How to remove Antispyware Soft?
What is Antispyware Soft?
Antispyware Soft or Anti-Spyware Soft is a typical rogue anti-spyware which was noticed to be circulating on the internet in the middle of April. As computer experts say, Anti-Spyware Soft, just like Antivirus Soft or Antivirus Suite, spreads itself via Trojan viruses that infiltrate computers through security vulnerabilities found. After this secret infiltration, the same Trojans change Computer’s Registry and make this program launched every time computer boots up.
Malicious activity of Antispyware Soft involves generating fabricated popup alerts and free system scanners just after this malware is installed. As soon as people log on, it always reports about dangerous cyber threats detected during its existence on the machine. Antispyware Soft totally bombards its victims with tons of fake alerts and warnings that will be accompanied by annoying pop-up ads also telling spyware on their machines. Finally, messages offering to purchase the “full” version of Anti-spyware Soft appear on the PCs desktop in order to make people think that they will be able to get rid of all their problems only in this way. Antispyware Soft is claimed to be a completely trustworthy and powerful tool which is capable to remove all the types of viruses. Some of these alerts look like that:
Windows Security alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.Antivirus software alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan – dropper or similar.
Details
Attack from: IP Address, port 39096
Attacked Port: 30516
Threat: Win32/Nuqel.E
Just bear in mind that purchasing Antispyware Soft’s “licensed” version is nothing but a support of its creators. Anti-Spyware Soft imitates searching your computer for viruses and detects the invented ones trying to make you concerned about your machine. After paying for its “full” version, your computer will get vulnerable to other viruses and it will start malfunctioning as well. So, have no doubt about this program and if you notice any trace of it, delete Antispyware Soft. Do this in the shortest period of time using the removal guide given below!
Special notes on how to remove Antispyware Soft
This parasite might block execution of executable programs, thus reboot and press F8 on boot. Choose safe mode with networking.
If your internet is blocked, disable proxy server in your browser and clean up your hosts file. On IE, go to Tools -> Internet options -> Connection ->Lan Settings, and disable proxy.
Download fresh Spyware Doctor , rename it to iexplore.exe install, update and do a full scan. I suggest doing this from SAFE MODE WITH NETWORKING (press F8 on reboot, choose safe mode with networking). You have to update Spyware Doctor before performing FULL scan.
If you can’t launch iexplore.exe, start task manager (ctrl+shift+esc) and start a new task. Enter full path to Spyware Doctor executable. This should pass Antispyware Soft.
If this still fails , try to download Antispyware Soft remover software using this link (It does not block programs called iexplore.exe at the moment, thanks Shane for tip). It is critical to update this version, or it will fail.
Also, you can try following:
- Stoping Antispyware Soft virus processes using task manager.
- If you can launch task manager, Choose File ->New Task. Type down the path to downloaded Spyware doctor or other anti-malware program executable.
- Try installing Spyware Doctor in safe mode.
- Try launching system restore in safe mode
- Using rkill to stop Antispyware Soft virus processes or combofix.
- Using msconfig process and stoping Antispyware Soft processes from starting, then rebooting your PC.
Even if the signs of virus are gone after any of these steps, your PC is still infected and Antispyware Soft might reappear. You have to scan with good anti-spyware/malware tool to remove remains and fix your PC configuration to repair internet access.
Antispyware Soft is Extremely dangerous
Antispyware Soft is a corrupt Anti-Spyware program Antispyware Soft may spread via Trojans Antispyware Soft may display fake security messages Antispyware Soft may install additional spyware to your computer Antispyware Soft may repair its files, spread or update by itself Antispyware Soft violates your privacy and compromises your security
for Antispyware Soft detection
Note: Spyware Doctor trial provides detection of parasite like Antispyware Soft and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
Antispyware Soft screenshots
Manual Antispyware Soft removal
Important Note: Although it is possible to manually remove Antispyware Soft, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyware Doctor or other malware and spyware removal applications found on 2-viruses.com.
Stop these Antispyware Soft processes:
Remove these Antispyware Soft Registry Entries:
Remove these Antispyware Soft files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Antispyware Soft infected files and get help in Antispyware Soft removal by using free Spyware Doctor scanner. It comes with free real-time protection module that helps preventing Antispyware Soft and similar threats.
Antispyware Soft is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only Antispyware Soft can help you to remove it after you download the trial version. As soon as the victim downloads Antispyware Soft trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, Antispyware Soft offers to buy the full version to fix these false errors. If the user agrees, Antispyware Soft does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.
Some Rogue Anti-Spyware, such as Antispyware Soft, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install Antispyware Soft, which is another way for Rogue Anti-Spyware to spread itself.
Most of rogue Anti-Spyware, such as Antispyware Soft, is nearly impossible to remove manually.
The antispyware soft program is not allowing me to access the internet to download any spyware fixes. What should my next step be?
Mike: try rebooting PC in safe mode with networking. Also, check your hosts file, empty it, disable any proxy in browser or use USB drive /CD R to move downloaded fixes to infected PC
What do you mean by Hosts file- I’m having the same problem
How do I delete a proxy in browser?
I just had this on my lap top, I ran my Norton Antivirus and it removed it. Everything seems to be working fine. I am not an expert, do I trust that it is fixed and removed or should I drop it in to my computer guy to get him to make sure?
Zoe : I would scan with Spyware Doctor or Malwarebytes just to make sure that there are no rootkits/strange trojans left. It happens that Norton (or other antivirus) leaves some newer trojans as they do not provide 100% coverage.
@Mike Csutoras
Wow… what a nasty spyware that thing is… and I could not even instal ANY real antispyware, or licenced application to fix it, even McAfee and Norton would be “shut off”. I did manage by way of a search for files finishing tssd.exe to one delete one, and the other one “cut and paste” in my recycle bin, then empty it (it would not be removed or deleted any other way). I have succesfully installed a licenced anti-spyware and I am getting McAfee back up. So THANK YOU for all these useful information. For the record, this message was forwarded from another computer. The one I am trying to fix is in a different room. Best regard.
Something seems to be disabling my Spyware Doctor that I purchased after I got this. I’m running it in Safe Mode with networking and I changed my LAN settings in IE but I can’t run the program. Any ideas?
Sam : contact PCtools support. I would recommend starting task manager and seeing which processes are running. Maybe a blocker process is launched even in safe mode. It would need to be killed before using spyware doctor or any automatic remover.
Thank you, after I posted last night I went back and ran Malwarebytes and it did find another trojan in a strange place so now hopefully this means it will be fully deleted
I’m trying Takuho’s fix and seeing if it works btw this is on Vista. It disables task manager and everything i also had user account off
Don’t count on the A/V programs detecting Antispyware files. I updated Malwarebytes, Search&Destroy, and Norton to the latest definitions, and direct file scans against the ####tssd.exe failed to detect any problems.
Antispyware was running a local service on port 5555 and modified my browser proxy settings to route through this service – nasty!!!
The port settings may change from one ###tssd.exe to the other, but I ran
netstat -a -b
to verify. Drop the -b switch for quicker netstat results.
msconfig can be used to show run-on-boot executables.
BTW, Norton detected the service activation (port 5555) but didn’t do a good job of locating the ####tssd.exe file for quarantine.
Bill: Norton is slow at updating instructions of rogues. Search & Destroy is slow in this respect as well. That’s why I use Spyware Doctor and (secondly) Malwarebytes.
The problem is that many of removers fail to scan infected settings and host file on PC.
I had this virus too yesterday and it too me a while to get rid of it. To solve the problem,what I did was press F8 when booting up and go to “SAFE MODE with NETWORKING”. I then just did a “SYSTEM RESTORE” and it worked for me. I also used a free fix up software called “ComboFix” from http://www.combofix.org,after I did a System Restore. Hope it works for ya’ll.
I caught it yesterday
I can access the Internet ( i am using safari on a PC and Firefox with Tor) and download… but i cant execute any programs! and the popups are just so annoying!
I run Malwarebytes in the safe mode, but it did not find the file!!!
So now i dont know what to do…. How do i search my files? I tried in the start bar, but couldnt find any files named tssd.exe (i am on Vista Business Edition)
Thank You!
hey um i just got infected and i think i removed it using marlwarebytes but when i check msconfig the exe startup is still there.. does that mean its not gone yet?
Sandy: Check if file mentioned in startup is still here. Clearly Malwarebytes haven’t cleaned all mentions of that file, but if the file is gone then you might be safe. Scan with spyware doctor too – no antivirus or anti-malware is 100%.
Update:
Finally, the Virus blocked my internet access, and everything…. However i noticed that i had a few seconds before it launches…I could do things….So be really quick, place an icon in the quick launch place… and click on it, asap you start your computer.
I succeed in launching Malwarebyte… and Windows Defender…Once a program is launched the virus will try to close it….it frooze a little, but somehow Windows Defender managed to destroy it… and Malwarebyte was useless! (and Spyware doctor is not free!) And be careful Windows Defender alerts look the one from the virus….
Once it was done, i still couldnt access the internet, but i had no virus. To remove the proxy settings, just go in tools, options, connexions, network parameters, (i use a french canadian version, so i am not sure abt the exact terms on the english version) and make sure you erase all the numbers, a new window should open to ask you if you are sure you want to remove the Proxy settings.
You should be fine. Good luck!
My computer was infected an hr ago. I just restarted my computer then quickly went into system restore before all the programmes had a chance to download, then simply brought it back a month. It seems fine now.
I hope this helps.
Thanks for the info admin.
Norton is detecting the file today. I neglected to filter the virus folder from pro-active scanning before pulling the ####tssd.exe file out from quarantine. Because of this, Norton snatched it back upon restoring, and now I cannot locate the virus (it’s not listed in Norton’s quarantine.) I was hoping to test Spyware Doctor against this file.
Thank you so much. We had to configure the server to boot in safe mode which was tricky as the virus wouldn’t let us run msconfig, but we were able to open it from its location on the C drive, deleted everything you said and rebooted and there it was gone
@Takuto Lehr
Great directions and they worked! After 8 hours of doing some of those steps over and over, your step to Unclick “Use porxy server” did it. SpyBot got it, but it kept reappearing. I also find a file including the words “tssd.exe” and got rid of it. Suggested by another post. Now Internet is working and McAfee is back on guard with Spybot.
Slight problem, it is locking me out of everything.
I can’t even get programs, besides mozilla, to start.
Would a total reboot and reinstall fix this?
Or is there some kind of backdoor I can try?
Hi, just had this installed to my pc while i was vrowsing the web. nasty little bugger. the way i got rid of it is by downloading taskkiller from the web. installing it by renaming the exe as iexplorer.exe then going to the installed taskkiller folder and renaming the exe as iexplorer.exe then killing the two generated named things – one that infected vista and one that ran the pop-ups. from there you can use any removal tools you like. i used the manual regedit.exe to delete the registery files sed above apart from i cant find the Avscan folder. i also had 2 .exe’s in the local files for my account.
Hope this helps people get rid of the virus.
I couldn’t get to Safe Mode setting via F8 until I tried holding down the blue fn key along with f8, then bells and whistles and up came the window for Safe and other modes. From there, I was sent directly to Restore System, where I selected 1 Mar 10, and restoring began.
Result: all gone, so far.
Now, I’m looking for a Combofix or somesuch to get in and do the cleaning that System Restore may have glossed over.
Any recommendations? (feeware, that is)
Richwill.
For freeware with real-time protection , try superantispyware. Paid Malawarebytes or Spyware doctor is better though.
(sorry, should have been ‘freeware’ rather than ‘feeware’)
Rex : contact PCtools support. I would try rebooting into safe mode and trying again.
I had several users on my Windows computer. I keep only one open all the time, and when I logged onto another one, the virus didn’t run. So I just deleted the user that had the virus on it, and it enabled me to install various removers of the virus, plus Avast and Spybot. So far it’s working.
Nothing has worked for me. I was infected with this a couple hours ago, and its not going away. Ive run these programs in safe mode, but im not comfortable enough to go edit the files that were listed. Are there any other ideas?
Hi guys
Firstly,
I got this virus a couple of minutes ago without downloading anything or visiting any sites that i don’t visit on a daily basis, which means this isn’t a downloadable virus, it’s code from sites you use, the last site i was on when i got this was surfthechannel, so i highly recommend nobody goes near that site for the time being.
Secondly, I worked out how to get rid of it, all you have to do is restart, boot in safe mode, use system restore to a previous version and it’s gone.
Hopefully, I’m just after doing that and haven’t had any disturbance so far.
I received this rogue software today in a Java update I had when watching a tv show on ninjavideo.net. I run ForeFront security but would recommend AVG.
I removed by doing a system restore, First start your computer up in safe mode with networking (press F8 when you boot up) and then choose safe mode+networking. Then system restore and use Malwarebytes DOWNLOAD FROM CNET.COM. Then do a full scan you should find roughly 8 or 9 infected files. then reboot after and you should be free and clear.
adm,
Thank you. Ran free version of SUPERantispyware
to clean up Antispyware Soft after a System Restore, and it found a few adware and one trojan agent aliens, so I opted for their elimination.
Then, following suggestions in this forum, I ran a system search for tssd.exe and this showed up:
PTUBTAMTSSD.EXE-1EEE887C.pf
located in folder: C/Windows/Prefetch
My concern now is over whether this should be deleted, or is it a ‘good’ ‘tssd.exe’ file to be left in place as is?
Thank you,
Richard
Richwill: do a followup FULL scans with Spyware Doctor And malwarebytes. Also, you can upload file to virustotal.com to check if is infected or not (not 100% guarantee, though).
@admin
adm,
Thank you. Ran scans, and lo and behold: the file
PTUBTAMTSSD.EXE-1EEE887C.pf
located in folder: C/Windows/Prefetch
no longer shows up.
Could it have been deleted upon rebooting from Superantispyware’s scan? — even though I hadn’t selected it for removal when given the option.
Whatever, all seems to be well meanwhile. Many thanks for your suggestions.
Best regards,
Richard
ok the fastest and easiest way to remove this is go to RUN and type in msconfig and than where it says load start items uncheck this hit apply and restart now you are free to delete the files cause if you dont do this the virus wont let you delete it now go to seach type in tssd.exe in and seach you should get 2 files well i did anyway they will have tssd in the file name with alot of other letters now delete them and than you can go back and cut your start up items back on restart pc and boom 2 mins of work and no downloading crappy virus removers.
ok.. i have this piece of garbage on my computer.. how do u get to the files?????
o yeah im running a scan with malwarebytes but it hasnt killed it yet…
This one isn’t quite as bad as it seems. It tells you that your other anti-virus programs won’t run, but it’s lying to you. If you’re patient, they’ll come up and begin scanning. Both Malware Bytes and AVG found and killed it. However, I’d suggest disconnecting your internet connection first, because it’ll keep trying to infect your system with more viruses as long as it’s connected.
Steve: Get an anti-malware with real time protection. Also, get rid of AVG free, especially if it is single product you use for real-time protection as it lacks some scan types (rootkit scan for example) thus your PC is vulnerable.
@Mike Csutoras
Me too. It opens up desired internet files– it’s own website, and If I say I don’t want to download it, it opens up *adult images* please help I’m gonna try to un-install it maually but… I’ll probably screw up…
I have spyware soft on my comp know clue how i got it because last night when i logged off myspace my comp was fine but anyway back to the point i know how to get rid of it but when i got to safe mode networking i am unable to connect to the internet the icon in bottom right says i have full access but when i open up a browser page it says can not be disconnected any ideas on what my next move should be? BTW just my luck i would get a virus on my birthday :p
I had the same problem and I did do a search as imdasht did and I think it got rid of it, but now my laptop can’t go online and I cant figure out how to get my internet connection back
sir im getting the same prob in my laptop.
it got infected by antispyware soft
and it blocked all my applications
not even i m able to open takman.exe. or contol panel.
and whwnever im clicking on any prog. say vlc player for songs it says the application cant be exicuted as it is infected ,
so tell me the measures so that i got my system free form the antispyware soft.
Hi lately I am having difficuly running smart updates in SD. I have Vista. I have tried the suggestions on PC tool and nothing works. I did a ping test , sent it to them on Monday but I have not heard back from them. After reading all these, is it possible that a virus is causing all this. I havent had any re-directs as far as I know and interent pages load ok. If anyone has some other information on the smart update capability please let me know ( other than what PC tools suggests) thanks
OK after an epic 4 hour battle with this thing i have made some progress. This thing locked my internet, wouldn’t let me perform any .exe file, wouldnt let me boot in safe mode, wouldnt let me go to system restore at all. MAlwarebytes is a very good program but this even outsmarted an updated maleware bytes because it hid iteself in a hidden registry file. What you have to do is to end the process in the windows task manager. However, it will not allow you to control alt delete to get there. You need to go into c:/WINDOWS/system32 and find taskmgr or it may say taskmgr.exe. what you need to do is RENAME it to IEXPLORE or IEXPLORE.exe . Then double click it and you will be in the task manager. Find the process that ends in tssd.exe right click on it and select ‘end process tree.’ then you will be able to run system restore. After you finish the system restore then you can run any anti maleware software you choose. The ones suggested in earlier posts should be fine.
I got the virus the other night after simply closing a pop-up advertising the ‘software’… I’d looked up how to fix it and had to go to bed and the next day my father unknowingly bought the software unaware that it was a scam. If the program has been installed does it still affect your system? The internet seems to be running a little slower than usual… Any help would be greatly appreciated. Thank you
The same thing happened to me
-Cant access my internet
-when i get to access my internet for under a minute, its a pornographic site
-i cant open anything because it says its infected then names a virus
THIS IS CRAZY WE NEED TO SUE THOSE IDIOTS WHO CAUSED THIS !!!!!!!!!!!!!!!!!!
ihave download “automatic spyware removal”
the onw recommended for non-expertise
but it even block its installation
what can i do ??
ps do i need to scan it in safe mode?
I would recommend scanning in safe mode. Also, you might need to kill virus process before using spyware doctor. Do not forget to update!
wait a moment… so spyware doctor is not free… how do we know that the “antispyware soft” people and the spyware doctor people are not into this together? yes, I got is this the virus today and within minutes it was so bad I couldn’t even open up safari or windows explorer… so I went on another computer and looked up this virus and there are all these sites recommending “spyware doctor”… I haven’t downloaded it but someone wrote in another post that you have to pay for it? what’s up with all these sites promoting spyware doctor? is this another scam?
Thanks for the tiP on manual deletion! I would like to add that when I went to delete: “LowRiskFileTypes” = “.exe” the .exe part was actually .adh on my machine.
Thanks again!
program wouldnt let me install spyware doctor, what should i do next? should i just format hard drive? reinstal windows?
I did all this and rebooted my computer but now all I see is the background with no programs, but my mouse moves around. What do I do?
ok, sorry for the “is spyware doctor also a scam” post
I did the safe boot and ran Malwarebyte and was able to re-start my computer without “antispyware soft” coming up. Btw, before antispyware soft became a raging problem on my computer (laptop), everytime I went to shut it off it would power down and then automatically start up…. I could only fully shut it off by hitting the physical power button as it was trying to re-start. But now at least it actually shuts off when I hit “shut down” so maybe there was another virus trying to continually “re-start” my computer. Anyways, now the problem is both browsers won’t work (explorer and safari)(they open but can’t get on the net) I did another thorough scan using Malwarebyte, it found 2 more spyware programs, I did a scan using AdvanceWindowsCare and it apparently deleted more malware(it always does that). But still, my internet doesn’t work. I did a search for tssd.exe and came up with the file CDCYTKETSSD.EXE which I deleted (but not sure if I should have, it is still in the re-cycle bin.) Still browsers don’t work…I even did a restore point to a week ago. Then I did windows diagnostic and it checked my connection and said “”Windows cannot connect to the internet using HTTP, HTTPS or FTP. This is probably caused by firewall settings on this computer. Check the firewall settings for HTTP port (80), HTTPS port (443) and FTP post (21). You might need to contact your Internet service provider (ISP) ..blah, blah, blah.
I am using a netbook with my wireless router right now and it works fine. My ISP says there must be something on the computer, to scan it, etc they can’t help…
Does anyone have any ideas!!!????
John88 : PCtools started developing its security products long before rogue anti-spywares appeared. PCTools is reputable company, and it costs developing a good security program. There are free or semi-free alternatives. The problem with malwarebytes is that it does no provide real-time protection in free version. That is the reason you can get new infections on second or third scan.
The problem with internet is either bad servers in hosts file, malicious proxy server or additional infections in internet chain (typically, browser object, but not necessary). Here how to check first 2: http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem . Also, do a scan with spyware doctor and see if there are no infections malwarebytes missed
this things a little prick. i cant get rid of it. even renamed malware in the sytem so it wouldnt recognize it.. still wont work.. trying pc tools spyware doctor now i hope it works
it worked! thank you for your help anyway
hi guys, a friend of mine was infected with this spyware on his winxp pc and buy the AntiSpyware Soft Basic using his credit card. he is concerned about the cc details that he provide when buying the software. please advice. sorry for my grammar.
Rowell: contact your bank and ask to change your CC. Also, ask to reverse the charge for Antispyware soft.
I did a system restore and now I am not getting any of my icons on my desktop…Just my wallpaper…suggestions please??
Right click on desktop and choose Customize or properties. Most of icons can be restored that way. Also, do a followup full system scan with spyware Doctor to check if some infection had survived the system restore.
that program changes your internet setting tousea proxy. now that the virus is gone internet wont work. all u need to do is go to TOOLS>INTERNET OPTIONS>CONNECTIONS?LAN SETTINGS>THEN UNCHECK THE BOX THAT SAYS USE PROXY>PRESS OK. your internet should be back on @john88
@admin
The right click option will not work but I was able to get to my task manager thru ctrl alt delete and can see everything but not able to access the internet yet and can’t get anything to drag to my desktop…suggestions?
@admin
Also, my start button is completely gone too…
i just wanted to say thank you to dr. spyware and all the people that commented. i fixed this stupid antispyware soft by following directions from shane. thanks!
i tried opening the dr. spyware files which i have downloaded. then it says that “the file spdoc is infected. please activate your account now. ”
what do i do now ?
Fish : leave the popup, and try to run spyware doctor again.
If it fails, rename it to something.pif and try running again.
I am also 99% sure that I got this from ninjavideo.net. I have not gone there for awhile and 30 secs after I did so today, I had this spyware. SpyBot fixed it, per the link above to Takuto’s instructions.
how can I tell if it is actually gone?
Jordan: Download couple anti-spyware scanners (I recommend Spyware Doctor for that purpose), update and do a full scan.
darn, i got the virus, am currently in safe mode running malwarebyte and avg. is there anything else i need to do?
Hey, I just got infected half an hour ago. I’ve managed to run malwarebytes anti software without the need for system restore or safe mode. I just rebooted and as soon as I logged onto pressed ctrl, alt, delete to open task manager then eliminate the any suspicious programs without information on it’s purpose. Which is the virus waiting for an .exe to be opened. then i installed the software, rebooted, started the malwarebytes as soon as i logged on, and started running. surely enough, within a minute the antispyware had loaded and malwarebytes has caught it. Hope this helps anyone having difficulty
antispy soft stops ANY .exe file from opening unless you rename it to IEXPLORE.exe Any anti malware program you have downloaded will need to be renamed.@Fish
to get your icons and toolbar back press control alt delete to pull up the task manager, next go to FILE and choose the NEWTASK/RUN option. Type in explorer.exe@Melissa
You can also try doing a Windows System Restore back to a date before your computer was infected. It worked for me on Windows XP Pro. Didn’t have to do anything else.
Jon : In some cases that is not enough. You never know if your Antispyware Soft was pushed by infected websites or by dormant infection. In most cases it is better to scan with removers than suffer from reinfections.
@Sebastian
The system restore worked and I will try some of the scans mentioned.. I’m a pc dummy and this freaked me out so thanks so very much for the help
help just got antispy soft what do l do.try..Windows System Restore but i dos’t work help
Reboot, press F8, choose Safe mode with networking. Try performing automatic or manual removal instructions then.
but l can’t find the file
@admin
I know for a fact that it was due to an infected website
Anyway, I didn’t fully read the earlier threads, but I did the System Restore in normal mode, not safe mode. It still worked, but I probably should have done it in safe mode, just in case.
yeah thanks got it done
Wow this anitspyware soft sucks!! We could not access the internet, it wouldnt let me run my malware, If i tried to run my task manager it would pop up then shut off really quick, When i tried to reboot it wouldnt let me, Basically I couldnt do anything. I made a new account user and changed admin over to it finally the virus didnt follow. I was able to reboot my computer this way and i believe everything will be working, The only thing is I have no idea where it came from i wasnt on any website and it just started acting all crazy
Oh caught this antispyware thing from a free tv channels site either desi-tv.net, vexcast.com or justin.tv, it was scary this nasty antispyware soft thing. I was almost gonna pay for it too but just at the last minute I felt something fishy about it. I used my mobile phones internet to find a solution and came across this website. Most of you are suggesting starting the computer in safe mode and doing the system restore to a previous date I did this and set the system to 3 days older settings.and when I restarted my system it was workin perfect again. I also bought Mcafee Antivirus as a precaution now as I didn’t have any antivirus thing installed on my laptop. My system has vista home premium by the way. Thank you all of you for all the good suggestions.
I think I have everything deleted, but when i look under the startup section under the System Configuration Utility, there is still a startup item there called ybabpyvtssd. It’s unchecked, and everything seems to be working fine, but I’m still worried. What do i do?
Cris : Do a scan with spyware doctor. IF the startup is unchecked, then it will not be active, however, it might not be single infection and might be activated again.
I tried to boot up my computer in safe mode, I was pressing F8 and it made some strange noise and after 1 minute nothing happened, the normal win 7 boot up. I had no choice. Any idea why I cant use the safe mode? What shall I try to remove it, because I!m not confident enough to do the manual removal.
Try using Spyware Doctor, but rename it to IEXPLORER.exe after download. You can try using other removers too. Also, it is good idea to start task manager (ctrl+shift+esc) and try killing processes ending in tdds
IEXPLORE.EXE not IEXPLORER.EXE the virus will stop you if you make it that one.@admin
Thanks, shane!
I’ve tried to download removal programs and do a system restore. Windows is blocking everything I do. Suggestions please…
Dom : check if there is a proxy set up in your browser. Also, try downloading in safe mode with networking.
I found the offending [random chars]tssd.exe file in “C:\Documents and Settings\NetworkService\Application Data\[random chars]\”
So look around if you can’t identify the file’s location right away.
After just editing the registry this may sound completely stupid but I have Vista and cannot find documents and settings to delete the file mentioned. I have now deleted the proper registry keys for the second time and I do not want this thing to come back. Can anyone help me find the app. data file I need to delete.
Hi guys,
I just got this about an hour ago. Did not click yes on any of the spammy messages advertising to buy the software, and then I followed Shane’s instructions by renaming the taskmgr file and deleting the tssd.exe file. However, I had trouble getting into safe mode, but I found that I could open my Malware software again so I started a full scan. So far, I haven’t found anything though, but I’m in complete offline mode. Is there any way to make sure that the Antispyware soft stuff won’t come back when I reconnect to the internet? (I also deleted some .pf files that I think were affected by the antispyware soft, but I don’t know if that did anything)
I’ve tried all of this and it still pops up..its very frustrating..what should I do??
Help?
Uhm I’m freaking out. This just popped up on my computer and I don’t know what to do. Will following the instructions posted here help me or are these files things I need to download? I’m so upset this Antispyware soft came out of no where. No access is blocked up these popups are ridiculous.
Windows system restore worked for me. I’m following up with PC-cillin scan.
okay im only 15 but im a modder n i know my way around a cpu i use avg free this is what i did to remove it. first reboot ur cpu then bring up task manager before processes can come up. be fast lol. Disable any processes with tssd.exe nd run ur anti virus program afterwords do another scan nd run thru suspected infected files e.g. recent downloads torrents nd all dat vulnerable stuff. mop up any stragglers nd then reboot 1 more time also when u first suspect yuh have virus disable internet connection to prevent identity theft nd updates 4 da virus. KILL IT WITH NO INTERNET CONNECTION! nd also beware it fucks up your file namez every time u reboot. dis whole thing was like a big game to me hahaha! tell me if my schem works 4 u
Make sure you click on the update button within the malwarebytes program then run the scan. Updating is very important. I would also recommend running a secondary ‘Trojan Remover’ program or run whatever anti-virus program you are using. There is a program named ‘Trojan Remover’ that works very good. These viruses also disable the safe mode feature. I am researching on how to remedy that. Scroll up and look at the directions i have given, i have been successful a few times with very bad infections doing it that way. Have a good day all.
@Refa
Hi everyone I am having a problem getting ride of this. I can’t access anything to shut it off even in safe mode. And I have no idea how to find tssd.exe to try shutting it of that way. Can anyone help as I really don’t want to pull my hard drive our which is what I am currently going to have to do as it looks like I have no other option.
I can’t access tools, I can’t access task manager and no programs will open for me.
And asap answer would be fantastic, thanks.
I also tried changing taskmsg to IEXPLORE.exe however it needs permission to change the name which the computer will not let me do.
As soon as I went to flascardmachine com, my desktop PC was infected. I sort of knew something was up when I saw the butchered grammar “Click here for the scan you computer” and the nonspecific messages “It could be a password-stealing attack, a trojan – dropper or similar.”
I system-restored my computer to three days ago and deleted the account it showed up on. No problems for the last few hours.
I had a similar issue a few months ago with cyberdefender. It just showed up out of no where, just like antispyware soft. To get rid of that, I deleted it from the programs list, but that did not help. My computer soon blue-screened, and continued to do so every day, within minutes or seconds of logging in. So we did a system restore, and this would work for two or so days before the computer started shutting down and restarting itself again. The second time we did a restore, we downloaded Norton antivirus software. Paid for it and everything. Of course, three days later, the computer starts blue-screening, shutting down, restarting, etc. Resetting the system to days earlier never helped, so we kept having to reset it factory settings if we wanted to use it at all, and the antivirus software (and my dad’s money aka: my college fund) would be removed. It took several system restores to get the computer back to normal.
It’s been fine now, for a month, since we’ve been extra careful about our websurfing (My father refuses to download any antivirus softwares now, so it’s kind of necessary). Until this antispyware virus.
I wonder if the two are connected.
This was HORRIBLE… be patient… getting rid of the tssd.exe files in task manager finally let me run the secruity and maleware. Whew!
which section of task manager has the tssd.exe files?
there has to be some security setting you have on your system32 folder that wont let you change the name and rightly so because you shouldnt be. It sounds like you have windows vista which i dont have any experince on these directions im giving are assuming you are using xp. However, right-click on the system32 folder itself then click on properties. There should be some ‘folder options’ that you can change to allow the renaming of files. This is the only way i know how to begin to disable this infection. You need task manager. The whole reason for renaming the task manager executable to IEXPLORE.exe is because iexplore.exe(internet explorer) is the only program that this particular virus will allow to run. Thus we are gaining a ‘back-door’ to the virus just as it gained a back-door to your computer. ANY program you want to run you will need to rename it IEXPLORE.exe. @Kate
shouldnt be ‘unless you know what you’re doing’ is what i ment, sorry.@Shane
I cannot run safemode on my computer any ideas?
I was just infected with this horrid thing tonight and I’m going nuts. After successfully following the steps above it fooled me into thinking it was gone, but then it came back minutes later. Now I can’t access anything but the internet and I can’t load any programs. This thing launches so fast it’s impossible to even disable it from the startup.
Anyone have any tips?
An update, even IEXPLORER is not working any more. Whoever these people are… well they’re damn persistent insects.
So we got tricked into this one on my wife’s laptop. The day after she contracted Antispyware, her wireless card stopped recognizing any wireless networks. We got Spyware Doctor and got everything cleared out, but her wireless card still won’t recognize any networks. I know it’s not our router; other devices are connecting to the wireless without any problem. I disabled the proxy LAN option, but that didn’t help either. Anyone help?
I have been able to kill the thing using Taskmanager, so I can at least attempt to disable it and get rid of it now.
Okay, it seems to be gone. At least for now. Good luck to any further victims, and I will comment again if it comes back.
This program caused a bad crash while i was running win 7 and now i cant even get to the windows safe mode screen to do a system retore i think that antispyware soft ows me money for having to go to a perfeshional who runs this company because it looks like it killed my os
Lots of these infections disable the safe mode feature now, you will have to do everything in regular mode. I have posted steps on what to do. Please look up ^^ to my earlier posts to deal with this.@Roxanne
i downloaded the program and tried running it but then my computer turned off on me was that supposed to happen. now im running it and it has turned off on me yet
hell ya i just said SCREW YOU to that stupid virus by using the advise i got on this site. thank you everyone. thanks to sites like this i come to realize there’s still some humanity left in this damn world
I got this today using xp i went to system restore from safe mode and choose a earlier date. This elminated the problem. As it wasn’t there before today.
This was an insideous attack. Only a few programs would run task manager wouldn’t load. This software proves its the problem by saying it detects even task mager as being a virus. Good though not perfect avast anti-virus 4.8 is free.
@Shane
Shane
There are four of us using the family PC. We had almost given up hope of removing this horrible virus. The thought of resetting the PC to the factory settings was daunting. However, after following your advice (by changing relevant files to IEXPLORE.exe we managed to reset the PC to an earlier time and the virus has now gone. We are your fans for life!
Regards
David
I am also infected…..have tried MSE, AVG, Ad-Aware, Malware, no success with these. Currently trying Kaspersky…
Thanks you really helped me out!
I shut down the virus in msconfig but my pc’s cpu spikes in performance. I also purchased PC tools with antivirus and it has not removed the virus. How do I remove it?
TJ: It is hard to tell without any hijack this log. have you done a full system scan ? Nowdays trojans infect locations that are not in typical locations. If it does not help, contact PC tools support, they might provide some custom fix for your problem, as it might be a new version of Antispyware Soft OR a rootkit protecting Antispyware Soft processes. I would try out some registry cleaner as well.
This info is great everyone, now I’m not worrying so much, so thanks!
Ive run the spyware doctor and have 4 threats and 64 infections… is there anyway i can get rid of these and fix up my computer without purchasing spyware doctor? How do i system restore to before this?
Steph: You can try to delete files manually. However, I would recommend getting a Spyware Doctor as it protects from infections like that in the future.
reset worked for me
Besides the fact that the admin here is most likely a spokes man for Spyware Doctor, so far it has just proven to just be complete crap for me. It doesn’t detect the Antispyware Soft and it wont let me use any of the functions that it claims to provide. I have run 4 different scans from 4 different “security” tools, and it wasn’t found. Eventually Norton found it somehow and just deleted it and it was gone… Whatever, I wish people would actually just tell you what to do instead of using sales tactics like this crap to sell their product.
3T0: AntiSpyware Soft, like most of the modern rogue parasites, mutates quite often. There are parasites that have a version released daily! Norton is good tool, however, typically, Spyware Doctor is faster to catch up with modifications of the rogue parasites. The same goes for manual instructions: the locations of files might change slightly, however, typically they match some system. We try to provide best manual (and completely free ) instructions, but for most people scanning with good program is more convenient.
What I did is this: I rebooted my comp and immediately opened task manager, terminating all the unknown .exe files. Then I did system restore and that wiped out all the trojans I had on my comp. Then I ran both antivirus and antispyware (adaware) programs to check if still anything was left.
@john88
Okay, the Spyware Doctor is a well know package from a well known tool developer. So if your going to question Norton, McAfee, Microsoft or PC Tools, you’re getting to the point of paranoia. You should always check the reputation of the sources of the tool, but there are just some you should know like the back of your hand that they are the best source3s you can get.
Its not over. Download malwarebytes, update it and run the scan. The virus is still there its just disabled. It still needs to be removed. I also recommend running a program called ‘Trojan Remover’ from the website www simplysup com. Trojan remover is free to use for 30 days. Download it, update it, run it. After that, i would feel safe. PEACE to you and your family.@David
@admin
Thank you it worked.
Hi Guys,
I just got this virus and have been trying all different kinds of ways to get rid of it. All the ways you guys spoke of from above did not work for me because it requires me to boot in safe mode with or without networking. and that doesn’t work. For some reason, i think it’s related to the virus, whenever i ask the comp to boot in safe mode, it boots in normal mode instead. I cannot open task manager as well or change internet settings. seeemed this version of the virus i have knows all the pathways that people have been getting rid of it and has blocked all that. i cannot open any .exe file at all or run any processes with it. tells me right away that ” …exe file is infected” and ask me to buy. any ideas wat else to do? i can’t format comp either since i don’t have boot disk.
Andy : Try fixing proxy settings first, no mater in safe mode or not. Then download Spyware Doctor, rename to IEXPLORE.exe and do and scan.
oopppps sorry. Didn’t see the comments Shane made. I’ll try those ideas now and will post back results. Thanks for all the posts and comments. this thing is really pissing me off. I tried all freakig night the other night and still couldnt’ get it.
hey are u sure it works those links..???
coz i dont want another trojan comming in again like anitspyware soft..?
All,
I have not read all the threads but this malware attacked my laptop yesterday. It popped up after logging out of my regular hot mail account.
I downloaded Spy-ware DR and installed it, it caught Antispyware the first run through. After I rebooted later it came back, usual pop-ups etc. I checked Task Manager and found something running that didnt look normal. chukidmtssd.exe. I believe this is the auto-installer for antispyware. Remove it also. I can be found in the following directory:
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\ chukidmtssd.exe.
Get rid of that file and you should be clear.
hey i downloaded spyware doctor and it found the virus and it keeps saying fix checked… so when i clicked on it.. it takes forever to remove it…. i have been waiting for soo long for it to be removed…. is there something wrong with it..?????
im in safe mode right now…
nathan
Nathan : Try using task manager to stoping antispyware soft processes, ending in tssd.exe
I have xp and have this virus and cant run my computer in safe mode it only has recovery mode..what do i do?
i had this virus twice once on 14th and 18th of of May. this is bloody nastsy virus would not let you do any thing. first time i had to take it to my friend specilist of computer. he fixed it for me by restoring the system to three days earlier.i have a avg9 antivirus free edition. which is hopeless, twice it could not block this virus. (press f8 to go in safe mode, then go to the system restore. and set it earlier three four days. that is it) . one thing to let you guys know. twice i have been to songs pk and this virus entered out of no where. so be carefull guys. thanks i hope it will help
Great info. The manual method appears to have worked.
Hi guys, use firefox. software can not block you using the internet.
Hey, I just got infected with this last night, and I have ran my Spy-ware Doctor, which I purchased back on 04/25/10, because I had another Rouge anti software, attacking my PC, it cleaned it out perfectly and fast. But this Virus it seems to be having some Trouble. As I Run in it Normal Mode it catches the Viruses, but then when it says it has safely removed it, it is still there.When I run it in Safe mode, which is where i am at right now, it dose not detect the Virus, Spy-ware Doctor, is a great Virus protection, and I learned that after my last anti rogue Virus, but this time, it just dose not seem to wanna get rid of. So If there is anyway I can Manually do this, with me actually understanding how to..let me know-Or a way to make my Spy-ware Doctor work..and find the Virus in safe mode, and not just normal mode. Thanks.
Jen : update and do a full system scan (in safe mode or not). The virus is not activated in safe mode, thus it might be not detected using normal scan. Full scan scans all locations.
If this fails, you got a different version of infections and you should contact PCtools support. PC Tools support, they will help.
I have successfully installed spyware dr and renamed it. I also went into my computer and searched tssd.exe and was able to delete 3 files. There is nothing in my Task Manager including these letters. I cannot run spyware dr though because it will not update in safe or normal mode. My reg software, AVG isn’t catching this.
Christina: check proxy settings. There is a chance that a malicious proxy blocks access to internet for spyware doctor.
Well good news, I did 100 different Scans, with my AVG, Spyware Doctor & my Malwarebytes, and I think I finally got rid of that thing..I am doing another Full system scan as we speak with my Malwarebytes since that one seemed to catch it faster then my Spyware doctor..lucky I have 3 Malware protection lmao!
Thanks again!
Hello,
Just wondering where i can find the ”system restore” to set it back a couple days until i can get over to the house to fix my bf computer. He cant seem to find it on a Dell XP computer??
thanks, I checked proxy and it was set to direct connection. I am now trying system restore and I keep getting the message that it’s not working either. SO disappointed
I did it. All the mentioned before didn not work for me.
. Then run anti-Spy,Malware,Adware of choice. This worked 100%. Good Luck ALL. rkill link : http://download bleepingcomputer.com/grinler/rkill.com
Here is what i did: Download rkill.exe 355kb and then copy it few times and then copy the copies untill you have around 40 copies or more. Now you select all of them and right click to open them all together. What happens that the virus will try to stop the first few but not fast enough to stop the others which will work and kill the virus
@Molly go to the STARTMENU >> ALL PROGRAMS >> ACCESSORIES>> SYSTEM TOOLS >> SYSTEM RESTORE
http://download bleepingcomputer com/grinler/rkill.com
For internet connection just change the proxy as mentioned above.
Simple & easy.
Its a nasty virus & I’m happy that I was able to concor it by very simple way.
Please give your feedback, May be I will be able to help more.
Thanks for the ADMIN and the HOST.
Its a GREAT & HELPFULL Blog.
GOOD JOB ADMIN.
@Nathan
Yup, thanks that worked. I wonder why everyone thinks getting rid of it is so difficult?
All you really need to do is a system restore. See comment #31 from Nathan. When I did the restore, everything was back to normal. No losses of data. It’s a lot eaasier than using software or manual removal techniques. Antispyware Soft pretty much disables anything you might use to get rid of it. I highly recommend a system restore.
Randy: System restore does not work on all systems, thats first and the biggest issue.
Hi,
I had the Antispyware Soft for a the last couple of days. I wasn`t able to download anything nor open any existing programs I had. Task manager wouldn`t come out nor did internet options. It wasn`t listed in my programs either so I couldn`t remove it.
****When I turned on my cpu this morning, it was gone. I was wondering is it really gone, or is it still there?
Thanks,
Leanne
i finally was able to get it. i ran rkill and it showed me the exe which it stopped. ithen copied these into my search box and ran search all drives/hidden files, etc in advanced. it located the 2 exe files and i manually deleted. THEN i was able to update both malwarebytes and microsoft security essentials. i ran both full scans and malware found 12 other files which it then deleted. now, the virus is gone but i cannot connect to internet http. how do i re-enable that?
@dh Open up internet explorer, click on TOOLS> INTERNET OPTIONS> CONNECTIONS> LAN SETTINGS> then UNCHECK the box that say use a proxy server, click OK. Close the browser then reopen. Your internet should be restored.
@dh
@rowell
ATTN- To anyone who gave out their Credit Card number:
Contact your Bank immediately and tell them that your number is in the hands of criminals. RIGHT NOW!
I have Windows 7 and did a system restore to yesterday’s date and that seems to have done the trick. I rebooted and don’t have those annoying, relentless popups. Hopefully, the fix is permanent.
I am running into major problems. I have Windows 7, and when I restart my motherboard has some special start up. It says press TAB for POST and DEL for BIOS. I tried pressing TAB, and it pulled me up to a similar screen where the safe mode would be, but that’s not an option. Only start normally or start computer fix or something. OF course, my keyboard didn’t work then anyway, so it went into the fix.
There was an option for system restore. One was actually hours before Antispyware Soft had gotten itself on my computer, so I tried that one. Unfortunately, it failed, and the fix really couldn’t do anything else.
i handle these pretty much on a daily basis simply reboot ur computer in safe mode with networking install malware bytes anti malware run an update run a scan remove all files then check for these files in ur hkeylocal
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters]“
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random characters]“
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
@Zoe
I have norton too,and it didnt remove it.
Amber : norton is not too good at handling malware. Is your task manager disabled, or is blocked by virus? If it is disabled, you will have to modify registry (a bit tricky). If its just a virus, try launching task manager right after boot, while virus process is not launched. Press ctrl+shift+esc right while being logged in (couple times to make sure).
@admin
It wont access task manager
i got this virus last night, i think :S java randomly opened on deviantart.com and then all the pop ups went beserk. my friends told me to delete free avg because it was a joke so i did… and i restarted. boy, was i a failure. restarting made it worse and more pop ups came up. my mum bought norton 360 today and she installed it on another user. its currently scanning mine at the moment, boy its slow. it locked me out of skype and msn too :/ stupid thing. and the stupid internet tabs opening… wanna strangle this thing with my bare hands. Im scared because my mum just topped up the internet and im afraid that this will waste it :/
i tried renaming task manager to IEXPLORE and IEXPLORE.exe but it didn’t work. wouldn’t let me. i can’t download anything because it goes to ‘Temporary Folder’ and i have no clue where that is and it just deletes the file anyways. i can’t change the name either. won’t come up. can someone help me? D:
P.S. I have Windows Vista: Home Premuim
@Ian
I did a system restore, unfortunately the one that had set itself hours prior I could not use (messed up), so I settled for one nearly a month back. Annoying yes, but much less so then AntiSpyware Soft.
Thanks to everyone for their help. FYI, I used Tom’s advise from 5/20 20:47 and I got access to my programs again. From there I could do a full scan. Using Shane’s tip from 5/21 18:41 I had internet access again. Thanks again to everyone.
So I ran Spyware Doctor and find the whole list including Spyware Soft.
Now the problem is how do I remove them ? Since I really don’t see the point of buying like the 30 dollar package . Any suggestion ?
@Tom DID IT
This worked best for me in 2 seconds!
I just got hit by this and the file name it was using was vjdmhlutssd.exe, I restarted my computer in safe mode with networking, and deleted that file and the .pf file that it also created it my windows directory. Computer is running fine now!
I finally got the task manager up on my Vista operating system and loaded a copy of Kaspersky internet security 2010 and once installed it immediately found this and started the deletion process. So far things appear to be back to normal and have found no signs of it anywhere in my laptop.
Try creating another user account on your computer and go in that way if you don’t already have a guest account. Once in I found I can connect to the internet and get in the backdoor to the other account with my administrator password.
Alright, here is what I did with the help of bits and pieces of info here and some basic problem solving.
1) I tracked the offending program by right clicking the “warning window” and checking properties. In my case it was C\users\”my user account name”\app data\local\ and then a nonesnse folder name, in my case it was ulniejsyo.
2) I signed on to another user account on my PC, went to my task manager, enabled see all users and found the task with nonesense letters and ended with the three letters tss I believe.
3) I then went to the folder (still on other account) that contained the virus .exe file. You will have to have view hidden folders and give administrator password to find it. I then deleted it.
3)Next go to internet options/connections\lan settings and uncheck use proxy server, close window and reopen and explorer should work.
Another method, if you can start your machine and get to the offending file before it initiates, it can be deleted then. Then you will need to go uncheck the proxy server box and explorer will work.
I have not been able to find where this is in my registry yet so that entry can be deleted also but will update when I do.
Thank you for this website information and for all your shard comments. I just hat it attacked to my laptop, and another one is “data protector”.
I would never spend a penny for this type of unethical business behavior, buying their product is to encourage that kind of behavior.
Yes, I fell victim to the scam and purchased AntiSpyware Soft. Is it just a matter of using their own uninstall program to remove it? Or is there a better way?
Alf: If you have purchased AntiSpyware Soft, contact bank and dispute charges. It is good idea to change credit card as well.
AntiSpyware soft is using virus techniques to get installed in your PC and it will not remove itself easily as that. Follow manual or automatic removal instructions
To hell with this, im doing a full reformatting of my harddrive. God i hate programs like this. This is the WORST virus i have ever seen in my life!
@Lee Ann
testing geniune
Thank you for the detailed instructions.
The only thing that worked for me was restoring my computer to an earlier date. And I did that in safe mode, NOT safe mode networking. Thanks to the person who recommended that, and to everyone else who shared.
I was cruising the American Thinker website when a Java Application starting running. As the Application looked like a automatic Java update I let it run. Apparently the Java Application was the malware loader program for the “Antispyware Soft” program.
The Java loader dropped the malware exe file into directory location ::::
C:\ users \ (User_Name) \ appdata \ local \ XXXXXXXXX \ XXXXXXtssd.exe
{ Where X is a randomly generated lower case letter.}
As I am old school IT I went after the malware by using the right-click to file properties trick. That gave me the file path and the name of the malware exe file. Deleting and /or trying to rename the file XXXXXXTSSD.EXE did not work but changing the file path did. That killed the malware by moving the exe file to a “out of the directory path condition” for program execution.
The malware is started by a line entry in :::: [ Vista Home System ]
\%sysroot%\system32\autoexec.nt
\%sysroot%\system32\config.nt
So both files must be edited to remove the possibility of unexpected program restart due to Windows repairing the directory path.
The Internet still needed to be fixed by eliminating the proxy server. You can see how to do that in the above instructions.
Good luck and when these bandit programmers are found remember
{ Hanging Is Too Good For The Bastards.}
BURN THEM AT THE STAKE.
Mine all of a sudden disappeared one morning. I have no idea what’s happening.
I removed the thing and restored internet acess, but I’m experiencing a new (and very annoying) new problem, which may or may not be related to this. Search engine results now redirect to completely unrelated sites. Oddly enough, if I go back to the results page and try clicking the link again, I may or may not get through (or get redirected again, getting sent to sites like penguinapps.com). Does anybody have any ideas on what could be causing this?
When editing the registry manually, when doing the steps such as:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
Do I just delete the value “http=127.0.0.1:5555″ and leave the “ProxyServer” entry? or do I change the value to something else?
I ran Spyware Doctor and deleted the tssd.exe file, but some of the registry entries still remain, so I decided to try deleting them myself
and for anyone using Vista the path of the tssd.exe file is:
C:\Users\Default.Default-PC\AppData\Local
I followed the steps above (even the unexpected requirement of purchasing a product), but Antispyware Soft keeps returning minutes after I run the scan and remove the files. I’ve performed the steps five times thus far, yet the virus keeps returning. Did I miss something?
Ricky: Please check that your browser/hosts file is not corrupted. This might lead to fast reinfections like in your cases. Also, if virus returns, it means you got an additional trojan downloader. As fast solution, I would recommend checking startup entries with msconfig and stoping all unknown programs, then rebooting. As long term solution, I would recommend contacting PCTools support and asking for custom fix.
@admin
I appreciate the suggestions, but I’m incompetent when it comes to computers so I have no idea what you suggested or how to perform these suggestions. Also, I run the scan on safe mode and the scan comes up clean; but when I return to normal mode the virus is still there, stopping any efforts of mine to scan and remove.
hey i just got this thing on my lap top. and it wont let me open anything at all not evan my norton. i tryed safe mode allready and it didnt work ether. i tryd deleting all my internet stuff like host files. and its still not working so im gona try restoring it to a layter point. any other sugestions.
I got this yesterday when I was simply checking emails! What is this!
Anyway, I ran Spyware Doctor & then did system restore. That went well, the Antispyware Soft is removed. But then, there are still a few problems.
1. When I turn on my laptop, no icons show up–just the wallpaper. The right click thing doesn’t work. The icons would only come up if I open task manager using ctrl+alt+del. Is there any way to fix that?
2. I can’t access internet even though I removed proxy. When I connect my laptop to the ethernet cable, the status would say “acquiring”.
Please help
AK: Try creating another user account on your system. Your registry is messed up somehow.
As of 2. try checking your internet parameters (TCP/IP settings) and resetting them to automatical mode. If it does not help, try booting from recovery CD and repairing instalation : your one of the internet drivers might be corrupted.
I tried using system restore in safe mode and pop ups stopped but when i try to use the internet it keeps saying internet explorer cant display the webpage for some reason with a circley icon and before that i unchecked proxy too so now what do i do?
After fighting with this monster for 3 days, I read through this blog. Tom’s advice (see May 20th) made the most sense so I discussed the rkill.exe file with the geeks at my office. They agreed. I copied the rkill.exe file onto a disk at my work computer, brought it home at lunch today and loaded it in Safe Mode. Then made 50 copies & opened all of them at once. I then disabled my proxy server and, for good measure, ran my PC Doctor Antispyware while still in Safe Mode. I then repeated the rkill.exe procedure in regular mode. Finally, I ran Malwarebytes in regular mode which detected and removed another 21 infections. Computer is working perfectly and another Malwarebyes scan tonight came up clean. As a final mode of protection, the guys at work suggested I stop using IE and use FireFox as my browser. Good luck to all of you. One final word of warning – to those of you doing a systen restore, you may be eliminating the Rogue Antispyware Soft catalyst, but chances are, the other root infections still remain.
Robin P : Get a good antivirus as well as antispyware with real time protection. That is the best protection it gets. There are vulnerabilities that target Firefox as well, though they are not so common as ones for IE. Google Chrome is most secure from mainstream browsers at the moment (well, Opera too, but it is less used).
Tom, if you’re ever in Florida – I owe you a beer! Thanks for the stellar advice. @Tom DID IT
OMG ANTI THING IS SO ANNOYING!! WILL NOT LET ME GET
INTO ANY OF MY STUFF OR INTERNET! I NEED TO GET RID OF IT ASAP! HELP
im running malwarebytes in safemode will this do it, it doesent appear in administrator but in normal user, if i delete the normail user will it be gone?
Craig : your normal user account is infected only. The safest would be copy all info from normal user (document folder, no config folders!) and delete that user account. Then create another user account, and copy the documents there.
I got this thing too, but I didn’t get tssd.exe or anything like that..
Picked this virus up last night, my dad ran system scans in Safe mode using Trend Micro Internet Security and Windows Defender, and I can’t vouch for what else he did, but will try methods listed here.
note: for anyone who wishes to manually do this ( i always do, because malwarebytes has problems detecting registry changes sometimes) to open up the registry editor to delete files after stopping the process; go to start>all programs>accessories>command line then type in “regedit” (no quotes) into the command lines then delete the files. be sure to delete the [random]tssd.exe first though. i also delete the ProxyEnable when deleting the ProxyOverride, but do so at your own risk. also, to find AppData or Application Data; go to Control Panel> Classic View> Folder Options> View — Hidden Files and Folders — Check “Show Hidden Files and Folders” and apply changes. you are on your way to a clean registry and a non-Antispyware Soft future.
@Shane
Thank you! Spent hours getting all this crap off of my wifes computer and could not figure out why firefox worked just dandy but ie wouldn’t.
Hey, if you have java on your computer DO NOT LET IT UPDATE on sites that you usually don’t visit. Becouse I got this from a Java uptade I think, becouse the update freaked out and started updating (3 applications to update at once) So if you notice anything weird with the java updater start scanning your system!
So…this virus pissed me off beyond anything else.
Basically…I attempted to go into safe mode…but when I pressed F8…my keyboard became disabled. Yay…no kidding there…that about ticked me off right than. I couldn’t do anything the above told me to do (downloading and renaming that file was pointless…it apparently recognized that little trick) so I scanned through the comments (after opening this page and than immediately shutting off my internet I might add, not wanting to take any chances)
Out of luck, or good programing (either way) my Avast didn’t seem to be affected and was running a scan as all this occurred…and it had nabbed everything almost immediately but I was still unable to do anything about it just yet (the virus did seem to be keeping Avast from finishing it’s scan, but couldn’t shut it down completely. It was basically just sitting there paused) The only post that really helped? Shane’s post :April 30th, 2010 at 21:17 | #46
When I was finally able to get my task manager up and end that process…it was only a matter of going through, deleting the registry files, letting my Avast fully latch on to the files it had caught and than doing another scan, just to make sure…
That was the worst 3 hours of my life. >.<
Thanks guys, especially Shaun, this has saved my ass!
@Reece
oops! Shane* soz
@damagedone
Do you just delete those last 5 entries that you listed in the registry or change the values ?
It is not allowing to use my IE nor task manager, also I can not even see the program in my control panel to delete it. I can not do a system restore anytime i click anything it pops up asking me to purchase please help
Hi
i cant enter windows in safe mode or regular mode.
Please help me im very frustrated
ps. I have windows XP
I was wondering if this would work: I installed spyware doctor and did everything in safe mode doing the complete scan and getting rid of all threats. I then went to regular mode and it said the virus was still there, so I went back into safe mode and did a system restore. Will I be cured if I reinstall the spyware doctor after my system restore? p.s i dont know much about computers. also i restored to a previous time prior to the 5 days that were given to me.
haha I found out that the restore still kept my spyware doctor, but still is my logic alright?
Thanks @Admin I did update it, and Since I can only be on the internet in Safe mode, that is where I am at the moment. Both my Malwarebytes and Spyware Doctor, are updated, when I ran the Doctor today, in safe mode right after I posted, it caught a Virus though it was not the one from the infection..it maybe one it didn’t catch in Normal mode. I am running both of them right now in Safe mode & I will switch back to Normal mode and run it again, to double check, although it still did not catch the Rogue Anti virus in safe mode. I am hoping that in Normal mode, when it catches it..it will in fact, delete it this time. I tried about 4-5 times last night scanning and scanning..each time it cough it but did not fully remove it. If it dose not remove it in normal mode, when I try it..I will contact PCtools support, and see what they say.
Re-boot your computer and as soon as the blue taskbar appears right click and go to task manager immediately. Shut down asam.exe and syssvc.exe immediately, before it has a chance to load. You should then be able to run a malware scan or system restore to an earlier date. Took me most of the weekend to get rid of this trojan horse. Make sure you get rid of all the registry related entries as well. Go to the registry and search for anything with ‘asam’ and ‘syssvc’ and ‘sysguard’ in it. Also ‘avscan’ and ‘avsuite’
Well I ended up getting this thing on my computer about an hour ago. Right away I figured it had to be something bad so the only thing I could think to do was disable the computer’s internet connection and run system restore in safe mode. While the infected computer was doing the system restore I got on another computer to do more research and found this thread. Everything seems to be alright, I ran Nod32 and it didn’t find anything, I looked for the registry entries and files that are mentioned and couldn’t find anything. I’m not the most tech savvy person so it just seems odd to me that I was able to just do a system restore and everything seems fine while so many others had hours long epic battles with the thing. Is there anything else I should try looking for or doing before I consider myself in the clear?
i fell for the hoax & paid the $49.95 to remove the “viruses” from my computer. shortly after, i read this & a few more articles telling about the rouge software, removed the program, & re-installed my mcafee total security center to remove any traces of it. now im worried about my money & my debit card. is there any way the fake site still has all of my info stored to continue charging me?
I searched for the tssd.exe file in safe mode w/networking, deleted those and now I’m doing a system restore. We shall see what happens next. Thanks for the advice!
HI last nite i was just infected with this retarded program. I am running that spyware docter it finds the files but as i have no money i cannot purchase the damn thing. i have Nortons, MCafee, AVG, and several other spyware, adware, programs scanning my computer and none of them ever finds the program or virus. I do now know where exactly to go to look for these files or what to do. I am Running Win7.
So last night i got the antivirus sofware infection.. i purchased spyware doctor.. it found a lot of corrupt files and what not.. it deleted them, but i still have the same pop up problem and alerts saying to keep purchasing ativirus software… what should i do? i thought spyware doctor would have taken care of everything.
dudes use ccleaner its dope it totally killed the virus. just go to the sight and download it. when its downloaded click analyze, when thats done keep clicking clean and it will delete all the bad stuff along with the virus. worked for me
hey so do you mean i should reselect that porgram i deselected in the beginning once you have completed all the previous tasks???
@Mike Csutoras
It actually depends on what browser you are using… The Antispyware Soft I picked up allows me to go to sites through Windows Internet Explorer and Mozilla Firefox.
I really need help. I have been messing with this virus for 3 days..I fix it and it comes back. I have updated My Zone Alarm Extreme yesterday and it seemed fine. today I dont have use of Ie at all. How do I get onto internet without ie as my browser so I can download anything else that might help. Thank heavens this laptop is still okay or I would really be up a creek.
Hi all. I have just removed Antispyware Soft from my father in law’s computer for the 3rd time in the last few weeks. I suspect it’s from porn sites, but he won’t confess…
I get to it by hitting control/alt/delete repeated as Windows starts before the malware can get going. Once task manager is up, I delete any weird processes in task manager, usually one or two, and then I can open Malwarebytes to kill it.
Anyway, I would like to know what can prevent the attacks! He has Vipre Anti Virus (paid subscription), Malwarebytes (free version), and AdAware (free version). It just blows right past and installs itself. What does he need to PREVENT this from happening again?
Thanks in advance for your time.
Hey guys I tried system restore and that has done the best job so far. Once I did restore I immediately downloaded spyware doctor and norton antivirus to keep my comp safe. Hope this helps.
Hey there, I’m having troubles loading your web site. as much as 50% of this page seems to load, and the rest is just empty. I am not really sure why…. but you might like to investigate it. I will check back again later, it may very well be on my end.
As I mentioned back on May 26th, I did successfully remove the Antispyware Soft virus by using the rkill.exe method. 3 Weeks later, there is no sign of the virus on my computer, however, my computer is running VERY slow. It takes forever to load my personal settings or get any file to open, even though I purged my start menu and deleted several programs entirely. What’s going on?
Robin P : Start task manager (ctrl+shift+esc) and sort processes by their load. It depends which processor slows the PC down. I would do a scan with both Spyware Doctor and CCleaner as well, and install all updates to PC.
I got this as well, and after I removed it, I got “AV Security Suite” (same idea, different program “name”). After I removed that, I noticed browser hijacking taking place, then got AV Security Suite again (without even using my computer other than to try to remove the browser hijacker!).
My point being, I don’t think the original infection ever went away. I think it just keeps reinfecting on reboot – perhaps sitting dormant for a few days to let you think you “cured” it, then comes back.
This last time, I also used this (in addition to the manual removal instructions for the fake anti-spyware):
http://support.kaspersky.com/viruses/solutions?qid=208280684
It got rid of a rootkit that I’m thinking was responsible for the continual reoccurances. I won’t know for sure if it worked for a while (vs just laying dormant for now), but I thought it was worth passing on – the browser hijacking is gone, and the fake anti-spyware isn’t popping up, and my laptop isn’t slow as molasses like it had been…
I’d suggest at least running that if you’re seeing the fake anti-spyware stuff. Good luck.
SkyDvr: I always recommend scanning PC with good antiviruses/antimalware after manual removal for exactly same reason. Another possible cause might be proxy server/malicious DNS server or hosts file. Sadly, hosts files and proxy settings are rarely checked properly by antiviruses/antimalware.
I was tricked into actually making a purchase from the antispyware soft virus, and later removed everything with a system restore. However, looking back, I can’t recall what all information I had to provide in order to make the purchase. Does anybody know what information is required for the purchase?
unfortunately spyware doctor seems also close to rogue software. Will install, take over the system and SUPPOSEDLY find problems that it will fix IF you pay money???
It makes me wonder who backs the ROGUE software?
Dazza : there are couple major differences 1. Spyware Doctor blocks parasite processes for free when installed to accessing some data, thus it helps in cleaning process and prevents some repeated infections 2. Spyware Doctor uninstalls and installs normally 3. Spyware Doctor allows identifying infections and affected files which are safe to remove manually (it has one of the largest databases). 4. You get 30 days full money back guarantee if you are unhappy, support on removing parasites and so on. No rogue, and even some legitimate programs can match this.
@admin
I have followed all these steps and I still have no internet. ???
Michelle: Here a more detailed guide how to fix internet problems after malware removal : http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
I was impressed by your steps to finally get IE explorer to open an accept the opportunity to install the free PC Tools PCDoctor. did what you said and it worked. However, unless I did something wrong, after it did the scan I learned I had to PAY to remove the posted threats. Instead of just saying that the scan is free, perhaps you should consider also stating that there would be a charge to cleanup and remove the threats. After learning that, the reason I didn’t buy it was because once you asked for payment I felt you were part of the AV Defender 2011 scam.
Gene : Spyware Doctor allows identification of malicious files on your system for free. You can remove these. Also, it stops these files from being executed (in case they are launched after SD executable), thus makes removal easier.
HI, i have downloaded spyware doctor and done the updates should i scan my computer in safe mode with networking or in normal mode. when i clicked scan in safe mode it advised me to to the scan in normal mode.
I recommend scanning in safe mode, if it fails to detect for some reason (changed malware packers or some other version released) then try in normal mode.
thanks i did that it came with lots of viruses, but i just tried system restore to 2 days ago and all is fine now.
Michael: Do a full scan again and delete the threats it finds. System Restore does not fix all the problems. You can delete files manually, if you wish.
thanks i have virgine media security installed on my computer will that get rid of the problems
Michael: try it. Though I recommend scanning with both MBAM and Spyware Doctor (These are known tools against this kind of parasites).
If u got another laptop, take youtube and there I found this helpful video when I typed how to remove antispyware.. It shows how to do, just follow ..it is simple.. i could not open my other laptop..this virus blockd me from using net, acc to the steps, when u restart the affected system, press safe mode of this virus, as u hav no othr option, then start scan, while scan is running press ctl+alt+ del, task manager wl come up, choose application running antispy, end n then process , sort my name and u hav to find the antispy.exe or hotfix.exe then end them..u can find the steps in youtube as i told. I am not tht expert in all these so bette ru chk it urself. Am thankful to him, who uploaded tht video.