AV Security Suite (AVSecuritySuite) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

AV Security Suite, also known as AVSecurity Suite, is a fake antivirus application. This virus is similar to Security Suite and Antivirus Action. AV Security Suite is generally installed through the use of a trojan horse, which is generally downloaded while surfing the web. AV Security Suite will block all applications unless the file name of the executable of the application is iexplore.exe or firefox.exe since AV Security Suite doesn’t block Internet Explorer or Firefox.

AV Security Suite

Below is our recommended removal tool for AV Security Suite. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with AV Security Suite with task manager. If task manager has been blocked by AV Security Suite, try using Process Explorer. If AV Security Suite blocks Process Explorer, rename Process Explorer to iexplore.exe or firefox.exe. AV Security Suite will generally not block the com version of Process Explorer, which can be downloaded here.

Another method to open task manager is to restart the computer and attempt to open task manager before AV Security Suite loads so that AV Security Suite can’t block task manager.

It is recommended to use safe mode when removing the virus because AV Security Suite will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. AV Security Suite will generally modify Internet Explorer connection settings to make Internet Explorer connect through a proxy server. This user comment may provide insight into fixing the connection settings of Internet Explorer. After fixing the connection settings of Internet Explorer, AV Security Suite can be removed by using the removal tool or by manually removing the virus.

The user comments for Antivirus Suite and the user comments for Antispyware Soft may provide insight into removing AV Security Suite since the three viruses are similar. There are roughly 120 comments.

View AV Security Suite Files
View AV Security Suite Keys

Common symptoms and characteristics of AV Security Suite and other rogue security programs include:
1. AV Security Suite is generally installed without user permission.
2. AV Security Suite uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Manual AV Security Suite Removal – In order to manually remove AV Security Suite, the processes associated with AV Security Suite must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before AV Security Suite entered the computer.

Stop AV Security Suite Processes (Learn How To Do This)
[random letters]tssd.exe

Remove AV Security Suite Files (Learn How To Do This)
C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters]\
C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters]\[random letters]tssd.exe

Remove AV Security Suite Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\AV Security Suite
HKEY_LOCAL_MACHINE\SOFTWARE\AV Security Suite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Security Suite

Remove AV Security Suite Startup Entry (Learn How To Do This)
[random letters]tssd.exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips. It is also best to upgrade to Internet Explorer 8 for better web browsing security. If a web browser is not up to date, viruses such as AV Security Suite can generally infect computers much easier while surfing the web. The upgrade is free.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove AV Security Suite.

This entry was posted on Wednesday, June 2nd, 2010 at 5:02 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

63 Responses to “AV Security Suite (AVSecuritySuite) Virus Removal Guide”

question June 4th, 2010 at 9:05 am

What about system restore, does it repair the registry? I done it and it seem to have worked. However, just for safety I downloaded malwarebytes…

Keith June 4th, 2010 at 2:30 pm

One tip which might help others out there. Run msconfig and on the general tab you select diagnostic start up. Then reboot your computer. This will load only basic functions which will allow you to do the removal process and still have full functions of all your other programs.

It will not allow the virus to start up and you can then clean in peace.

juliette June 5th, 2010 at 6:57 am

What do you mean about [random letters]tssd.exe?
i can’t find anything in task manager with tssd.exe … confused …

juliette June 5th, 2010 at 7:12 am

heh.. don’t worry … i figured it out =] thanks! this site is so helpful!

Stephan June 6th, 2010 at 9:41 pm

I’m not as smart as Juliette and nothing on my computer is *tssd.exe. HELP!

David June 8th, 2010 at 5:41 pm

I removed the registry and got rid of the (random).dll files and shut it down from start up so now my cpu appears to be clean but is now running really slow and it takes me like 5 mins to load a program plz help

R June 10th, 2010 at 8:01 am

Thank you soooooo much!

I did all the steps successfully. But one thing; how am I to know that the virus is completely removed from my computer?

Paul June 13th, 2010 at 2:02 am

downloaded and installed mbam (free).
Booted to Safe mode and ran mbam. Removed the AV security virus!

Sue June 15th, 2010 at 8:18 pm

Not all of the registry keys listed were present. Should I be concerned about that? Please advise.

Sham June 16th, 2010 at 11:48 pm

Very helpful indeed. Many thanks.

TRIAS June 19th, 2010 at 3:53 pm

agradecido
apague el computador
reinicie en modo seguro
abri el regedit y elimine las entradas
reinicie la maquina
actualice el NOD32 que me encontro otros dos archivos y los elimino

caracteres aleatorios encontre esto: mrvefprtssd.exe

TRIAS June 19th, 2010 at 4:00 pm

apague el computador
reinicie en modo seguro
abra el regedit
realice los cambios borrando las siguientes entradas

HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[caracteres aleatorios]“
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[caracteres aleatorios]“
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″

jose de jesus sigala June 20th, 2010 at 8:07 pm

gracias a este sitio pude remover este molesto programa EL SENOR JESUS BENDIGA A TODOS AV SECURITY SUITE thanks to everyone here for all the info i was trying to remove this malware with spy doctor but it needs to have a license ..instead i get this info and was able to swipe this av secirity suite forever.. thanks GOD

charles June 21st, 2010 at 3:53 am

I’ve removed other similar viruses form my computers before, but I’m really having some trouble on my netbook. I think I have followed all the directions to a “T” (stopped process, removed files, removed registry keys, and stopped startup of process in msconfig). BUT – I’m running into a major issue — Internet Explorer will not connect to standard internet sites (Google, Yahoo, etc.) — in fact, the only site that I can actually successfully connect to is my employee webmail (Outlook web access) — it has an HTTPS prefix, so I’m guessing that is why it’s the one site that is working. Does anyone have ANY idea what the problem might be? Thanks so much for taking time to help me on this if you can.

TOT COMICS June 21st, 2010 at 8:53 pm

Well its a tad confusing at first, but heres my simple version that I think removes antispyware soft (and its variations) for good.

1. Start your pc in safe mode.
2. copy Microsoft Windows Malicious Software Removal Tool (KB890830) – Setup Self-Extracting Cabinet from a flash drive onto your pc. or download off of Microsofts website if it isn’t blocked by the virus.
3. If your pc is in safe mode the exe should run.
4. do a quick scan. If antispyware soft is the only virus on your pc 1 threat should be detected and removed automatically. Then the removal tool alerts you that the virus is only partially removed and you need a official anti virus to remove the rest. Ignore that as the 1 file removed seems to disable antispyware softs functionallity.
5. Use the manual removal steps above to hunt down and remove the remaining files such as the exe. and registry keys.

Now if this works as good for you as it did for me your pc should run exes and all of the other blocked files. The only problem I noticed is that internet explorer no longer works as antispyware soft changed the proxy or something.

But I’m not sure if my method is 100% effective so you should use the one listed above and use mine as a last resort (or if you trust me :P ).

jon June 22nd, 2010 at 2:21 am

Charles – The user comment below provides some information related to connection issues with Internet Explorer which may help –

http://www.virusremovalguru.com/?p=6088#comment-41464

However, the comment relates to Antispyware Soft, which is similar to AV Security Suite.

jose de jesus sigala June 23rd, 2010 at 6:15 am

the issue is that av changes internet explore settings … go to tools … internet options … connections … lan settings … disable proxy thats it

John June 25th, 2010 at 2:10 am

Fantastic. Great walk thru. You guys are a life saver.

Thank you so much.

CJE June 25th, 2010 at 5:00 am

Just tried the advice on getting internet explorer back up and running – works!!

Dan June 25th, 2010 at 6:49 pm

Hey just wanted to say thanks … this little bugger crippled my work pc this morning and with your guidelines i was able to get back up and running in no time.

Olivia June 26th, 2010 at 9:16 pm

So this virus randomly installed itself on my computer. I went to restart my computer and apparently this virus corrupted or deleted one of the system files.. its called system32\drivers\isapnp.sys and windows won’t start up

Dubec June 27th, 2010 at 3:47 pm

Restarted in VISTA in safe mode.

Box opened explaining safe mode with link to system restore. restored to pre infection AV gone.

Alan June 29th, 2010 at 6:00 pm

Just did this and also did the proxy change per Jose, worked like a charm! This may be my new favorite site!!

Kay July 2nd, 2010 at 6:31 am

I did all manual removal. Thank you! I can go to https, but not http sites. When I check Internet options->Connection->LAN Settings, I see Proxy checked, but not highlighted and I cannot uncheck it. How can I uncheck it?

Kay July 2nd, 2010 at 11:26 pm

I figured it out how to fix it.

osmoses July 4th, 2010 at 6:13 am

hello, i have come to the conclusion that i HAVE to do a FULL RESTORE on my pc, as i was told by my computer teacher, all i want to know is that if when backing-up my files (ie .doc;.mp3) onto a disk before doing the FULL RESTORE, will they be infected by the AV Security Suite virus, thus infecting the disk on which i backup the files or what exactly will happen to the files?
should i clean or ‘disinfect’ the files after the FULL RESTORE is complete anyways, even if they’re not infected?….

please HELP… ASAP!!!

The Rad July 5th, 2010 at 7:13 pm

So this thing got me and here is what I did. I spammed ctrl+alt+del so fast because it was telling me that the task manager was infected and repeatedly shut it down. So I did it so fast and saw that sometimes the little demo piece of trash was running. So I positioned my mouse where the end process button would briefly show up and I pwned it, ended the process and got back control of the comp. Then my internet explorer would not work. So, I reset to the defaults in the internet options advanced tab. When I loaded internet explorer it thought about it for a while and then loaded av soft. I’m playing jokerstars at the moment so I will clean the virus later!

Joyce July 5th, 2010 at 9:16 pm

When I got up I have this mess on Laptop. Went to other computer and start to look things it have block everything. could not get anything plus it would start scan and would want me to buy Av Security. I knew better. From desktop I save remover on my flash drive and try download in my laptop. it would let me. so at last I got in to restore and restore back to July 2. works fine. What a mess but I am going to change all passwords to be safe.

Chad July 9th, 2010 at 12:31 am

After running manual steps I still could not launch EXE’s. There was an AUTMGR.EXE file in C:Documents and Settings\\Local Settings/Temp and the HKEY_CLASSES_ROOT .exe had ashell and redirect to the AUTMGR.EXE file that was removed when deleting all temp & temp internet files.

I used the method outlined at http://www.computing.net/answers/windows-me/all-exe-files-wont-open-execute/46582.html and another account in real mode to restore the .exe Persistent Handler entry and then deleted the Shell Folder. Hope this helps.

Jason July 10th, 2010 at 12:39 am

I just tried the advice on getting the internet back up and running after removing av and it works! Thanks very much to everyone. This site really helped me out.

Wolfeye90 July 10th, 2010 at 6:51 pm

There is a much simpler way to get rid of the virus…

Start Task Manager before the virus or malware application starts, and kill the process associated with it. It may be under the file name iltdqyttssd.exe.

Then, go to the Application Settings folder. It may be in a folder there, under an odd name. If you can go through to find the file, go back and delete the folder (the suspicious folder containing the file, not Application Settings.

If you cannot find it, just search for the file using the search program. Then Delete the file and containing folder if applicable.

Wolfeye90 July 10th, 2010 at 6:54 pm

Although, you may not be able to start Task Manager, depending on the time it takes the virus.

Paddy July 11th, 2010 at 11:16 am

Thank you so much for this guide, it works!
I bought the Avira guard 1 year ago, and he couldn’t do anything against this virus… what other AntiVirus programms can you guys recommend?

Looloo July 11th, 2010 at 3:34 pm

Fantastic easy fix! Thanks for making it stress free!

Jonathan July 12th, 2010 at 6:52 pm

Process Explorer worked!

All of the other sites directed me to update the registry, and kill the program with task manager which was useless b/c the virus would not allow me to open ANYTHING.

Your site was the only one to recommend “Process Explorer” and to change the name to iexplore.exe that allowed me to go in and kill the *tssd*.exe process. Brilliant!

Thank you, thank you!

megan July 19th, 2010 at 12:30 am

What does this virus do? Does it just want me to buy the product or is it somehow getting private information? How can I keep from getting this virus? I’ve already gotten this twice and got rid of it.

Jhessica July 20th, 2010 at 8:00 pm

I deleted some of the registry keys, but i wasn’t able to find some. The antivir soilution pro stopped running, and i connected sucesfully to the internet by following the steps. Would be a problem in the future if i just leave it like that? I’m running an anti-virus scan now (avast), i finally installed an anti-virus by learning the hard way. Also, i installed STOPZILLA, did anybody else tried it? Thanks.

Mo August 2nd, 2010 at 6:14 pm

Was working on a system with Defense Center and the user had gotten it to the point to where it would not let me run any executables – popped up a fake ‘what do you want to open this file with’ screen. There are a few workarounds. Boot into Safe Mode. Once in, you can open Task Manager with Ctrl-Alt-Del. I was also able to run executables (.exe files) by right-clicking and choose Run as Administrator (Vista). This includes desktop icons and .exe files on your hard drive. I ran MalwareBytes Quick Scan and it found and removed around 70 items. Rebooted to Normal mode, which seemed to be working better and ran MB Quick Scan again. Found none.

lock August 13th, 2010 at 6:11 pm

i got hit with this, what you need to do is, first, put rkill.exe on your desktop so that it’s the first thing you click on as soon as windows boots to the desktop..i mean fast as you can run, rkill.exe, it stops the virus from loading, then run malware in quick scan mode so you can get parts of the virus out..update malware, the reboot and, start again, always being very fast to run rkill.exe when windows shows you the desktop, don’t wait for other programs to load..
hope this helps you, like it did me

Christopher Rumsey August 13th, 2010 at 9:24 pm

The virus has evolved with an new version. None of the registry entries or .exe names listed in the article were present, though they are similar

The main piece of malware is called hayiodkshdw.exe, located in:
C:\Documents and Settings\Fischer\Local Settings\Application Data\qnbqistns

registry entries under HKEY_CURRENT_USER\Software\wnxmal

Pressing CTRL ALT DELETE immediately upon boot should open task manager before the virus can establish control, from where hayiodkshdw.exe can be squished, and then delete it physicall change the registry and you’re good.

Nasty little bug

Jinto Lonappan August 13th, 2010 at 9:44 pm

This virus got installed in my machine when I was browsing thepiratebay site.
Step by step on how it happened and I got it resolved:
1. In Google Chrome, as usual, I went to thepiratebay site
2. A java Pop-Up came, with an error message as .jar not found! I ignored it..
3. System halt for a few seconds..
4. After a couple of minutes this s/w (Name was just Security Suite, not AV Security Suite) started running.
5. I stopped it, and pressed “Stay un-protected”
6. It started to show continuous messages. I ignored everything by pressing “No, stay un-protected”
7. IE started to open automatically directing to porn sites..
8. I closed my chrome by mistake
9. Couldn’t open chrome as it was blocked
10. Couldn’t open any EXEs..
11. Tried Firefox and it got opened
12. Reached this site through Google
13. I tried to rename TaskManager (tskmgr.exe) to iexplore.exe. It didn’t work.
14. I had WinUtilities..I renamed it to iexplore.exe and removed the entry (.exe from the path C:\Users\\AppData\Local\\random.exe
15. Using winutilities’ task manager, removed the file from running processes
16. Used WinUtiliies’ registry cleaner, and removed all registry entries..
17. Then, here I’m..all issues resolved, hopefully.. :)

I would probably boot my system with Knoppix once to make sure that the file is not there in any other place..

Hope this helps.. :)

bharad August 14th, 2010 at 1:36 am

I had the system (windows XP) infected by AV security virus. I first used hijack this to remove some “nasty” components, ran spyware doctor, avast, malware bytes. But even after that I could not use IE or firefox properly. They used to hang a lot. I could not basically use the computer as it would freeze after every operation, like opening an application. Then I disabled all the services and rebooted the computer and updated to service pack 3. That did the trick. Then I went back and enabled all the services (even though the intention was to do it by trial and error by enabling one service at a time). It’s been a week, and the computer is working perfectly well. So looks like the virus and the removal had corrupted some files that probably got restored when I did the update.

Chidhu August 14th, 2010 at 6:14 pm

YOU GUYS ARE AMAZING.
just removed that stupid AV security suite manually and internet is back up and running.Thanks a TON

Good show guys

gregory August 15th, 2010 at 9:41 pm

For windows vista there is a very simple solution. Just use “system recovery” and use another date, previous to that the virus appeared (five days) and then restart. Thats all!!!

Meg August 22nd, 2010 at 9:27 pm

husband’s laptop just got hit with this trojan horse. am able to get into task mgr. but do not know which exe to delete. none of the ones noted in previous exchanges are showing up in my exe files. could they have changed the name of the exe again? how do I know which to delete?

paul August 26th, 2010 at 11:29 pm

I just got the virus and all you have to do is a system restore. Just press f8 while its booting and it will bring you to the safe mode screen. at the top there will be a option to repair your pc. click it then just restore it to a point before the virus and you will be good.

SarahRC August 29th, 2010 at 7:07 pm

Used Malwarebytes to detect the AV Security Suite files in Safe Mode and rebooted normally. All went well and after 6 hours of trying to remove the ignorant garbage … IT WORKED!! Thank God for Malwarebytes. I recommend using this method before wasting as much time as i have or purchasing software. I would also recommend Antivirus software such as Norton to further protect in case this were to happen again. At least it will give you a warning before hand. Great piece of mind.

Azenx September 3rd, 2010 at 5:44 pm

Now it happens to me.
I can’t restore even on safe mode, hope this thread is helpful.
thx regards

Suffurer2 September 5th, 2010 at 10:27 am

Learn all your normal starting programs. I found an added AppData/Local/vdxijsbsk/bgsehgnshdw. Properties show Security Suite for Windows 236K %.1.2600.0 with a copyright notice would you believe. Start in safe mode. I used StartUpControlPanel to delete. Also it changed internet options to proxy server instead of auto. prepare beforehand to be familiar with normal settings

Troy September 6th, 2010 at 10:12 pm

BEWARE! The latest version of security suite blocks attempts to boot into safe mode. DO NOT make changes to the boot.ini file. This fix is no longer valid.

preetii September 10th, 2010 at 11:23 am

thank u much by using this step i have removed this thread

Johnsmith September 10th, 2010 at 8:35 pm

I’ve just gotten this, and am having trouble fixing it. I’ve found that killing the connection to any internet slows the start of the virus. I was able to open up a task manager, and after connecting to the internet again, it was 20 minutes or so before it started to appear again. I killed it with task manager. I have been unable to find any of the .exes while it was running. Ideas?

Sue September 12th, 2010 at 3:33 pm

THANK YOU. I first tried alleged removal tools that I downloaded from other sites, including ones designed just for this virus. Those didn’t work, and took many hours for me to download and run. All I really needed was the instructions you give above. Many thanks.

Some of the registry/startup/files removed may have had a slightly different name, but your directions were enough for me to recognize the bad stuff and get rid of it.

steve September 12th, 2010 at 4:53 pm

for anyone having internet explorer problems after removing this crazy virus just go to the settings then the connection tab then go to lan settings and uncheck use lan proxy server and then save and you should be all set but beware ive cleared the whole thing off my laptop and it doesn’t run the same anymore. but it still works so w/e

Mark Best September 12th, 2010 at 5:31 pm

Thank you very much for the tips! I did not use the full process detailed above but you pointed me in the right direction to be able to remove the “Scumware” my own way. All sorted now and have one very happy customer who will probably keep his job! Even if his wallet is a lot lighter hehee.

Thanks again!

Daniel R September 15th, 2010 at 10:32 pm

i have this av security suite thing and its blocking me from opening any application i renamed things iexplorer.exe still wont work, its blocking me from starting the laptop in safemode… what do i do ?? please email me!!

Daniel R September 15th, 2010 at 10:35 pm

actually *update* i just got the computer to boot in safe mode but i dont see a process like the ones named above these are the processes i see:

csrss.exe
ctfmon.exe

Daniel R September 15th, 2010 at 10:36 pm

also:

explorer.exe
helppane.exe
taskmgr,exe
winlogon.exe

which is it ?

BikerBill November 10th, 2010 at 2:35 am

A very simple way to remove this virus that worked for me was to start the computer in safe mode and then to use Restore to restore the system to a date just before the virus appeared. In my case I only had to go back 5 days.

pearl November 17th, 2010 at 7:50 am

I have the same virus. Please need help not great with computers. I have Quickbooks before I start safe mode would I loose any information? I use this for my work SOS please!

pearl November 17th, 2010 at 3:48 pm

Followed the instructions for Safe mode and recovery and it’s working!!! Thanks!!!

Mike November 20th, 2010 at 9:27 pm

Yup the instructions for Safe mode and recovery and it’s working seems to work…

rok November 26th, 2010 at 8:38 am

i got a virus Win HDD, and for the last 9h i’ve been trying to remove this … i think i’ve tryed everything. i don’t know what to do anymore. please help

Leave a Reply