Antispyware Soft (AntispywareSoft) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

Antispyware Soft is a fake antivirus program. Antispyware Soft is a copy of Antivirus Soft and AV Security Suite. Antispyware Soft is generally installed through the use of a trojan horse. Antispyware Soft will block all applications unless the file name of the executable of the application is iexplore.exe. The comments for Antivirus Suite may provide insight into removing Antispyware Soft since the two programs are similar.

Antispyware Soft

Below is our recommended removal tool for Antispyware Soft. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with Antispyware Soft with task manager. If task manager has been blocked by Antispyware Soft, try using Process Explorer. If Antispyware Soft blocks Process Explorer, rename Process Explorer to iexplore.exe or firefox.exe. Antispyware Soft will generally not block the com version of Process Explorer, which can be downloaded here.

Another method to open task manager is to restart the computer and attempt to open task manager before Antispyware Soft loads so that Antispyware Soft can’t block task manager from opening.

View Antispyware Soft Files
View Antispyware Soft Keys

It is recommended to use safe mode when removing the virus because Antispyware Soft will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. Antispyware Soft will also generally modify Internet Explorer connection settings to make Internet Explorer connect through a proxy server. This comment below may provide insight into fixing the connection settings of Internet Explorer.

Common symptoms and characteristics of Antispyware Soft and other rogue security programs include:
1. Antispyware Soft is generally installed without user permission.
2. Antispyware Soft uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Antispyware Soft will generally block all applications unless the executable file is iexplore.exe. The comments below may provide insight into removing Antispyware Soft.

Manual Antispyware Soft Removal – In order to manually remove Antispyware Soft, the processes associated with Antispyware Soft must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Antispyware Soft entered the computer.

Stop Antispyware Soft Processes (Learn How To Do This)
[random letters]tssd.exe

Remove Antispyware Soft Files (Learn How To Do This)
C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters]\
C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters]\[random letters]tssd.exe

Remove Antispyware Soft Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\Antispyware Soft
HKEY_LOCAL_MACHINE\SOFTWARE\Antispyware Soft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soft
HKEY_CURRENT_USER\Software\avsoft

Remove Antispyware Soft Startup Entry (Learn How To Do This)
[random letters]tssd.exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips. It is also best to upgrade to Internet Explorer 8 for better web browsing security. If a web browser is not up to date, viruses such as Antispyware Soft can generally infect computers much easier while surfing the web. The upgrade is free.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Antispyware Soft.

This entry was posted on Friday, April 16th, 2017 at 8:06 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

109 Responses to “Antispyware Soft (AntispywareSoft) Virus Removal Guide”

random April 17th, 2017 at 11:18 pm

Hi, just want to say thanks for recommending

, using that right now (162 infections so far, cant believe my symmatice didn’t find anything before….).
Also the processExplorer/iexplore thing didn’t work for me, the virus kept blocking it. In the end I had to do the thing, what I did was restart my computer (vista btw) then right after I got into window I opened task manager before the virus start itself, then I was able to “end process” that virus and run stopzilla

anyways thanks a lot

Neda April 18th, 2017 at 8:16 am

This is a really good posting. Thank you very much. I was able to stop the process only by downloading the Process Explorer software and renaming it. From then on I was able to control my computer again.

One question though … I could not find the registry keys you listed “Antispyware Soft”. I found some under the name “avsoft” instead. Are those the keys I should remove?

Neda April 18th, 2017 at 9:05 am

update on the above. Actually since I was uncomfortable messing with the registry keys I simply used the windows “System Restore” to the most recent. This did the trick. It cleared up my registry from the suspicious “avsoft” keys.

Thanks a million for this posting :)

random April 18th, 2017 at 3:56 pm

^ ah I didnt save any system restore points, so avsoft is the actual key? I still have to delete that then

serge412002 April 19th, 2017 at 6:22 am

thanks a lot it worked like a charm. all you have to do is turn ur pc on and keep pressing f8 key and choose safe mode after that it will load up go to users name and choose ur name then open app datta folder it might be hidden so go to control panel folders and click view hidden files after that go back to the username app data then to local and delete ramdom letters with tssd.exe ounce you delete that file the virus is wont start and the go to start type run then type regedit then just follow this HKEY_CURRENT_USER\Software\Antispyware Soft
HKEY_LOCAL_MACHINE\SOFTWARE\Antispyware Soft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soft delete that and u will be good ohh and download Malwarebytes’ Anti-Malware and scan ur pc then delete the infected files. ounce all that is done ur pc will be back to normal hope this helps and i want to thank this website for helping me and i hope i helped

Aden April 19th, 2017 at 11:19 pm

Thank you so much! This worked so well.

I couldn’t open anything because of the spyware, so I restarted my computer and before the Antispyware started I quickly opened taskbar. Then when the Antispyware started I right clicked it on the taskbar and clicked “go to process”. It selected the process and I clicked on “end process.” The Antispyware closed and I was able to download STOPzilla without a problem. STOPzilla is now doing a full scan on my computer, and things seem to have gone back to normal.

Tin April 26th, 2017 at 1:29 am

I got the evil program to stop and it seems to be all cleaned out, but now my Internet Explorer, Google Chrome and Semagic (livejournal interface) won’t/can’t connect to the internet. I’ve tried uninstalling/reinstalling all three progs, but it doesn’t work. I’m using XP. Any advice?

Matthew April 28th, 2017 at 7:29 am

Tin…Go here:

http://www.2-spyware.com/remove-antispyware-soft.html

It explains at the beginning how to fix your connection (this spyware changes your settings to connect by a proxy, you need to undo that).

Good luck!

mary April 28th, 2017 at 9:15 pm

Thanks so much to the author….you’re a life saver! in my case, i used the tast manager, because it wasn’t blocked and than I installed Stopzilla. Before the idea of using task manager, I couldn’t run any antivirus or spyware program as the stupid virus blocked them immediately. thank you really, for people not so good with pc operations your advices are very helpful. good luck to others

Shannon April 29th, 2017 at 2:04 am

I need help. I can’t get anything to install and such. I tried looking for deleting the files but I cant find them. Could some please help me. Im going mad!

Krishna April 30th, 2017 at 5:38 am

1) Restart your computer in Safe Mode with Networking
2) Open IE, go to Tools, Internet Options, Connections, LAN Settings, Uncheck Proxy Server Box.
3) This is what I did. I went to CNET, downloaded AVG, and Malwarebytes. Malwarebytes will remove all malicious files. After, I ran AVG just to make sure I have no viruses.

Hopefully this helps.

Chels April 30th, 2017 at 7:00 am

i cant find all the keys that need to be deleted ,
because ive been finding them in different places than posted,
and some of them i can’t even find at all .
yet the program is still open in my task bar

M8D April 30th, 2017 at 10:13 am

I used malwarebytes and it looks like the virus is gone but Chrome crashes now and never loads the start page. Windows updates doesn’t work either so I don’t know if the system is still compromised.

Vlox April 30th, 2017 at 11:30 pm

Awesome. Used this guide to manually remove files/registries and computer seems totally back to normal! thanks a lot for the guide.

Hitsch May 1st, 2017 at 10:39 am

Thanks a lot. I was a bit scared because I caught it using the company laptop for unintended activities on the web. Well, I did it manually and all worked fine.

Xander May 2nd, 2017 at 12:05 am

Thank all of you so much, I couldn’t run any thing but I got into task manager before it started, found the tssp process stopped it, I couldn’t find the file to delete so now I’m downloading stopzilla

vick May 2nd, 2017 at 2:20 am

My internet won’t work because of this virus so i can’t download this! Any suggestions pleaseee? oh and i don’t have a memory stick so i cant not transfer this download from my desktop onto my infected laptop.

scott May 2nd, 2017 at 8:20 pm

If I use stopzilla do I still have to manually remove all the files?

Scott May 2nd, 2017 at 9:33 pm

So I found and deleted the tssd.exe file, disabled the startup entry, but I can’t seem to find this: “KEY_CURRENT_USER\Software\Antispyware Soft
HKEY_LOCAL_MACHINE\SOFTWARE\Antispyware Soft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware”

in my registry. As mentioned before there is only “Avsoft”, so should I just delete that, or am I fine just leaving it?

rob91 May 3rd, 2017 at 1:14 am

i have managed to open task manager before the application starts but cant find the tssd file. any help will be greatly appreciated

michael May 3rd, 2017 at 4:12 pm

Thank you for the posting. After some trial and error, what worked was starting in Safe Mode (F8 at startup) since the software is not loaded in that case. After Windows XP was running I used the search function to find *tssd.exe, making sure the search includes hidden files and folders. After that I removed the files located in C:\Documents and Settings\… and finally removed the registry keys, which in my case were named “avsoft” and “avsuite”. I restarted and the system was back to normal.

Chris Backey May 3rd, 2017 at 7:22 pm

Thank You!
Renaming process explorer worked!
After killing the process, I deleted the registry values.
Then ran a scan with Malwarebytes, and it found and deleted.

matt May 4th, 2017 at 8:01 am

omg thanks sooo much. (I had to restart my computer and quickly right click the windows toolbar, select task manager, goto processes tab and select process on ANY tssd.exe files) that stopped the program from doing anything, then i downloaded STOPzilla which is currently scanning everything and getting rid of that nasty bug. i ALMOST fell for the antispyware, i was close to buying the ‘solution’ . . . thank god i found this website!!!!! thanks!

liverpoolladlockedup May 5th, 2017 at 1:30 am

im using windows vista so couldnt access most programmes in safe mode. i had to start laptop normally then access task manager. found the rogue file which was gtanoovtssd.exe and stopped it. then downloaded stopzilla which cleaned up my pc and ive had no problems since. only downside is that it cost me a £27 subscription fee but it lasts for a year. all in all it took me over an hur to locate and get rid of.

Raurie May 5th, 2017 at 12:54 pm

Hi, thanks for the stopzilla utility, however after i have got into task manager & stopped the process I am unable to run stopzilla as it says there is one user already logged on … Any suggestions how i can get around this ?

Ashish Vaghela May 5th, 2017 at 9:07 pm

How did you come to know which process should be stopped from task manager? Please guide me. My computer is infected with control center virus.

Andy May 7th, 2017 at 8:19 am

Thank you so much to the author of this post and to everyone for your helpful comments! I was getting so frustrated and you saved me from this nasty thing. Thank you Thank you Thank you

Haroen May 8th, 2017 at 3:01 am

I’d like to thank the author of this page for the great help. I received this virus today and almost gave up the hope that I could delete it but now everything is back to normal again!
Thanks again man, this was worked perfectly!

michelle May 8th, 2017 at 8:00 pm

THANK YOU! I went hiding in XP safe mode when I couldn’t run anything. Nice quiet pop-up freeness in safe mode, and it was no problem to delete the files, registry and startup entries (avsoft here, not the full name) – thanks ever so for the list, would have taken me hours to find the files otherwise. Everything running smoothly now :)

First virus I ever had (that made it past AVG), thrilled to know there’s good people out there who make it so easy to get rid of it again!

Melanie May 8th, 2017 at 11:29 pm

HELP!!! I am in the middle of running StopZilla but this thing is running rampant the whole time. pop-ups galore. I am not too confident is this so far.

I am comfortable editing the reg, but I still can’t get to it. tried to restart in safe mode but it never went there. Is that a Windows 7 problem? hitting F8 did NOT get me to safe mode. any suggestions???

Melanie May 8th, 2017 at 11:31 pm

renaming regedit DID NOT WORK. this is bad. i need to fix this. please help!!!

icraziie May 10th, 2017 at 9:40 am

task manager did not work so i used ur advice and changed process explorer to iexplore.exe worked, used the little button “Find Windows Process” by doing that found the app i had to close, annoying popups finally stopped now i can finally follow the rest of your step .. hope this works

icraziie May 10th, 2017 at 10:48 am

this is odd, after using Process Explorer and killing the program i proceeded to download a new antivirus software, avast. and ran the scan, it found 4 viruses which i promptly deleted.

after that i ran stopzilla and it told me to restart comp, i did that. but once i restarted the AntiAdware Soft didnt run anymore, could Avast have deleted to problem? because i cant find it in the regedit.

Max May 10th, 2017 at 6:25 pm

Thanks for the fix, running XP was able to rename Process Explorer to iexplore.exe, killed the process, deleted the startup & file, but was not able to find the reg entries. Installed new AV software on customers computer, cleaned & all working well. Thanks!

Recordpusher May 10th, 2017 at 8:29 pm

Thank you so much. I stopped it from running at startup by re-booting and hitting Start / Run / mconfig ->Startup (unchecked the file with tssd.exe at the end. This stopped it from running. Then just did a search for the file ‘twdevpltssd.exe’ and deleted that. I had to then go into explorer and uncheck the ‘proxy’ under connections. Was able to update my Malewarebytes and that removed all the files for me. Thanks.

ICRAZIE May 11th, 2017 at 7:33 am

task manager did not work so i used your advice and changed process explorer to iexplore.exe worked, used the little button “Find Windows Process” by doing that found the app i had to close, annoying popups finally stopped now i can finally follow the rest of your step .. hope this works

S May 11th, 2017 at 7:06 pm

Process explorer worked! Thank you so much!

Larry May 13th, 2017 at 10:40 pm

After running search & destroy and attempting to remove them through SpyBot S&D, I receive an error message and the program shuts down. I am running Windows Vista unfortunately, and am typing to you on my wife’s Mac, as I cannot get online with my PC thanks to all of the problems it has. Thanks

K man May 13th, 2017 at 11:41 pm

Thanks alot for the advice!

Kathryn May 14th, 2017 at 11:20 am

Many thanks for this – I was able to manually remove this virus using your webpage.

Maggie May 14th, 2017 at 11:32 am

This virus has managed to disable my keyboard/mouse functions, even in Safe Mode. Totally frozen. Haven’t seen this anywhere else associated with Antispyware soft, just letting other poor unfortunate souls know that this is also a side effect.

Thanks May 14th, 2017 at 1:13 pm

Hey guys thanks for all the help. Worked a treat, but as others have said the file names are changing. Mine was mspfsftav.exe

frb May 14th, 2017 at 1:37 pm

I got the process manager to work by changing the name as suggested but now I don’t know what to do when its running?? the threats are being detected by my AVG

frb May 14th, 2017 at 1:38 pm

sorry it posted before I finished :/

I can’t delete them from my AVG they are just being listed, help!!!

Mike May 14th, 2017 at 4:22 pm

Thanks for your help. Would like to side note that none of the items I need to remove from the registry showed up in safe mode. I assume that’s cause tssd.exe couldn’t load at that time. I had to boot normal and use process explorer to shut down *(&^*tssd.exe.)

Leti May 14th, 2017 at 5:20 pm

EASY FIX, all I did was a system restore in safe mode back to before I got the virus, uninstalled and deleted anything that may have given me the virus– things that I didn’t have before that are new to my computer now…for example I use firefox but someone told me to get chrome, so I did and then I got the virus so I got rid of the chrome, and I’m getting rid of all the toolbars even if they seem innocent such as yahoo and skype, deleting yahoo messenger, and anything that my computer can get any unwanted cookies from. I also have popups and certain cookies blocked, I don’t allow my browser to keep record of history, passwords or anything…et cetera…basic stuff I guess…now I’m running a defrag just to make sure everything gets cleared off that I don’t need or want. If I don’t come back, it’s because it worked.

James May 14th, 2017 at 5:38 pm

Need some help. Even when I start up my desktop in safe mode the control center popps up. I can stop in in task manager, but there is no access to the operating system just like when I start it up normally. Any suggestions?

Kevin May 16th, 2017 at 7:15 am

Followed the instructions given and eliminated the Virus. Ran my computer in safe mode, deleted the *tssd.exe. It was in an odd named directory so I deleted this too.

Found the registry keys under Avsoft & Avsuite & deleted them. Then I got rid of the proxy settings in Explorer & everything is back to normal.
I’d recently changed from IE 8 to Google Chrome. I am not sure if this was the problem but I’ve changed back to IE 8. Currently Stopzilla is running a full scan.

Avast Antivirus and Advanced System care (both latest versions) did not find this virus.

Thanks for the help

J M May 16th, 2017 at 8:01 pm

I’m not sure what to do once I have the process explorer running. Which processes do I stop? How can I tell which ones are associated with the virus?

Cierra May 17th, 2017 at 6:29 am

Thanks! I was successfully able to remove the annoying virus! The file names were different than what was listed, but I just looked for any file with random letters in the name. The only problem now, is that my Instant Messengers (Yahoo and MSN) won’t connect. So I’m wondering if it has something to do with that stupid virus?

heath May 18th, 2017 at 4:30 am

worked perfectly, thanks.

HelpWanted May 19th, 2017 at 8:46 pm

Can anyone give me instructions on how they got rid of this virus!

Augsplace May 20th, 2017 at 3:28 pm

There were 2 new registry entries I found for this virus :

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run->qtqhkldf

and

HKEY_USERS\S-1-5-21-3838776437-3330981427-2189976528-1006\Software\Microsoft\Windows\CurrentVersion\Run->qtqhkldf

Just thought I’d share

Stefan May 20th, 2017 at 5:14 pm

Thanks so much.

I have got similar spyware before but this one was a bit trickier than usual.

all i needed was to open one of my files but it stopped me.

thanks :D

Daniel May 22nd, 2017 at 1:21 am

None of these recommendations are working for me. I can’t boot in safe mode. I can open task manager as soon as my computer starts, but it doesn’t show any tasks to stop before the pop up’s start. I have downloaded both programs as recommended, but the virus won’t let me install either one. I renamed Process Explorer as recommended, but it still wont let me install it. Please Help!!

WelshOwen May 22nd, 2017 at 8:20 pm

I’ve tried everything on here and on some other sites but nothing seems to work. I can’t open task manager, internet explorer, windows messenger or bullguard (my anti-virus software).
The only way i can access this is on my other PC. Is there any way I can get rid of the virus?

Hogg May 23rd, 2017 at 3:17 am

Thanks. Worked perfect. I just followed the instructions. When XP started i quickly hit CTRL ALT DEL and went into processes. I killed the ****tssd.exe task and opened regedit. Deleted the reg entires, deleted the files. Mine was listed under avsoft.

DRAGON May 23rd, 2017 at 8:02 pm

I was unaware of the virus. I actually purchased and download “the full version”. Did I just dig myself deeper in the hole? Does the installation of the full version do even more damage? How do I restore my OS to the previous restore point? Any advice is appreciated.

spiderbatdad May 24th, 2017 at 3:31 am

Was unable to delete the renamed files in windows (permissions errors). could not run task manger nor msconfig. Booted a Ubuntu live cd and accessed the file system through the places menu. Removed the offending ****.exe file in C:\Documents and Settings\[username]\Local Settings\Application Data\…
Restarted windows and voila! Now to try to edit the registry.

Thankful Guy May 26th, 2017 at 6:06 am

This information is solid and worked for me 100%. I cleared it from the registry and everything. Thank you guys for writing such an easy to use guide on how to remove this incredibly annoying virus. Running Malwarebytes now to double check my progress, but my Avast shut up so I think I’m in the clear. Thanks again guys! I couldn’t find some stuff you mentioned but I found some things that weren’t mentioned. When you are in the Registry look for an avsuite by the avsoft. They are related and both need to be removed to destroy the virus.

RDT May 26th, 2017 at 7:40 pm

Worked like a charm! You guys are GREAT!

hana May 27th, 2017 at 2:13 am

hey, i have the virus and i want to run task manager upon restart of the computer so that i can stop the process of the virus.
but i dont know exactly what im looking for, whats the name of the virus.

appreciate any help .. thanks!

Sarah Freedman May 28th, 2017 at 12:38 am

This virus let itself into my laptop and has made it so I can’t access the internet from it. I’m on this web page because I’m using a different laptop so I could find a cure for the virus. Since I have no way of accessing the internet from my infected laptop, I can’t download the program to fix it. How can I get this fixed?

John May 28th, 2017 at 2:26 am

M8D: I also was unable to access Windows Update. I ran TDSSKiller from Kaspersky and it fixed that problem for me. I’m not sure if this was related to Antispyware Soft or a separate issue.

flatop May 28th, 2017 at 3:11 am

FYI- if renaming process explorer to iexplorer didn’t work for you, try renaming it to firefox.exe. That worked for me. Then use Malwarebytes to remove Antispyware Soft. The virus also changed IE settings to use a proxy with no settings which stopped it from connecting to the internet and it also removed the exception for IE from Windows firewall which was also preventing connecting to the internet. Hope this helps someone.

flatop May 28th, 2017 at 3:13 am

****correction to comment above. The virus also changed IE settings to use a proxy

Eric May 28th, 2017 at 6:42 am

Hana, the name of the virus could be anything but it should end in tssd.exe. Make sure you open the task manager right as windows starts. Also, once you’ve ended the process, go into your msconfig and disable the same process from starting up in the startup tab.

Sarah, you don’t need any program to get rid of this virus, you can do everything manually as stated above. The way I fixed it was:

1. reboot pc- the second windows started up, i quickly hit start > run > msconfig > startup > disabled the one that ended in tssd.exe (this has to be done before the virus starts up or else you can’t access msconfig)

2. once windows loads, i opened the task manager and looked for any process that ended in tssd.exe, which popped up after 30 seconds or so (which was weird since i disabled it from starting up but whatever), so i ended that process

3. now you are temporarily virus free, time to find the files, follow the instructions above on where to locate them in your registry (run regedit) and in your documents and settings folder

good luck!

Scott May 28th, 2017 at 6:59 am

I love you! Thanks for saving my comp!

Chuck Hurst May 28th, 2017 at 2:53 pm

I finally got rid of this beast! Used Malware in safe mode. What a relief. Now I’m going out and drinking a wine cooler to celebrate. Whoo hoo!

colleen May 28th, 2017 at 11:33 pm

THANK YOU SO MUCH! I have a brand new laptop and it was infected. Now I’m running anti virus software to get rid of it. I love you guys!

Christian May 29th, 2017 at 4:26 pm

I got this virus and it blocked everything from my task manager to my already installed antivirus. All I did was go online and download the program Spyhunter. It’s one of those programs where it will scan for free and delete when you register. However, in addition to scanning for free, THIS program also blocked the virus. This allowed me to use my already established antivirus (sophos) to find the malware and delete it. Easy free way to do it!

John Bennett May 30th, 2017 at 4:12 pm

I use malwarebytes anti-malware.. It’s amazing, both free and paid.

Lindsey May 30th, 2017 at 9:06 pm

the virus is gone…but now my internet explorer will not work. any suggestions?

mike May 31st, 2017 at 1:26 am

@LINDSEY go to internet explorer, navigate to internet settings, then reset internet explorer. it will fix everything

A Friend May 31st, 2017 at 3:04 am

Lindsey, in case you can’t surf the Internet after the malware removal, try this: Open Internet Explorer, go to ‘Tools’, choose ‘Internet Options’ and hit ‘Connections’ tab. Click ‘LAN settings’ and UNCHECK the following option ‘Use a proxy server for your LAN’. Then click on ‘OK’. You should be good, the malware checks this box and makes your IE think it can not get out to the Internet.

josh May 31st, 2017 at 5:10 am

open internet explorer click tools, at the top, then internet options, then connections, then lan settings and uncheck “use a proxy server…” then refresh your web page or just close and reopen.

Dave June 1st, 2017 at 1:09 am

okay i have just put my computer into safe mode, now what can i do thanks

JustAGuy June 1st, 2017 at 3:35 pm

Simplest way to get rid of Antispyware Soft is to boot into Safe Mode using the F8 key early during boot up. Then choose Safe Mode from the various options. That way Antispyware Soft will never load. Once the stripped down version of Windows loads, launch Windows Explorer and go find the Antispyware directory and file (read the info elsewhere on this page) and delete it. Reboot and the infection is gone.

Tina D. June 1st, 2017 at 9:27 pm

THANK YOU SO MUCH! I got hijacked by this today and you’re removal walkthough worked like a charm!

laura June 2nd, 2017 at 12:05 am

I can’t connect to the internet (i’m on another computer)
but I did disable the program somehow through playing around in the control panel/start up programs.
What do I do about connecting to the internet

Matt R June 2nd, 2017 at 3:16 pm

Thank you…thank you…thank you. Went to safe mode and followed the instructions for finding the virus and clearing it out of my registry. Running a scan right now with Malware Bytes. Thanks again!

Rod June 2nd, 2017 at 11:18 pm

Thank you very much for the kind advice given. I finally was able to use internet explorer again. What I did to get rid of antispyware soft was to place computer in safe mode then to run spybot and this seemed to have cleared that virus. I was only having problems with IE, but thankfully your advice was paramount.

Lynne Irwin June 3rd, 2017 at 2:52 am

Worked for me, but not exactly “easey-peasey.” Everything must be done in Safe Mode, as initially nothing works in Normal Mode. Plan to run MalwareBytes multiple times to get rid of all facets of this virus. Clear the proxy in Internet Explorer early in the task sequence. Currently the registry keys are named avsoft, no longer antispyware soft, but that may change again soon.

Read the user comments above. Some of them are very helpful.

Scoot June 3rd, 2017 at 3:05 am

Thank you for the very thorough and relevant post

Ashley June 3rd, 2017 at 3:52 am

Very helpful. One thing that was a problem for me was that I couldn’t find the actual file (step 2). I have XP and didn’t have a “local settings” folder and when I searched it claimed that I didn’t have anything named *tssd.exe. What I ended up doing was skipping ahead and found the start up entry. In that menu, it gives the “command” which is also the address. By typing that into the address bar I was able to find the file, which must have hidden itself.

h June 3rd, 2017 at 10:17 am

I’m a complete computer dunce but managed to get rid of this virus after a bit of fiddling around. I’ve written what to do below.

Start task manager as soon as you log on, before antispyware soft has started up.

click on processes and find the process that is a load of random letters ending in tssd.exe. This is the antispyware soft process.

Right click and select open file location. the location of the antispyware soft file will come up (ending tssd.).

Delete the file. The virus may stop you from deleting the file because although you have managed to open task manager you haven’t yet ended the process.

while the file location is still open, end the process (ending tssd) and delete the file.

The antispyware soft file should have gone to the recycle bin. Delete it from here.

Finally, the virus will have changed your internet settings while it was active. Hence the reason why the internet explorer will not work even after you have deleted the virus. open internet explorer, click tools (top right), internet options, connections, LAN settings. Ensure all boxes on the LAN settings window are unchecked.

This is to disable the proxy server that the virus set which let you only access their website.

Hope that helps.

Jim June 3rd, 2017 at 8:21 pm

If you can’t get into Internet Explorer to download Malwarebytes, read instructions from Lynn Irwin on June 3, 2017 at 2:52 am and follow instructions exactly. Especially repeatedly run Malwarebytes until NO infected files are found! It will take awhile!! Thank You, Lynn!

IM DEAD June 4th, 2017 at 2:44 am

i cannot connect to the internet, though i have disables the virus. can you please help me? thank you for helping me disable the virus.

Paul Middleton June 4th, 2017 at 10:23 am

Hey guys thanks for the great help
I think i’ve deleted the virus from controlling my desktop, but the only thing now is that it won’t let me click on links whilst i’m on internet explorer. E.g. If I type a search into google and try to click on the link, it sends me to another random website. Any advice?

Blake Johnson June 7th, 2017 at 10:07 pm

Since the virus I got yesterday, my computer won’t load into safemode. I press F8, and I click on the safemode but windows never loads up. Could definately use some advice on this…

Blake Johnson June 7th, 2017 at 10:16 pm

My computer won’t start up, not even in safe mode … therefore, I can’t get to the internet. Any advice?

BobbyLy June 8th, 2017 at 3:45 am

Just a heads up. The name of the infected files changes. Not always .tssd or .avle or whatever they may be. I know the date and time that the virus hit me, so i went through every folder and organized by date, then was able to find the bad folder. They have lots of different names, and apparently whoever is doing it has time to change the names daily. Opening task manager AS SOON as your computer boots, then clicking on “antispyware soft” when it opens, and ending task should be a temporary fix. Although the files remain on your system, you will be able to use it like usual. Ctrl+ALT+DEL opens task manager FYI :)

Timothy McTaggart June 10th, 2017 at 2:39 am

Worked on a friend’s computer that got hit with the Antispyware Soft. Pretty much got it out of there using the info from various websites like yours, so thanks much.

There is still some aftermath; various files were missing out of \windows\system32 such as tasklist.exe and so on, and I am unable to get windows firewall to start. It gives me that dreaded error 2 about a unnamed missing file. The files ipnathlp.dll and ipnat.sys I am told to check are both present and accounted for. Tried the registry patch and windows firewall install command from dos. Any further ideas short of going to zone alarm for firewall? Thanks!!

Erik June 10th, 2017 at 4:13 pm

If your system won’t boot up in safe mode, you probably have a rootkit installed that’s hiding in an infected driver like atapi.sys

Tidserv likes to do this, for one, and it also installs the evil antispywaresoft virus.

You may be able to boot from your Windows CD, and replace \windows\system32\drivers\atapi.sys with a clean version. Other drivers may be involved as well (ftdisk, iastor, etc.), but atapi seems to be the most common

Nirmal June 19th, 2017 at 9:25 am

Thank you so much, this was incredibly helpful! I’d be screwed without this comprehensive guide!

If internet isn’t working after the virus is removed, it’s because AV Suite put a proxy on whatever browsers you’re using. Just go into the browser options, LAN settings and disable the proxy and you should be good to go.

Spencer June 24th, 2016 at 4:14 am

This was amazingly helpful. The walkthrough could not have been easier to follow. My only remaining concern is that startup entry still shows up as an unchecked box….should there be a way to delete it?

James Lawlor June 25th, 2016 at 1:40 am

Hi All. Got the virus a couple of weeks ago, but without thinking to search the net about it, I factory restored my laptop in the hope it would remove. But, I know it is still there because it won’t let me install any antivirus software while not in safe mode.

I have installed malware bytes Anti malware and super anti spyware in safe mode and have ran tests, finding nothing to delete but it is slow responding so I am not sure what to do?

Thanks if any help is given!

James Lawlor June 25th, 2016 at 1:48 am

…Sorry, forgot to add that I can get onto the internet fine, I have a factory restored C: drive and my music still on my D: drive.

I can’t install AVG because you need an internet connection to install, but it won’t let me install unless I’m in safe mode, but some things still don’t install.

The laptop often takes ages to respond when it should be quick as out of the box, so I am not sure what to do next. Cheers

Sylph June 28th, 2016 at 3:47 am

Just a note – removing AVsoft also changes the DNS server of the network device used to connect to the internet. This caused me a headache for quite a while as I thought the problem was registry-related.

chad June 29th, 2016 at 2:49 am

I just deleted the HKEYS listed by Jose on here and then did a system restore in safe mode. Everything was back to normal after that.

Angie July 4th, 2016 at 8:53 am

This site was extremely helpful!! My bf caught the bug and we were lucky we had my laptop to google for help. I came upon this page. There were so many helpful comments and in the verge of desperation, we tried most of them. I had to download process explorer and stopzilla from my own comp hoping I could transfer it to his via usb but that didn’t work because it didn’t open the folders so we ended up restarting his computer and going into safe mode, changing the net connection and then going back into normal mode. We finally managed to get into task manager -> processes and I started spotting the files with tssdd. We deleted these files and it went back to normal!! HUGE EPIC sigh of relief! You guys are life savers!

P.S. …now I have Stopzilla lol and we can play WoW tonight as planned :D win!

Karl July 5th, 2016 at 7:20 pm

Got finally into the Task Manager, however, I have difficulty to indent the file to kill the whole process, other vice, I do not have access to any function… thks

dan g July 15th, 2016 at 9:34 am

I was tricked into actually making a purchase from the antispyware soft virus, and later removed everything with a system restore. However, looking back, I can’t recall what all information I had to provide in order to make the purchase. Does anybody know what information is required for the purchase?

Robin July 16th, 2016 at 11:24 pm

Came in this PM, put on the PC and up came a virus warning … realized I don’t have AV Solution Pro, so why was IT warning me, grabbed my other Pc and did some searching. Found this site and a couple of others, and spent the last 6 hours in safe mode, hunting through the registry, through the files, etc. Hopefully have got rid of it now, as well as a couple of other things (Sky-Banners and Street-Ads) that seem to have come in with it.
I use Chrome rather than IE but it had still redirected it via a proxy server. Some file names were different, but was able to get to them by following the connections in the registry.
Many thanks for the useful information that got me well on my way. 10 out of 10

alexander January 9th, 2017 at 10:41 pm

Great advice, it took me just a few minutes to fix it. I started in safe mode and resetted the computer to 3 days back. excellent!

Jessie January 27th, 2017 at 10:31 pm

I need assistance.
I have the palladium virus.
I tried going into safe mode.
But, what steps do i have to do next??

Sylvi K March 20th, 2017 at 4:24 pm

But my XP Home security still runs in security mode! :S And I can’t find an exe file which ends with tssd.!!

Emil April 21st, 2017 at 4:27 pm

Just cured a bad infection on an XP machine, but things where a bit different than in this Guide:
- No more {abc}tssd.exe and all locations have changed. I had a file called ehsteiaxsik.exe, located in C:\Documents and Settings\{username}\Local Settings\Temp\bcppbhehy\
- I started window in safe mode, ran msconfig and detected the file in the startup entries. Then I unchecked the entrie, deleted the file from the temp directory and removed the entry from the registry in: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] (entry was “uygffjmf = “C:\DOCUME~1\{username}\LOCALS~1\Temp\bcppbhehy\ehsteiaxsik.exe”)
- After that I was able to start windows normally but still couldn’t access the internet with a browser because of the proxy settings.
- Removing the proxy: Control Panel->Internet Options->Connections tab->Lan Settings->Uncheck ‘Use a proxy server..’
Btw, the proxy tried to connect through localhost: 127.0.0.1:47392
-Also, the Chrome executable was renamed to chrome.exe.old. Reversing the file name to just chrome.exe did the job

Windows seems to run normally. Will run StopZilla now. Who knows what other surprises are in the system?
Thank you for getting me on the right track!

Oh yes, also wanted to add that the person who caught the virus swears he was only on hotmail.com when it happened!

Leave a Reply