AV Antivirus Suite is a new rogue antispyware program from the same family of rogues as AV Security Suite, Antispyware Soft, Antivirus Suite, Antivirus Soft, Antivirus Live, etc. The program is distributed throught the use of trojans. When the trojan is activated, it will install this malware onto your computer and configure it to run automatically when you logon into Windows.
When AV Antivirus Suite is started, it will imitate a system scan and detect a lot of various infections that will not be fixed unless you first purchase the program. Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that this fake security application gives you.
While AV Antivirus Suite is running, it will block the ability to run any programs as a method to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run a program:
Application cannot be executed. The file {program} is infected.
Do you want to activate your antivirus software now.
What is more, the rogue will flood your computer with warnings and fake security alerts. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Windows Security alert
Application cannot be executed. The file {filename} is
infected.
Do you want to activate your antvirus software now?
In addition to the above-described, AV Antivirus Suite will hijack your Internet Browser by configuring it to use a malicious proxy server so, it will randomly show a warning page that stats “This website has been reported as unsafe”. Do not trust the warnings, like false scan results, the malicious program uses them to scare you into thinking that your computer is infected with viruses and malware.
As you can see, AV Antivirus Suite is a scam that designed with one purpose to trick you into purchasing so-called full version of the program. Do not be fooled into buying the software! Instead of doing so, follow the removal guide below in order to remove AV Antivirus Suite and any associated malware from your computer for free.
Symptoms in a HijackThis Log
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
Use the following instructions to remove AV Antivirus Suite (Uninstall instructions)
Step 1.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;
When you finished, you will see a screen similar below:
Internet Explorer – Proxy settings
Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 2.
Download HijackThis from here. Once Save dialog opens, you need first to rename hijackthis.exe to iexplore.exe. Further click Save button to save it to desktop. If you are using the Firefox, then you need right click to the above link to open a Save dialog. If you still can not download the program, the repeat first step above.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Place a checkmark against each of lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
O4 – HKCU\..\Run: [abgsckfg] c:\documents and settings\user\local settings\application data\cupilnt\drciln.exe
Once finished you will see a screen similar to the one below.
HijackThis
Note: list of infected items may be different. Template of the malicious entry is: [{random string 1}] C:\Documents and Settings\user\Local Settings\Application Data\{random string 2}\{random string 3}.exe, look for examples above. If you unsure, check them in Google.
Please be very careful, do NOT check any other boxes!. Once you have selected all entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click OK.
Step 3.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start AV Antivirus Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
AV Antivirus Suite creates the following files and folders
%UserProfile%\Local Settings\Application Data\{RANDOM}
%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}.exe
AV Antivirus Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable=”1″
Well I did these steps up to downloading malware. Icon is on my desktop…won’t open…says it has error BUT so far the AV Suite seems to be gone. I don’t get it? I had to go back and uncheck proxy again to get online.
Deb, yes you have fixed this malware, but anyway you need scan your computer with Malwarebytes or SuperAntispyware or an antispyware program to remove any associated malware.
I’m not even able to open Internet Explorer on my laptop! Is my laptop ruinjed for good???
Sorry….need to start in SafeMode.
This is so frustrating…thanks for the info.
HELP!!! Okay, I am trying the removal process and I have the log that Hijackthis creates but I don’t know what is bad and what isn’t and since I’m running it in safe mode it can’t check the stuff for me. I saved the notepad log but how can I know what to delete??? Thanks!
This detailed removal of AV Antivirus suite worked. It removed everything from Trojans to adware and rouges. Thank you for saving my computer. (p.s i had 140 infected files and all were removed.)
Katie, open a new topic in our Spyware removal forum and post your log into it.
THANK YOU – IT WORKED!!!! what is annoying is I have NO idea where or how I picked this up. It’s my first virus in about 15 years! My Norton 360 completely missed this s*ck*r.
Thank You Thank You
Thanks! After searching several sites for solutions, these instructions worked!
Thank you so much for saving my computer =o)
Kerrilynn what antivirus program did you purchase after norton?? I have norton and it did not pick up the virus either
Hallelujah!
These removal instructions worked perfectly for me.
Thanks a lot!
You should always try to turn off your System Restore before running either ComboFix or MalWareBytes. If the infection is in the Recycler, it will keep coming back.