Saturday, June 19, 2010

How to remove AV Security Suite

How to remove AV Security Suite

remove procedure:

1. Press power button to restart computer.
2. when window appears, ctrl+alt+delete to get task manager
3. remove the process:
[random string]tssd.exe

4.Edit host file under
WINDOWS\system32\drivers\etc. to block following sites:
127.0.0.1 antispyprogtool.net
127.0.0.1 antimalwaresecurity.net
127.0.0.1 antispyware-guard.net
127.0.0.1 threatremover.net
127.0.0.1 antispywareprog.net
127.0.0.1 antispantispycastle.com

5. remove registries like:
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:1041"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ouferdbubtdve"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ouferdbubtdve"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"

6. Remove folder and files:
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string].exe

No comments: