Antivirus Suite (AntivirusSuite) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

Antivirus Suite is a fake antivirus application. Antivirus Suite is a copy of Antivirus Soft. Antivirus Suite is generally installed through the use of a trojan horse. Antivirus Suite will block all applications unless the file name of the executable of the application is iexplore.exe.

Antivirus Suite

Below is our recommended removal tool for Antivirus Suite. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with Antivirus Suite with task manager. If task manager has been blocked by Antivirus Suite, try using Process Explorer. If Antivirus Suite blocks Process Explorer, rename Process Explorer to iexplore.exe.

View Antivirus Suite Files
View Antivirus Suite Keys

Common symptoms and characteristics of Antivirus Suite and other rogue security programs include:
1. Antivirus Suite is generally installed without user permission.
2. Antivirus Suite uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Antivirus Suite will generally block all applications unless the executable file is iexplore.exe. Antivirus Suite will also generally modify Internet Explorer connection settings.

Manual Antivirus Suite Removal – In order to manually remove Antivirus Suite, the processes associated with Antivirus Suite must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Antivirus Suite entered the computer.

Stop Antivirus Suite Processes (Learn How To Do This)
[random letters]tssd.exe

Remove Antivirus Suite Files (Learn How To Do This)
C:\Documents and Settings\[username]\Application Data\[random letters]\
C:\Documents and Settings\[username]\Application Data\[random letters]\[random letters]tssd.exe

Remove Antivirus Suite Registry Keys (Learn How To Do This)
 HKEY_CURRENT_USER\Software\Antivirus Suite
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Suite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Suite

Remove Antivirus Suite Startup Entry (Learn How To Do This)
[random letters]tssd.exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips. It is also best to upgrade to Internet Explorer 8 for better web browsing security.

Your feedback is very highly valued by others so please feel free to comment. Please feel free to share a solution that you may have used to remove Antivirus Suite.

Posted in: Malware Removal

This entry was posted on Thursday, April 1st, 2024 at 4:46 am and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

20 Responses to “Antivirus Suite (AntivirusSuite) Virus Removal Guide”

Steven April 1st, 2024 at 12:15 pm

Hi,

The removal tool failed to remove the “antivirus suite” virus. I therefore decided to remove the virus using the help you have given.

The problem is however that I want to stop the Antivirus Suite Processes but as you have said it has blocked my task manager.

I therefore downloaded the “process explorer” on to a usb stick using another computer. I however can not load that either as the virus has blocked all .exe files also.

I now don’t have a clue how to stop the “antivirus suite” processes!?

Any help would be much appreciated!

Thanks

Jon April 1st, 2024 at 4:31 pm

Hello Steven,

Try to rename the process explorer to iexplore.exe and then run it. It should open. If you have file extensions hidden, then rename it to iexplore.

christian April 1st, 2024 at 10:41 pm

THANK YOU SO MUCH!!
That stupid thing was getting on my nerves so much, and thanks to you it’s finally gone!

are there any other processes i should look out for that might be associated with “antivirus suite”?

Meh April 3rd, 2024 at 9:17 pm

@steven u should open task manager before antivirus suite loads

Jason April 4th, 2024 at 11:24 am

OMG … THANK YOU SO MUCH … It took me hours to figure out how to get all this and you compiled it for us! … Had to rename and load it from another computer to get the Process Explorer to work with that virus. It worked!!! Thank you so much!

Rob April 4th, 2024 at 5:17 pm

I am having the same as Steve however when I renamed to iexplore the virus still blocks it. It tries to start and then quickly shuts down. Any other ideas?

Rob April 4th, 2024 at 5:23 pm

I should add that I believe I have two viruses. Total Vista Security and Antivirus suite.

Jon April 4th, 2024 at 7:18 pm

@Rob – As recommended by Meh, try to load task manager before Antivirus Suite loads. Then use task manager to close Antivirus Suite.

Ace April 5th, 2024 at 6:23 pm

If possible, I always try to remember to restore to an earlier restore point.
this way, hopefully the program won’t load into memory and I can apply the fixes.

Rob April 6th, 2024 at 3:26 am

None of these things would work. I gave up and had Norton fix it. They had some difficulty getting it stopped as well, but they have a tool with a different extension that worked to stop it. From there it was a pretty standard fix. He did go to some areas I am not familiar with, so I guess it was good that I paid them. Hope it does not happen again, $99.99 can get expensive quick! He also removed the tool before he left. I did get iexplorer to run in safe mode, but could not get any scans to run. As soon as I clicked on anything it started right back up. I tried removing myself, but must have missed something as it would come right back.

Thanks for the help anyway.

Zack Bailey April 7th, 2024 at 11:39 am

How do know which process your suppose to end that goes with the virus?

Linel Mess April 9th, 2024 at 6:08 pm

u guys are the best. worked out for me but after fixing the virus, my proxy server said i had to change or reset something like that. i managed to fix it by using the proxy on my computer on the virus contained computer.

you guys do really help alot

Cody April 12th, 2024 at 4:04 am

You might want to add how to find these files on vista because we dont have documents and settings like xp. and also you can reboot in safe mode to make sure the virus will not start at startup. thanks for this i got my computer back.

Albert April 12th, 2024 at 3:59 pm

I wanted to add that on the above instruction regarding the Removing of the Anti-Virus Suite Files; In addition to checking the Following:
C:\Documents and Settings\[username]\Application Data\[random letters]\
C:\Documents and Settings\[username]\Application Data\[random letters]\[random letters]tssd.exe

you should also check:

C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters]\
C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters]\[random letters]tssd.exe

This is where I found the files and would like to mention this in case there are others in my situation.

Good Luck!

P.S Thanks guys for this great guide!

Albert April 12th, 2024 at 4:01 pm

In addition to my previous comment, to be able to locate some of these files it does require you to display hidden files and folders.

rob April 12th, 2024 at 8:47 pm

I have wireless internet and in safe mode it would not give me internet access. So what I did is restart my computer and hover the mouse over the bottom toolbar and right click until the menue come up and you can click “task manager” and it will open up and stay open. You have to be fast before “Anti virus suite” starts running. Once its starts running you are too late as it will close “task manager” down everytime you try to open it. You have to be fast for this to work. You may have to restart your computer a couple of time to get the timing down.

When I got “Task Manager” to stay on I went to the tab “processes”. In there I found a file called FWFJXQJTSSD.EXE.3672DBFO.TF. I highlighted that file and clicked “end process” That stops “Anti Virus Suite”. I now had control of my computer back.

Then I opened Internet Exployer and on the top bar found “tools”. I clicked on “tools” and at the bottom of the Menue clicked “Internet options”. Then click “connections”. Then click “Lan settings”. Then check “Automatically detect settings” and uncheck “Use a proxy for your LAN”. Click OK and OK again and I now had control of may computer back and able to download programs and open them. However I have yet to find a anti spyware program that will get that junk off my computer permanently yet but I can at least use it.

wren April 20th, 2024 at 12:08 am

This thread gave me a good start on being able to remove my instance (infected about the beginning of April) of the AV Suite and this was my procedure:Start up in normal (unsafe mode) with internet connection off.

Immediately bring up task manager as soon as you start getting your icons, and look for and kill the *TSSD.EXE process. It will however already have reinfected your system.

Run latest Malwarebytes to remove majority
of virus entries. Do both quick and full
scan.

Go to internet explorer to remove the
proxy setting configuration

Then run the HijackThis utility from Trendmicro to find the *TSSD entry in
startup, and also to remove it. (I have seen this mentioned in other threads about

Then look in C:/Windows/Prefetch directory
for the *tssd.exe executable and remove it
from there. (I haven’t seen this mentioned
anywhere and found it by doing a search of the system for the rogue executable).

Thus I found that it took a combination of tools to remove all traces. Probably malwarebytes will catch up in a future version.

Note: I assume malwarebytes and HijackThis have been loaded onto the system earlier.
They can also be copied and transferred over
via usb connection. The *tssd.exe process must be killed first.

Shutdown the system and restart

Dallas (Australia) August 23rd, 2023 at 5:07 am

I was able to open my antivirus program while Windows was booting but it was too slow and Antivirus Suite blocked the manual scan process. I was able to open Task Manager and Windows Explorer during the Windows boot process which helped but didnt know which processes to delete. You have to press ctrl-alt-del several times as soon as Windows starts (just before icons appear) and click on Windows Explorer as soon as START menu or icon appears. Luckily I had SUPERAntiSpyware (free edition) preloaded, which starts automatically on booting the PC and was able to scan and remove Antivirus Suite and my PC is back to normal. Tip – try putting your antivirus program in the Startup folder so it starts on boot – or install SUPERAntiSpyware. Then they will start before the Suite virus boots and block them. Keep shutting and restarting Windows until you succeed. Great website guys.

Andrew September 15th, 2023 at 4:54 pm

All I had this same issue. Instead of running trying to beat the security suite to load you can start up in safe mode and run the msconfig.exe and click on the startup tab and choose only the necessary processes. You can google if you are unsure but there are a few that look suspicious. Save your changes and reboot and this should prevent it from starting on boot up. However I did not ‘install’ the security suite so I am not sure how that affects it. Because I did not install I did not have the reg keys. Also this is a great tip by Albert because this is where my security suite.exe was at:

C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters]\
C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters]\[random letters]tssd.exe

Pmag October 16th, 2023 at 3:47 pm

Thanx for guide it actually worked. The only thing is that I couldn’t find the registry keys. Should I be worried that they might be there? Also the files I deleted didn’t end in tssd.exe but I recognized them by the strange rainbow icon they had. Thanx again

Leave a Reply