Antispyware Soft is a new rogue antispyware from the same family of rogues as Antivirus Suite, Antivirus Soft, Antivirus Live, etc. All brothers are identical except for their names and partially modified core files, which is necessary in order to remain undetected by legitimate antivirus and antispyware applications. As well as other similar malicious programs, it infects your computer with the help of trojans. When the trojan is activated, it will download and install Antispyware Soft onto your computer without your permission and knowledge.
In first step, Antispyware Soft will register itself in the Windows registry to run automatically when you logon into Windows. Once started, it will simulate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore the false scan results.
While Antispyware Soft is running, it may block any programs from running as an attempt to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Also you will be shown a lot of nag screens, warnings and fake security alerts. In addition, Antispyware Soft will hijack your browser (Internet Explorer, Firefox) by changing its proxy settings, so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. However, all of these warnings, alerts and pop-ups are a fake and like scan false results should be ignored!
As you can see, Antispyware Soft is a scam, that created with one purpose to scare your into purchasing so-called “full” version of the program. Most importantly, do not purchase it! If you find that your computer is infected with the rogue, then be quick and take effort to remove it immediately. Follow the removal guidelines below to remove Antispyware Soft and any associated malware from the system for free.
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Use the following instructions to remove Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKCU\..\Run: [apcmuqeo] C:\Documents and Settings\user\Local Settings\Application Data\oweiriewo\kjskdjftssd.exe
O4 – HKCU\..\Run: [vbcqtaea] C:\Documents and Settings\user\Local Settings\Application Data\sdklflksdf\mnsdmnfstssd.exe
Note: list of infected items may be different, but all of them have “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antispyware Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antispyware Soft creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}tssd.exe
Antispyware Soft creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
Hey, for those of you who can’t get on the internet, try starting the task manager the *second* your user account is loaded (hit ctrl-alt-delete). Then go to the “processes” tab and right-click on anything ending in tssd.exe, and select “end process.” You have to be quick, but this should keep it from blocking you.
O4 – HKCU\..\Run[cxmwlety]C:\Documents and Settings\default\Local Settings\Application Data\nfijlrxmc\iggnpbstssd.exe
This is ok to “fix” then? It shows up twice on the list.
James, what shows your browser when you trying open any site ?
Katie, yes fix this entry.
I forget how to open in safe mode. If I ever catch these “people” a 2×4 to the head will be my choice
Never mind. I figured it all out and am well again. Thanks for all the comments. You are all wonderful
I found it helpful to quickly press ctrl alt delete at start up and end the processes ending in tssd.exe. This will allow you to open any program. Then continue to follow these instructions. This was so helpful thank you very much.
Well I looked at the toolbar and clicked the arrow and then customize toolbar (for Windows 7)and the nonsensicalname.exe shows up on the list and you search that name in the windows explorer and u can’t delete the file since it’s running but you can change its name to whatever so when you restart your computer it doesn’t startup with the spyware and annoying popups
I found your website after my computer got infected and followed the instructions and it worked perfectly. Thank you very much for your service.
THANK YOU!! These instructions were easy to follow and worked like a charm!
The fix worked! I am so happy! Now I need to work on my relationships with my co-workers, since they hate me so much.
Thank you so much. I am not very tech literate, so when I got this over an hour again I started to panic. Not only did this solve my problem, but the instructions (both at the beginning and in the comments) were simple, easy to follow, and worked like a charm. Thanks again for all your help!
Thank you so much for this site. I am not very tech literate so when I got this over an hour ago I started to panic. Not only did this page work like a charm, but the instructions at the top and in the comments were simple, easy to follow, and precise. Thanks again for all your help!
Thank you. Followed the instructions and worked great! Had to download from another computer and load with usb drive, then HiJack and mbites worked easy. Thanks, Nick
I Did everything you said and it seems it’s gotten rid of the virus and the program but I misread step 1 and accidentally deleted all O4 files. Now there is stuff missing from my toolbar. And internet explorer is not working please help!
i’ve already paid, how do i get money back?
I got this stupid virus today. PITA!!! Anyways, I rebooted my computer, and before it could activate the virus, I opened my task manager and looked for any weird entries (a hint provided by one of the other commenters on this page) and when I found one (the weird entry in my case was “oqdnjpitssd.exe”) and did a search on it. It came up with nothing, so I turned off that process. Since I still was unable to access the internet, I also went into my internet options and turned off my proxy server, which allowed me to get back online.
The next thing I did, was to do an online virus scan using Trend’s Housecall. It located two files (oqdnjpitssd.exe and 3.165899753.exe) I let housecall ‘fix’ the viruses (which by the way were both “TSPY_QAKBOT.SMG” viruses).
After that, I went through and checked all the files and registry entries to see if I had to fix anything else and everything was PERFECT! I didn’t need to do anything else. I tell ya… I gotta love the person who first told me about that site!
For those of you who are somewhat ‘computer handicapped’ this might be the way to go. I didn’t even need to use the HiJackThis program.
Good luck peeps!!
Chris, you can repair all deleted entries. Run HijackThis, Click to “View list of backups” button. Select an entry that you want to repair, then click Restore.
Renee, contact your credit card company and tell them what has happened.
I too got this virus, and your program seemed to stop the “spysoft” popups. The only issue now is, I cant get Internet Explorer to work. I was using my laptop to download from your site, to fix my desktop, but the error message is Internet Explorer cannot display the web page. Im sure it is an easy fix, my mail program works, just not explorer.
gary, you have unchecked “Use a proxy server” in Lan settings of Internet Explorer?
Just wanted to say that these instructions worked! Thank you so much! 😀
Followed all the directions as posted and so far so good for this computer idiot here. Thanks very much!
I accidentally checked all the “02” boxes in Hijackthis. It made it so I could use IE for a bit though, which is how I was able to get the Malwarebytes downloaded, but now IE wont work anymore! =[ Any everytime I unclick the proxy box in IE it freezes and shuts down. Help =[ =[ = [
Sratch that. I got the settings to stay, but now everytime I open it, it sends up an error message and wants to close. grrr
Thanks for the detailed instructions. I had this virus about 2 weeks ago and removed – clean scan with malwarebytes. However, my internet connection has become intermittent and I was wondering if this is a lingering effect of the virus. I have Qwest DSL running through a PK5000 modem. Sometimes the internet works, sometimes it does not. Any help is appreciated.
Chasity, boot your PC in Safe mode and try run IE once again.
What shows your browser when you trying open any site ?
Hi, I followed these instructions. Well first I went in safe mode with networking and typed msconfig and stopped the virus program and deleted some registry keys manually. Then I downloaded hijackthis and malwarebyte and ran norton. How can I be sure the virus is actually gone and my computer is safe to use?
Struck, you can also check your PC with an online scanner.