AV Security Suite is a rogue antispyware program from the same family of rogues as previously published Antispyware Soft, Antivirus Suite, Antivirus Soft, Antivirus Live, etc. This program classified as rogue antispyware because it reports false infections, displays various fake security alerts, hijacks an Internet browser as a method to force you to believe that your computer is infected. Like other similar malicious programs, AV Security Suite distributed through the use of trojans that come from various misleading websites or a malware that pretend to be flash player updates or even video codecs required to watch a video online.
When the rogue is started, it will register itself in the Windows registry to run automatically when you login to Windows. Further AV Security Suite will start an imitation of system scan. Once finished, it will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as well as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
As method, to create the fully illusion that your computer is heavy infected, AV Security Suite will display numerous warnings, fake security alert and notifications from Windows task bar. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Spyware alert
Application cannot be executed. The file rundll32.exe is
infected.
Do you want to activate your antivirus software now?
Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an
internet virus. It could be a password-stealing
attack, a trojan-dropper or similar.
However, like the scan results, all these alerts, screens and pop-ups are a fake, so you can safely ignore them!
In addition to the above-described, while AV Security Suite is installed, it will hijack an Internet Browser by configuring it to use a malicious proxy server so, it will randomly show a warning page that stats “This website has been reported as unsafe”. Last but not least, the rogue can block most legitimate Windows applications, so that they will not even start. If you try to run a program, your computer will display a warning that stats:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
Do not trust the warnings, like false scan results, AV Security Suite uses them to scare you into thinking that your computer is infected with viruses and malware.
As you can see, AV Security Suite is scam and designed only for one – to force you into thinking that your computer is heavy infected as a method to trick you into buying the software. If you find that your computer is infected with this malware, then be quick and take effort to uninstall it immediately. Use the removal guide below to remove AV Security Suite from your computer for free.
More screen shoots of AV Security Suite
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
Use the following instructions to remove AV Security Suite (Uninstall instructions)
Step 1.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;
When you finished, you will see a screen similar below:
Internet Explorer – Proxy settings
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 2.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe. Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog. If you still can not download the program, the repeat first step above.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Place a checkmark against each of lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
Once finished you will see a screen similar to the one below.
HijackThis
Note: list of infected items may be different. Template of the malicious entry is: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}.exe, look for examples above. If you unsure, check them in Google.
Please be very careful, do NOT check any other boxes!. Once you have selected all entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.
Step 3.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for AV Security Suite infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start AV Security Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
AV Security Suite creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
AV Security Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable=”1″
Patrick – I am doing that now – you are awesome. I have no clue what I would have done had I not had your help. It is still running – and I am sure it has a few minutes to go but feel confident it will work. I THANK YOU so much!!
Cindy
It wont let me do any of this someone please help me I have a lot of work to do!!!!!!!
Jordan, you have completed the first step above ?
I am so relieved right now I feel like crying…I wish I could give you a hug!! I was sure I wouldn’t be able to fix this on my own, that I’d have to pay someone, but your instructions were easy to understand and actually worked. Thank you so, so much!!!
So, what happens if I went into a page and got this virus? I didn’t download anything, I just went into a page and it just popped up. What happens if I don’t act right away? Will it still be there, or will it go away in time? Antivirus or not, I’m afraid to download anything now.
Thanks for you concern I just deleted the whole profile because it wouldnt allow me to anything but my question now is if I put “www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com” in the correct spot will it stop it from happening again??? Liek what can pre vent it since i deleted the profile
Jordan, if you have removed AV Security Suite malware, then you can open the proxy settings and clear “Do not use proxy server for addresses beginning with:”. Anyway the string is unable to protect you from possible infection in the future.
To protect your PC you need use:
– good antivirus
– an antispyware with autoprotection
– an alternate browser
Thanks! This worked like a charm.
I used the free version of Malwarebytes to automatically remove this nasty malware. Worked like a charm.
You can check out the legitimacy of Malwarebytes on CNET
http://www.cnet.com/1770-5_1-0.html?query=malwarebytes&tag=srch
It’s been downloaded over 44 MILLION times by users, and and gets excellent ratings by both CNET and users.
The only problem I had was downloading it, as the AV malware blocks such downloads. So I downloaded the install file to another computer, and then sent it to the bad computer via email attachment. From there, it went smoothly. The program installed easily, and found and deleted the bad AV files.
I’m back up and running.Still a minor problem or two. Internet Explorer no longer works because AV somehow threw off my settings for Internet access for that program, and I’m too ignorant to know how to fix that. So I switched to Foxfire (which I prefer anyway) and bypassed that remaining glitch. Probably reinstalling Internet Explorer would work as well, but not sure.
Do you reseted browser`s proxy settings ?
Worked like a charm, from “safe mode – networking”
used a second computer for instructions…
Thanks, thanks, thanks…
how am i supposed to get hijack this from here.. if i cant get on the internet im using a different computer to view this webpage right now on my computer with the av sec.scam i cant view internet either i dont understand something or i dunno.
here?, you have completed the first step ?
yes i have completed first step but that is all i dont have any idea of how to get any further? am i supposed to be in safe mode?
but still can`t download HijackThis and Malwarebytes ?
ok soo right now my computer with the problem is in the other room im looking at steps threw this computer when i do first step nothing happens it still wont let me on any other site but the front page with the security its trying to sell…
also now avg says it has found a faketrojan horse and is asking me to move to vault should i do so?
can u please hurry with replys i need to fix asap!!! sorry for the rush though..=\
Have you tried to download HijackThis and Malwarebytes ? You need follow the steps above EXACTLY (complete first step, go to second, …). Look the removal video instructions above.
it wont allow me to connect to anything at all how am i supposed to use the internet on the computer thats infected?
here?, if you have completed the first step above exactly, then it will allow you connect to http://www.myantispyware.com, myantispyware.com, http://www.malwarebytes.org and go.trendmicro.com.
And i repeat my question, HAVE you tried download HijackThis and Malwarebytes ?
1 question before i retry step one do i do this in safe mode networking or normal mode with the av seecurity suite running..?
I have used Normal mode.
i just restarted my computer doing no steps above and theres no more pop ups should i still download the software and scan just incase?
Probably your antivirus has removed this malware, but anyway scan your computer with Malwarebytes Anti-malware to sure that your PC is clean.
thnks for the attempt of helping me then but yeah thats cool that avg caught it ill download malware then thanks for the help 🙂
Glad to help you 🙂 Safe surfing!
Thank you very much for your instructions – spent a good few hours trying to remove this virus before I came across your article. Thanks again.
Help Please! I used Malwarebytes to remove it and it worked but the AV virus keeps coming back. How can I prevent it.
Thanks in advance.
Okay, I have been trying to get this virus off my computer for the last week. I cannot manage to get my computer to run in safe mode so I’ve been running it in normal mode. I cannot connect to the network no matter what I try….I have followed the steps through Hijack this. When it tried to open spyware doctor it needs an internet connection to continue and does not allow me to go on. I get stuck. All my anti-virus programs I’ve run, amg.com, malwarebytes, and trend do not see the virus. Please help. I’m at my wits end!