Alias: AV Security Suite

Description: Updated on: July 12, 2010 8:49am

AV Security Suite is a variant of Antispyware Soft which is considered to be one of the hardest fake antispyware products to remove in recent history. AV Security Suite uses the same tactics as Antispyware Soft and is very good at eluding detection. In order for AV Security Suite to stop you from removing it, AV Security Suite disables Internet connection (except to its own sales page since the ultimate goal is to have you buy this fake product), disables existing antivirus and antispyware programs, blocks access to help forums and to major name brand antispyware and antivirus vendor websites.

To put the pressure on you to buy the full version, AV Security Suite starts opening porn websites such as adult.com, porno.com and porno.org, and also occasionally opens the website viagra.com. AV Security Suite continually harasses the user with numerous warnings and messages saying that their computer is infected and is under attack from hackers. AV Security Suite is commonly installed by a trojan or manually mistakenly downloaded from one of many fraudulent Fake Scanner Sites.

AV Security Suite can block you from running programs, if that is the case, we have easy to follow special workaround instructions below.

AV Security Suite displays exaggerated fake scan results similar to those shown below:



AV Security Suite also displays warning messages messages similar to the following:



When you try to run an application, AV Security Suite will issue fakes messages saying that the program you are trying to run is infected. These look like:

AV Security Suite Special Removal Instructions (iexplore method, try first)

Please make sure to bookmark this page as you will need to refer back to it to complete the removal steps.

We have created a modified version of SpyNoMore to handle persistent infections such as AV Security Suite. If you are able to download the modified SpyNoMore Installer directly onto the infected computer, or if you can download it to a clean computer and transfer it to the infected computer (by using a network or a flash drive), follow the steps below. NOTE: The installer will be named iexplore.exe. Otherwise please skip the next steps and proced to the second set of instructions below (version 2).

Step 1: Click here to download the SpyNoMore installer onto a clean computer and transfer it to the infected computer (by using a network or a flash drive). Otherwise download it directly onto the infected computer. NOTE: The installer will be named iexplore.exe.

Step 2: Double-click iexplore.exe to install SpyNoMore on the infected computer. When the installation is completed, SpyNoMore will check for and download available updates which will alert AV Security Suite to its presence at which point AV Security Suite may shut down SpyNoMore.

Step 3: Restart SpyNoMore from the desktop shortcut then click on 'Settings' and uncheck the box that says 'Use Internet Explorer settings'.

Step 4: SNM will scan your computer and if AV Security Suite is present, SNM will detect it and you will be able to see either AV Security Suite or Antispyware Soft in the scan results. These two are the same product. Please note that the free version of SpyNoMore will only show you the detections but will not remove them. In order to remove the infection you need to purchase a 1-year license which costs $29 (or $39 for 3 computers). In all cases, you will be able to see AV Security Suite in the free version scan results.

Step 5: Purchase the activation key from a clean computer by clicking on our Purchase link on spynomore.com. Write down the activation key and use it to activate SNM on the infected computer. This will remove AV Security Suite and restore your internet connection. You will again be able to run your programs and applications without trouble.

Step 6 (optional): It would be a good idea to check your computer for rootkits (which are basically hidden trojans) which may have tagged along with AV Security Suite. To do so, download and run TDSSKiller by Kaspersky Labs.

Step 7 (optional): If TDSSKiller does find a rootkit, it will ask you to restart your computer so that it can remove the rootkit(s). After your computer restart, scan your computer once more with SpyNoMore to make sure everthing is OK.

AV Security Suite Special Removal Instructions (version 2)

Please make sure to bookmark this page as you will need to refer back to it to complete the removal steps.

AV Security Suite may prevent you from running programs and/or limit your Internet Access. Follow the steps below for such cases.

Step 1: Click on Start > Run and type: shell:Local AppData (you can copy-and-paste it). In the window that opens, look for an oddly named folder (folder name made up of randomly characters, usually all small case letters). Double-click on this folder to open it.

Step 2: Indide the folder from step 1 above, you will find a randomly-named file. Right-click on it and choose 'Rename'.

If the file name has an '.exe' extension (for example 'vurivm.exe'), rename it by ONLY ADDING 4 characters '.eee' to the end of the existing name. So in our example, the renamed file should be 'vurivm.exe.eee'. Proceed to step 3 below.

Otherwise if the file name does not have an '.exe' extension showing (for example 'vurivm'), you need to first enable file-extension view in order to see the '.exe. extension, as follows: In Windows, right-click on Start, choose Explore. On the top click on Tools > Folder Options > View. Remove the checkmark infront of 'Hide extensions for known file types. This will enable you to see and rename the '.exe' extension. Rename the file by adding the 4 characters '.eee' to its end so it would lokk something like this 'vurivm.exe.eee'.

Step 3: Restart your computer. After restart, you will notice that AV Security Suite does not start up. This does not mean that AV Security Suite is gone! You still need to follow the steps below to completely remove AV Security Suite.

Step 4: After your computer restarts, click on Tools > Internet Options > Connections > LAN Settings and uncheck the box 'Use proxy server..'.

Step 5: Download SpyNoMore to the infected computer.

Step 6: Install SpyNoMore and scan your computer to remove AV Security Suite. If SpyNoMore is unable to download available updates, please click on SpyNoMore Settings and uncheck 'Use Internet Explorer settings'. Please note that the free version of SpyNoMore will only show you the detections but will not remove them. In order to remove the infection you need to purchase a 1-year license which costs $29 (or $39 for 3 computers). In all cases, you will be able to see AV Security Suite in the free version scan results.

Step 7 (optional): It would be a good idea to check your computer for rootkits (which are basically hidden trojans) which may have tagged along with AV Security Suite. To do so, download and run TDSSKiller by Kaspersky Labs.

Step 8 (optional): If TDSSKiller does find a rootkit, it will ask you to restart your computer so that it can remove the rootkit(s). After your computer restart, scan your computer once more with SpyNoMore to make sure everthing is OK.

Threat type:

Hijacker - A Hijacker is a software application that takes control of your browser's settings. Usually it changes your home page and redirects it to some unknown site or modifies your search settings. It prevents you from changing back your browser's settings. An infected browser usually operates much slower.

Ransomware - Ransomware is a software application that infects a computer and asks for money to have the infection removed.

Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs.

Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer and / or to protect your privacy.

Detection:
SpyNoMore removes AV Security Suite: Yes

Threat risk: Very High Risk

Extremely dangerous malware. Uses stealth installation, randomly named entries and has the capability to self update or resurrect after incomplete removal. Almost impossible to remove manually. Category mostly consists of trojans and spyware.

Symptoms:

AV Security Suite Signature Details: The following information includes some of the standard signatures associated with this spyware threat. Please do not attempt to manually remove these items from your computer; Removing these items incorrectly or partially can cause your computer to experience critical errors, prevent your computer from restarting or cause loss of Internet connectivity. Should you be infected with AV Security Suite, you can clean your computer by downloading SpyNoMore now.

Running Process Signatures:
N/A

File Signatures:
N/A

Registered Dll (Dynamic Link Library) Signatures:
N/A

Folder Signatures:
N/A

Registry Signatures:
N/A

SpyNoMore Collected Residual File Signatures:
N/A

See Also:
Protection Center
Antispy-guide.net
Antispy-guide.com
Sysinternals Antivirus
Performance Center
Antimalwaresecurity.com
Antimalware-guard.com
Antimalware-guard.net
Defense Center
Security Master AV