Free malware removal tool to remove AV Security Suite

Written by Administrator | Thursday, 03 June 2010 00:00

AV Security Suite is another rogue Antispyware from the Antispyware Soft and Antivirus Suite, that tries to get money from users by prompting them to register and buy their Fake products. Some old malwares often return to the front of the stage and AV Security Suite is replacing Antivirus Live and Antivirus Soft. Remove AV Security Suite immediately from your system.

AV Security Suite

To remove AV Security Suite (Uninstall AV Security Suite)

Download this free removal tool for AV Security Suite
Extract it
Launch
Click on the delete button

AV Security Suite will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

[random]sysguard.exe
[random]sftav.exe
[random]tssd.exe

Files :

%AppData%\[random]\[random]sftav.exe
%AppData%\[random]\[random]sysguard.exe
%AppData%\[random]\[random]tssd.exe
%AppData%\[random]

Registry

Registry keys created

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKEY_CURRENT_USER\Software\Microsoft\Windows Script
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\Software\avsoft
HKEY_LOCAL_MACHINE\Software\avsuite

Registry values created

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- [random] = "%AppData%\agolui\[random]sftav.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
- RunInvalidSignatures = 0x00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
- LowRiskFileTypes = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
- SaveZoneInformation = 0x00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- [random = "%AppData%\[random]\[random]sftav.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
- JITDebug = 0x00000001
HKEY_CURRENT_USER\Software\avsoft
- knkd = 0x00000001

Registry value deleted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
- AppInit_DLLs = ""

Registry value modified

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
- CheckExeSignatures = ""/ Original value =" yes"

For manual removal :

Restart your computer in safe mode using your usual account
Open Explorer
Type %AppData% on the address bar
Remove all RANDOM CHARACTERS folder
Click on the Start menu
Click on Run
Type msconfig and enter
Go to StartUp tab
Uncheck all RANDOM CHARACTERS values which point to a process under %AppData%\[random characters]\
Restart your computer in normal mode

Comments

12345678

0 #79 2011-11-16 20:27

Like everybody else I have only gratitude that you post knowledge for free to fight these nasty people who attack you in so many different ways. I just manually removed AV Security 2012 using your instructions, hopefully I removed all parts of it but even the guys who get paid to this can't guarantee total elimination. So Thank you and now I want to do something good for somebody..for free.

Quote

-1 #78 2010-09-11 03:33

It worked thanks a ton...great job man

Quote

0 #77 2010-09-09 23:48

Wow!!! You are a genius man, it was so easy, god bless you man

Quote

0 #76 2010-09-05 04:12

WORKED FOR ME, THANK YOU!

Quote

0 #75 2010-08-22 03:36

Thank you worked great its people like you who make it possible for everyone else to defeat these jerks who violate our computers keep up the good fight and again thank you

Quote

0 #74 2010-08-21 21:43

it works!!!

Quote

0 #73 2010-08-20 18:57

Thank you so so so so much for posting this. Wasted about a day and a half running malware bytes, Spybot, ad-aware, AVG...nothing worked. Tried to remove manually but too confused and didn't want to screw anything up more. Your program is a life saver. You're the greatest.

Quote