Note: list of infected items may be different. Template of the malicious entry is: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}.exe, look for examples above. If you unsure, check them in Google.
Please be very careful, do NOT check any other boxes!. Once you have selected all entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.
Step 3.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for AV Security Suite infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start AV Security Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
AV Security Suite creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
AV Security Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable=”1″
JW, please compare
iexplore.exe – you should use
iexplorer.exe – you have used
i can’t believe i missed that. thank you.
hi patrik
thanks a lot for your instructions
the only right one i find on web
THANKYOU THANKYOU THANKYOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
It has been 3 long hours of visiting forums with my backup PC to try and find a procedure to fix this damned rogue. I used some
kill + combofix app. It fixed the issue once, but when I restarted the PC, it came back and even more painful as rkill could not be executed any longer. And then I followed your process with all traps that the other wen through and worked around, and now it is safe, even after a reboot.
Patrick : THANK YOU SO MUCH !!
Your instructions worked perfectly to remove this beast from my computer. I was able to read and follow them thru Firefox. Thousands thanks for your help … you saved me from lot of grief.
Hi all ,
Security Suite Nighmare
I have read through all the comments above however I am not having any luck with this blasted virus . The main problem is that as soon as I log in ( Ive tried the safe mode) , I get a pop up stating that my computer will automatically restart in one minute , this gives me little or no time to do anything.
I can get onto Task manager and had a go at deletig the iffy exe but this hasnt helped.
I can get to system restore but by the time it loads up my 60 secs are up.
This is driving me mad , Im not a techy person at all so any help would be appreciated..
Nicola
Nicola, you have tried to follow the above instructions in Normal mode ?
We are having such a problem with the Security Suite. I cannot get do step 2 because it won’t let me access anything on the internet. I am looking at this through a different computer. I cannot run any removal programs. What can I do? Thank you, Laura
I cannot download hijack this because I don’t have access the Internet because the scam won’t let any websites work?
Hiya. I’ve had this virus for a few days now & it’s really starting to get me annoyed. I get up to Step 1 but no further. It won’t let me onto the internet on both normal and safe mode (even though my connection is working fine). Any help?
I’m using my brother’s computer by the way to read these steps.
I have safari on my computer, and the security suite virus came up…I have gone to another computer and downloaded a way to get rid of it, and I saved it to a jump drive. However, when I put the jump drive into the infected computer, it wont let me open the application to get rid of it. It also brings up random porn sites, please help.
I also do not have access to the internet, so I do not know what to do, so if you would help me as soon as possible, I will be eternally grateful.
Patrick,
Thanks for all the help-
I have a question: I did the malwarebytes program on safe mode, found the trojan agents and hijackers (4 of them), and removed them. I restarted and went back to normal mode, but the problem presisted. Then I did a search to find out with malwarebyte didn’t work, and I came upon your page.
I did the hijackthis, removed ONLY one file (that’s all I could find that looked like the template), and then did malwarebyes again (it was already installed and this time i was able to open it in normal mode because of the hijackthis fix).
Because I had already done malwarebye before i found your hijackthis suggestion, when i ran malwarebye again, i found nothing. am i safe? did it work even though i did it in reverse?
**for those of you who can’t get go to any other website because of the stupid popups and all, you can still go to the tools section, enter the myantispyware.com;blahblahblah stuff in manually, instead of copying (assuming you’re reading it off of an uninfected computer like i was while fixing my infected laptop). do the same for the website address on your infected computer to download the hijackthis program and the malwarebytes program AFTER you have messed with the tools section on explorer. it worked for me.
Laura, try the steps (Method 1).
Ste, boot your computer in Safe mode with networking, reset browser proxy settings and download and run Malwarebytes Anti-malware.
Gareth, you have exactly completed the first step above ?
Tucker, reboot your computer in Safe mode and try run Malwarebytes once again.
Hi there, this just happened to me tonight. I couldn’t access task manager so I just turned the power off. When I went to re-boot my computer, I received an error message of Session3_Initiation_Failed. When I press F8 to reboot in safe or normal mode, it always takes me to the blue screen. Any suggestions? I have important photo files for work on my hard drive so I don’t want to restore the computer to manufacturer default. I’m a bit panicked and would appreciate any help. Thanks.
alice, you have tried “Last good configuration” option ?
Hello, i’m having problems with this. Firstly I do not see the correct files using Hijackthis search. However, if I continue, checking two boxes that are appropriate, and then continue, the antimalware software is blocked by the virus. My question is , how I can I stop the antimalware from getting blocked and/or how do I know which are appropritae files to check on Hijackthis when they are clearly different to those described above.
thanks!
THANK YOU!!!!! i follwed the directions exactly and now my laptop is clean!! thanks again!!!
OMG THANK YOU SOOO MUCH!!! i have been trying to get rid of it everyway possible and i was about ready to just wipe my whole computer which i really didnt want to do, followed everything on here n no more virus deff saving this page incase it happens again =)
This thing is not letting me go to internet options and I cannot boot in Safe Mode I keep getting stuck on system32\drivers\mfehidk.sys
Then you need to download the suggested programs above to another PC, and move them to your computer using a flash or cd disk.
Hi all,
I seem to have stumbled across the same problem with this security suite virus, i followed the steps above and tried to restart my computer on safemode but unfortunately now all my computer does it turn on, shows my blue HP startup screen with options ‘esc’ ‘F1’ and ‘F10. I have pressed both ESC and F1 which lead me to the boot screen and setup but after which no matter what i do leads to a black screen with a _ and if i try to push F10 it doesnt respond and continues to the black screen with the _
I am at a loss of what to do… Could someone please assist me.
Thanks
Adam, you have tried to boot your computer in Last good configuration ?
Hey,
i have recieved this virus recently and was attempting to remove so i resstarted my computer upon restarting i can no longer get past the windows xp start up screen i have tried all 5 startup options ot no avail i have tried it with a netowrk cord plugged in and i am unable to get in. i could really use some help because if i can just get in i can kill this thing but i have no idea how to get in at this point i have tried safe mode safe mode with networking safe mode with command prompt last known good and normal startup :/ nothing anyone have a solution?
Hi Patrik,
Thanks for the guide. I followed all the steps and seemed to have removed security suite, but everytime I reboot my computer I get a blue screen of death, I can only run my computer in safe mode. Any hints?
Much appreciated.