Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove Antivirus Suite (Uninstall instructions)

Antivirus Suite is a new rogue antispyware program from the same family of rogues as Antivirus Soft. Nothing new here, as before, it usually installed through the use of trojans. When the trojan is initialized, it will download and install the core component of Antivirus Suite onto your PC and also, will register it in the Windows system registry to run automatically every time when your logon into Windows.

Once running, Antivirus Suite will start a system scan and report a lot of infections that will not be fixed unless you first purchase it. Doing this is not necessary since the scan results, and the scan itself – a fake. It is only a method created to trick and force you to believe that your computer is infected. So you can safely ignore the false scan results.

While Antivirus Suite is running, it may block any program from running. You will be shown a variety of nag screens, fake security alerts, popups and notifications from Windows task bar. An example:

Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.

Last but not least, Antivirus Suite will hijack Internet Explorer so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!

From the above, obviously, Antivirus Suite is a dangerous program and unwanted guest on your computer. When the first symptoms of infection stop using the computer to perform any action, ranging from document editing and finishing shop on the Internet. You need as quickly as possible to remove the rogue antispyware. To do this, use the instructions below to help you remove Antivirus Suite and any associated malware from your computer for free.

Symptoms in a HijackThis Log

O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe

Use the following instructions to remove Antivirus Suite (Uninstall instructions)

Step 1.

Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.

Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.

Click “Do a system scan only” button. Look for lines that looks like:

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [vcspymsv] “C:\Users\Owner\AppData\Local\bbenmt\badwsftav.exe
O4 – HKCU\..\Run: [udcqinjy] “C:\Users\Owner\AppData\Local\rhjimj\bogjsftav.exe
O4 – HKLM\..\Run: [kjwerkje] C:\Documents and Settings\user\Local Settings\Application Data\asdasd\qweqwetssd.exe
O4 – HKCU\..\Run: [qlweklqw] C:\Documents and Settings\user\Local Settings\Application Data\qweqwe\adasdastssd.exe

Note: list of infected items may be different, but all of them have “sysguard.exe” or “ftav.exe” or “tssd.exe”string in a right side and “O4″ in a left side.

Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.

Step 2.

Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.

MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.

As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Antivirus Suite infection. This procedure can take some time, so please be patient.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items
Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Antivirus Suite. MalwareBytes Anti-malware will now remove all of associated Antivirus Suite files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Antivirus Suite creates the following files and folders

%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe

Antivirus Suite creates the following registry keys and values

HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM]

March 31, 2010 on 10:25 am | In Malware removal, Rogue Anti Spyware | 87 Comments |


87 Comments »

RSS feed for comments on this post.

  1. thanks for this ,worked just as it said ,,,i was having big problems till i found this ,,,,,,,thanks!

    Comment by gary.h — March 31, 2010 #

  2. I followed the directions of step one, but wasn’t able to open HijackThis (even saved as “iexplorer.exe”). It was immediately closed by the virus program, which stated it couldn’t be executed because ‘iexplorer.exe’ is infected. Any other way to get around it? Should this be done in safe mode?

    Comment by Alex — March 31, 2010 #

  3. Thank you so much, you’ve saved me a whole lot of trouble. Very easily explained and it’s totally gone from my computer as well as tons of other stuff my former anti-virus program couldn’t catch.

    Comment by PennyW.Hack — April 1, 2010 #

  4. You’re site has been so helpful before but this set of instructions isnt working. The virus isnt letting me run anything, immediately killing all applications i try to run, even task manager and g the renamed hijackthis or a rootkill program ive downloaded in the past. The virus gives me a windows type pop up message saying that the file is infected and would i like to activate my antivirus software now. i obviously click no. please help!

    Comment by Mark — April 1, 2010 #

  5. Alex, you have made a small mistake: you should use “iexplore.exe”. Its very important.

    Comment by Patrik — April 1, 2010 #

  6. Mark, check twice that you using “iexplore.exe” filename. If the trick does not help, try these names: sysguard.exe, tssd.exe, winlogon.exe, userinit.exe, smss.exe.

    Comment by Patrik — April 1, 2010 #

  7. I have a problem with removing it with this program. XP is in safe mode and I run the iexplore.exe file and installed this program. I did not get rid of it. What else can I do?

    Comment by Luka — April 1, 2010 #

  8. So. I ran HijackThis, but it informed me that the virus denied it access to the Hosts file. However, due to the virus preventing me from opening any programs, I have no way to get into the Hosts file and to take out the lines of text that it is telling me to remove. Suggestions?

    Comment by Alma — April 1, 2010 #

  9. THANK YOU a million times over! I used these instructions to rid myself of this trojan with success! I’ve come across this one before, but not to the degree that it wouldn’t let me open my Task Manager or Programs. This was so helpful!!

    Comment by Michelle Haley — April 1, 2010 #

  10. this worked perfectly. was panicing a little bit since i couldnt access anything but mozilla firefox. Thank you to whoever put this up, you rule!

    Comment by josh — April 2, 2010 #

  11. i am having the same problems with this antivirus suite thing, i have read and read and downloaded everything. did the hijack thing.. renamed it.. went through that all, then did the malware but the antivirus didnt show up.. just 4 other files that i deleted and still nothing, does anyone have any other solutions???

    Comment by lito — April 2, 2010 #

  12. Luka and lito, open a new topic in our Spyware removal forum. I will help you.

    Comment by Patrik — April 2, 2010 #

  13. OMG cant believe how many people faced the same problem in the last 2-3 days! THANK YOU THANK YOU THANK YOU so much! I nearly had a heart attack seeing all those pop ups! Good thing i googled them before clicking on them!
    GOD BLESS YOU!!

    Comment by CS — April 2, 2010 #

  14. Got infected, followed your instructions, and it worked perfectly. Thanks for publishing this fix!!

    Comment by BK — April 2, 2010 #

  15. restart computer
    just after log on hit alt+ctrl+del to activate win task mannager

    sheet processes, disable jaotbditssd.exe

    start>search>file or folder

    in advenced settnigs mark hidden files or folders

    search for that file

    jaotbditssd.exe

    delete it

    problem solved

    you can also remove info abot tis from reg.

    start>run> type “regedit”

    F3 and type/paste jaotbditssd.exe

    delete any info in reg and pres F3 until end of search

    Comment by piczak — April 2, 2010 #

  16. Thank you! Thank you!
    You saved the day!

    Comment by laura — April 2, 2010 #

  17. THANX. SAVED ME. WHAT ELSE CAN I SAY.

    Comment by SULLi — April 2, 2010 #

  18. Thanks millions. You saved day, too.

    Comment by JIS — April 3, 2010 #

  19. Um small problem, I’m in Safe Mode right now and it won’t let me in Internet Explorer. Only Firefox. IE just flashes in the page then disappears. I have all the other programs needed on my flash drive but can’t do anything until this is fixed.

    Comment by Suzie — April 3, 2010 #

  20. you.re cool …i am doing it now. if it works god bless you…

    Comment by Diana — April 3, 2010 #

  21. Hi Patrick,

    It takes pretty much longer to search for that file, and it just does not find it. I do have vista, what else should i do? Anytime I try to access any web page, it does not allow me. Thank you pls in advance :)) DIana

    Comment by Diana — April 3, 2010 #

  22. it is called …..qcxylxdttssd.exe …and i will remove it from task manager …wish me luck…yes that was the one…for some reason it ends in tssd

    Comment by Diana — April 3, 2010 #

  23. Thank you soooo much!
    This worked & was easy to follow.
    I really can’t thank you enough.

    Comment by Christina — April 3, 2010 #

  24. REALLY WORKS

    Comment by COLLIN — April 4, 2010 #

  25. Suzie, you have tried scan your PC with Malwarebytes ?

    Comment by Patrik — April 4, 2010 #

  26. Diana, Antivirus Suite still hijacking your browsers ?

    Comment by Patrik — April 4, 2010 #

  27. Diana, you need run HijackThis and fix all lines that have “tssd” string. Read the instructions above.

    Comment by Patrik — April 4, 2010 #

  28. Very helpful article – the hijack this section that helped me look for thr ‘Antivirus Suite’ strings was especially good. I removed the .tssd stuff and everything seems copacetic now. Isn’t there any agency that can track down the people who put this kind of destructive spyware out on the internet?

    Comment by Alex — April 4, 2010 #

  29. im on mozilla and i cant change the name before i save it how can i do it?

    Comment by kim — April 4, 2010 #

  30. I tried to download the program in a different name, but it couldn’t. I’m using Firefox, as Internet Explorer won’t even open this page.

    Comment by Elizabeth — April 4, 2010 #

  31. Had it, followed guideance above and now it’s gone! Thank you!!!!

    Comment by Phil — April 4, 2010 #

  32. THANKS SO MUCH FOR THIS ARTICLE!!!!!!

    Comment by Vinni — April 4, 2010 #

  33. Kim, right click to a link and select Save as.You will see a Save dialog.

    Comment by Patrik — April 4, 2010 #

  34. Elizabeth, read my comment to Kim.

    Comment by Patrik — April 4, 2010 #

  35. i cant find all the lines in the hijackthis

    Comment by alexb — April 4, 2010 #

  36. alexb, open a new topic in our Spyware removal forum (include your HijackThis log). I will help you.

    Comment by Patrik — April 4, 2010 #

  37. i got nailed with this tonight… hope this works out. lol have no way to repair or reformat the pc atm so id lose everything on it …….. Ok it worked yay for useful guides on the internet . tyvm who ever made this guide. it worked n ill keep the programs incase it happens again..

    Comment by Lisa — April 5, 2010 #

  38. I downloaded MalwareBytes, ran it, and it successfully removed everything on the list. However, Antivirus Suite wasn’t one of those programs.

    I still can’t bring up the task manager to disable it or anything.

    sysguard.exe, tssd.exe, and ftav.exe do not appear when I bring up the search program. Other sites say to bring up Add/Remove Programs in the Control Panel to manually remove it, but it doesn’t show up there either.

    I don’t know what to do.

    Comment by Harm — April 5, 2010 #

  39. Sorry for the double post. Ii had thought that MalwareBytes automatically updated on launch, but apparently it doesn’t/didn’t. I updated it manually and reclicked the quick scan, and it’s already found two infections. This looks promising, but I’ll post again if that doesn’t work. This situation is scary for me as this is my father’s computer and he’s sleeping (with an hour until the scan finishes, that could be a problem). I’ve only been to what Google has termed as “safe” sites, but I was still infected with this thing. Is it really that easy to infect computers with malware?

    Comment by Harm — April 5, 2010 #

  40. Ran Malwareebytes Anti-Malware and found 12 infected files but now I must enter a code and my email address so the program will delete is this a scam? A little hard to do when internet explorer is not working. Seding this from another computer.
    Ed

    Comment by Ed Rancier — April 5, 2010 #

  41. Is it really that easy to infect computers with malware?

    Probably your PC has been infected through the use an exploit in Internet Explorer, Adobe Acrobar Reader, Adobe Flash Player. Update all of them. Also visit to Microsoft Update to update Windows.

    Comment by Patrik — April 5, 2010 #

  42. Ed, probably you have downloaded Spyware Doctor from Google Ad. Download Malwarebytes Anti-malware from here (scroll down to direct links).

    Comment by Patrik — April 5, 2010 #

  43. I too have this Antivirus Suite problem, but didn’t get very far with the instructions. I run the HijackThis.exe (renamed it first to iexplore.exe), but non of the items listed had “sysguard.exe” “ftav.exe” or “tssd.exe”, it did show a lot of “O4″ items, but again non of the exe files you’ve mentioned above. Can you tell me what else I can try?

    Comment by Dennis — April 5, 2010 #

  44. I looked through the hijack this log and none of the lines had “sysguard.exe” or “ftav.exe” or “tssd.exe”string on the right side.

    Comment by Jason — April 5, 2010 #

  45. I cant even open internet explorer on my computer to install that program. Suggestions??

    (Im on my other laptop)

    Comment by Samantha — April 5, 2010 #

  46. i use firefox, and when i download the hijackthis file i cant name it whatever i want.

    and i cant even use internet explorer because this thing wont let it open.

    help

    Comment by telly — April 5, 2010 #

  47. Dennis and Jason, probably your PC is infected with a new version of the rogue. Open a new topic in our Spyware removal forum.

    Comment by Patrik — April 5, 2010 #

  48. Samantha,
    method 1. try boot your computer in the Safe mode with networking, then follow the steps above.
    method 2. download all suggested above programs to another PC, them move them to infected computer using a flash or cd disk.

    Comment by Patrik — April 5, 2010 #

  49. telly, if you using Firefox, then use right click -> Save as, to download HijackThis.

    Comment by Patrik — April 5, 2010 #

  50. thanks, nice to know there are people out there to help those of us nailed by those ‘other’ people. again, thanks!!

    Comment by Shawn — April 6, 2010 #

  51. this virus is not allowing me to do ANYTHING at all on my computer. i am in my campus library right now using their comp because my laptop is literally useless right now. i have MalwareBytes already on my laptop because i downloaded it long time ago and it wont let me open it up because it claims that it is “infected”…. even my Microsoft Word wont open up! this is becoming a huge drag for me because it is preventing me from getting my notes that i saved on my laptop or even complete any assignments from my instructors. how can i fix this? i cant even go on the internet because of the fake blocking page that automatically comes up as soon as i open my browser window. can you please help me?

    Comment by Jo — April 6, 2010 #

  52. Jo, you need use HijackThis before malwarebytes (first step).

    Comment by Patrik — April 7, 2010 #

  53. thank you very much for the help
    i thought i would lose all my work!!

    Comment by cibrog — April 7, 2010 #

  54. ty so much for this guide. it works! :)

    Comment by veds — April 7, 2010 #

  55. This worked. I cannot thank you enough.

    Comment by Mott — April 7, 2010 #

  56. thank you sooo much…..u saved me the trouble and time of taking my pc to the store……thnks a million….all ur steps work and did fix my problem!!

    Comment by val — April 7, 2010 #

  57. THANK YOU SO MUCH!I was gonna buy the antivirus software. haha. THANK YOU!

    Comment by Carm — April 7, 2010 #

  58. THANX MUCH!!! for me i couldn’t do anything until i put it in SAFE MODE – for anyone else who might be having a problem. everything seems OK now.

    Comment by Kraig — April 8, 2010 #

  59. I’m having trouble fixing the Connection settings in step 1. After I uncheck the box for “Use a proxy server”, it won’t let me click apply and then it just reverts to the original settings. HEllp!!!!!

    Comment by Natalie — April 8, 2010 #

  60. I was able to change the settings once I put my computer in safe mode. THANK YOU!!!!!!!!!!!!!!

    Comment by Natalie — April 8, 2010 #

  61. Hello guys, as everybody is jubilating mine is a diffrent case entirely. My sysem is infected with same antivirus suite, i attempt to start my computer in safe mode and turned to be something else, it did not allow me to start in save mode and at thesame time did not allow me start my system normally (can’t start at all). I am so frustrated, can someone help please….

    Comment by Tikko — April 8, 2010 #

  62. thanks for the help from Italy, if my father had discovered the virus on the computer he would cut my head

    Comment by Fabrizio — April 9, 2010 #

  63. Tikko, what is your version of Windows ?

    Comment by Patrik — April 9, 2010 #

  64. I downloaded the Hijackthis program from a clean computer, changed the name, and attempted to run it on my infected computer. But it doesn’t appear to do anything. Also when I tried to disable to program, my “apply” button isn’t highlighted so the change never sticks.

    I already had Malwarebytes and Kaspersky installed on my infected computer. I restarted in Safe Mode, ran iexplore.exe, ran both antivirus programs, and the virus is still there. I don’t have the latest updates and because of the proxy problem, I don’t have control of my internet access to download them. PLEASE HELP!

    Comment by Rachelle — April 10, 2010 #

  65. Rachelle, read the instructions and manually update Malwarebytes Anti-malware.

    Comment by Patrik — April 11, 2010 #

  66. Hey, just cleaned up my sisters infected computer. For some reason I wasn’t able to connect to the internet in safe mode no matter what I tried. So I made a data disk with hijack this and malwarebytes and installed them in Safemode. Then I restarted the computer normally and ran Malwarebyes asap. I had a small window of time before the virus started, I was able to remove it while in “normal” mode. Hope this helps!

    Comment by Patrick — April 12, 2010 #

  67. I have wireless internet and in safe mode it would not give me internet access. So what I did is restart my computer and hover the mouse over the bottom toolbar and right click until the menue come up and you can click \task manager\ and it will open up and stay open. You have to be fast before \Anti virus suite\ starts running. Once its starts running you are too late as it will close \task manager\ down everytime you try to open it. You have to be fast for this to work. You may have to restart your computer a couple of time to get the timing down.

    When I got \Task Manager\ to stay on I went to the tab \processes\. In there I found a file called FWFJXQJTSSD.EXE.3672DBFO.TF. I highlighted that file and clicked \end process\ That stops \Anti Virus Suite\. I now had control of my computer back.

    Then I opened Internet Exployer and on the top bar found \tools\. I clicked on \tools\ and at the bottom of the Menue clicked \Internet options\. Then click \connections\. Then click \Lan settings\. Then check \Automatically detect settings\ and uncheck \Use a proxy for your LAN\. Click OK and OK again and I now had control of may computer back and able to download programs and open them. However I have yet to find a anti spyware program that will get that junk off my computer permantly yet but I can at least use it.

    Comment by rob — April 12, 2010 #

  68. How do you chance the name of it when you download it?

    Comment by Silas — April 12, 2010 #

  69. Thank you soooooo much! It worked like a charm! I can’t believe it was that easy. Again, thank you sooo much!

    Comment by Maria — April 12, 2010 #

  70. yeah, this thing came out of nowhere. crazy. the file names were a bit different from the ones you suggested but it helped guide the process. thanks. currently running the malwarebytes but the little icon on the bottom page is now gone! hopefully for good. I’m sooo grateful for your help. saved me a lot of time.

    Comment by cro — April 12, 2010 #

  71. Silas, you need rename HijackThis.exe in the Save dialog.

    Comment by Patrik — April 12, 2010 #

  72. Thank you! This worked for me. I am definitley using your site to find out more about better protection for my PC.

    Comment by Erin — April 13, 2010 #

  73. My PC was stuck with that awful sp[yware. Downloaded the two softwares (hichjack this and malware)from a clean computer, changed the name, and run on my PC from a USB key and it worked like a charm. Thank you SO MUCH for the wonderful help/information you provided!!!

    Comment by Oli Somenzi — April 13, 2010 #

  74. thank you so so much this really helped

    Comment by Jason — April 13, 2010 #

  75. Just finished following your instructions to the T. Downloaded HijackThis, renamed to iexplore.exe, ran it. Found and “checked” files starting with 04 and ending with sysguard, ftav, or tssd.exe. Then ran the malware program. Cleaned this virus off my PC. Found one thing—After running the malware program I had to go back into Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK, before I could get a web page to load in Internet Explorer. I then went to Microsoft’s http://safety.live.com to run their Full Service Scan. Thanks for posting the resolution for fixing this nasty virus. Hope my added comments helps someone else.

    Comment by Rich — April 15, 2010 #

  76. OMG Dude I friggin love you!

    I’ve had this evil thing for almost a week now, tried loads of other tricks and they all worked temporarily but didn’t get rid of the virus. I used the same method as this before but using Rkill instead of HiJackThis and I think thats what the problem was.

    Cant thank you enough, just saved me 90 quid for a repair job :)

    Comment by robbie — April 15, 2010 #

  77. I am not completely finished, but wanted to share this because I have found what seems a way to DISABLE the “Antivirus Suite Infection” even if the trojan is still identified in the system.

    Ok, this is what I did that has allowed me to “disable” the Antivirus Suite Infection.

    Granted I don’t think the trojan has been eliminated completely.

    1- I started the computer in safe mode.

    2- I unchecked the proxy settings as instructed on this website. BTW, once you uncheck it and click ok, it does not let me click apply, but I went back and the change had been permanent.

    3- I then downloaded the HijackThis.exe as instructed, saved it to desktop after changing its name to iexplorer.exe. It was saved with the HijackThis icon though, which is good.

    4- I ran the HijackThis but it gave me a warning that I was not going to be able to make changes, but instructed me to (in Vista) to run as administrator. When I did, I was able to run the scan. This apparently applies only to Vista.

    I only found the R1 line:

    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

    I did not find any other line ending with:

    sysguard.exe, ftav.exe, or tssd.exe

    I did find a line that looks suspicious:

    O4 – HKCU\..\Run: [la0a1g8wscl4m] C:\Windows\system32\la0a1g8wscl4m.exe

    5- I clicked the proxy server R1 line above and clicked “fix checked” but did not fix the 04 line because I am not sure it belongs to the “Antivirus Suite” virus. Because of the random numbers I’m thinking it probably does.

    6- I restarted the computer in regular mode, and it is working fine, all programs, including Internet Explorer are working. Previously I could not go on the net or even work my local programs. Whenever I tried it told me it could not open them because they were infected. That included Quickbooks, notepad, wordpad, ATF-Cleaner, CCleaner, the virus was forcing me to only BUY the program before I could use ANY program.

    But now there are no signs of any problems running any of the programs.

    It seems that removing the proxy server line with hijackthis disabled the virus.

    7- I use AVG Free edition, so I went and downloaded the 9.0 version, installed it, downloaded the new definitions updated it is running now, so far it has found 1 infection:

    Trojan horse FakeAV.BBM

    Which is seems to be the trojan we are dealing with.

    So, I will wait for the scan to finish and see if my AVG is able to get rid of the infection. I already know that the infection seems to have been disabled, even if the trojan is still in the system.

    If the AVG is not able to remove it, I will download the MalwareBytes Anti-malware.

    Comment by Nelson — April 18, 2010 #

  78. I don’t know how to fix this problem. I have the task manager up but I’m not sure which exe file I should end process on. I can not apply the changes in Internet Options and it will not let me download the hijack file even when I reaname it. Please help! Thanks!

    Comment by misty — April 25, 2010 #

  79. I’m not sure how, but I ended the right process and everything seems to be working! Thanks so much!!!!

    Comment by misty — April 25, 2010 #

  80. I was duped into buying Antivirus Suite for $59.95. Does anyone know their email address or phone number so I can call and cancel and get my money back? When I bought it, it said that I could cancel within 30 days by sending them an email. But, I accidentally removed it first without getting that address.

    Thanks,

    Mary

    Comment by mary — April 26, 2010 #

  81. misty, try download HijackThis to another PC and then move this file to your computer using a flash or cd disk.

    Comment by Patrik — April 27, 2010 #

  82. Mary, contact your credit card company and tell them what has happened.

    Comment by Patrik — April 28, 2010 #

  83. hello,
    I did another things
    I had got this virus so I tried to remove it
    I ran safe mode
    then I search for this file: tueaqhytssd.exe
    after that shift + delete
    now I relief
    what a yacky file!!!
    why did they make this virus?
    they have mental problem?

    Comment by babak — May 5, 2010 #

  84. Ok.

    This thing is what caoiuses internet Explorer not to work. Simply fix it with HijackThis, and internet works againe. Also you can disable from task manager the tssd.exe or sysguard.exe or ftav.exe No need to go to the safe mode. JUst spam the bottons for task manager the first time, so that you will see which you have and where they are located. Then restart normaly and as soon as the screen starts up bring up the task meneger and turn them off. But be carefull, my tssd.exe came back up 2 times after i turned oof the proccess and each time at the different spot in the manager, so be FAST.

    R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555

    Comment by Max 00000 — May 6, 2010 #

  85. I have had to manually remove this virus from my friends computer twice now, be sure to run a complete registry scan for the parts of the file names “tssd.exe”, “sysguard.exe” and “ftav.exe”, I found another string of tssd in the HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

    Comment by The Computer Corner — May 8, 2010 #

  86. Thank you for these instructions! It’s all so scary when it happens but I appreciate the clear, detailed steps so I could fix it. You guys are great!

    Comment by Michelle — July 9, 2010 #

  87. I was able to remove this remotely without going into safe mode. But to do this you need to know the name and password of a different Admin account on the PC. Luckly i already had LogMeIn installed before the computer was infected. I remotely connected. Found the C:\Windows\System32\TaskMgr.exe, right-clicked on it, clicked “Run As”, put the name of a different Admin account, and it ran! I then promptly killed all the junk processes and i was able to take complete control of the PC. Then ran MalwareBytes, etc

    Comment by Andy — September 14, 2010 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.