Description: Antispyware Soft is a rogue spyware program that is related to the well known fake security software applications Antivirus Soft and Antivirus Live. Antispyware Soft tries to trick users into purchasing its license. It enters a user’s computer via Trojans or other malicious software that downloads and installs Antispyware Soft. Once installed, this rogue software loads at system start thanks to some fake registry values entered by the Trojans. Then it will endlessly perform fake system scans and return results that show that the computer is under threat from a large number of malicious applications. This rogue software then proceeds to insist that the user should buy a license to the ‘full’ version of Antispyware Soft, claiming that the currently installed ‘trial’ version is inadequate to clean the system of the falsely generated ‘threats’. Whenever the program is run, it will enforce this request through its GUI and through various pop-ups. However, the so-called ‘full’ version has no capability whatsoever to scan or clean your computer, and you should never fall for this trick and buy the software.
Antispyware Soft
» Download Antispyware Soft Removal Software
As soon as you find a copy of this malicious software on your computer, you should take steps to remove Antispyware Soft. Antispyware Soft removal is a process which involves the stopping of processes, deletion of files and folders and the removal of registry entries.
Antivirus Soft Removal Video ( NOT Antispyware but it's basically the SAME EXACT THREAT. This should work for you or provide direction )
Antivirus Soft Removal Video ( NOT Antispyware but it's basically the SAME EXACT THREAT. This should work for you or provide direction )
Remove Proxy Setting so You Can Connect to the Internet Again.
Antispyware Soft Manual Removal Procedures
The first step you must take in order to remove Antispyware Soft is to stop the following process:
- [random characters]tssd.exe Normally 6 random characters
Top Stop this proccess you can either borwse to the file location and re-name the file like we did in the video above, or you can download our process killer tool under SOFTWARE tab above. Be sure to download the one already re-named explorer.exe
We also want to point out that your Internet Explorer and or Chrome will not be able to connect to the internet in many cases. You need to remove the proxy setting first. View the video above on how to do this.
The next step in Antispyware Soft removal is to delete the following file:
Windows XP:
- %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe
Windows Vista/7:
- %User%\AppData\Local\[random characters ]\[random characters]tssd.exe
Antispyware Soft Registry Removal Procedures
Removing files and folders alone is not sufficient to completely remove Antispyware Soft. The following keys and settings should also be removed from the Windows registry to complete Antispyware Soft removal:
- HKEY_CURRENT_USER\Software\AvScan
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters]“
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random characters]“
- HKEY_CURRENT_USER\Software\avsoft
- HKEY_CURRENT_USER\Software\avsuite
- HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
- HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "<local>"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
Updated Regsitry traces
- HKEY_CLASSES_ROOT\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVsoft (and AVscan)
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASAPI32
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASMANCS
You should now run a full security scan to ensure no other threats are installed on your computer.
Antispyware Soft Directories:
- Vista and Windows 7 Users: %User%\AppData\Local\[random characters ]\
- XP Users: %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\
Outside Resources:
http://www.2-spyware.com/remove-antispyware-soft.html
http://deletemalware.blogspot.com/2010/04/how-to-remove-antispyware-soft.html
right click on the Antivirus soft icon on your desktop and go to properties. Copy and paste that path into Windows Explorer to open the path. Then re-name your file trace.
This is all shown in the video.
Followed steps and removed virus. Now I can’t reconnect to internet. Anybody have any recommendations?
I run Spybot S&D and AVG 10 and they still didn’t catch it.
After you’ve followed these steps I also recommend that you set a System Restore checkpoint when you are SURE the system is back to where you need it.
Alternately you can use a know good System Restore point from a prior time if you have qualms about editing the registry
Ok, I’m not the smartest gal in the world, but your video guide was EXTREMELY helpful! I was panicking until i ran across your site. Instructions were simple and in less than 10 min I was able to get rid of this nuisance! (Best of all I didn’t have to ask my boyfriend for help! >=] ) It works, thanks so much!
((I was a little nervous when it came to picking out the right folder in which I had to rename the file inside, but after looking over the names of the other folders I had, one just didn’t seem to fit so I went with my gut and it worked =D ))
Beauty instructions, mate! It kept popping up warnings during the registry editing and wouldn’t permit the deletion of the executable file. So, I rebooted in SAFE mode with a command prompt, and deleted it manually. Reboot, while holding breath, all’s well! Thanks again!
Just an FYI on this comment. While running a system restore may work we normally do not advocate it in our removal guides.
The reason for this is so many viruses and trojans infect your system restore points. If you go this route and it works then that is great. However don’t stop there. ENSURE you run a full virus scan. You already know we like Spyware Doctor without Antivirus above all else so run a scan with that just to be safe.
Your issue has nothing to do with our guide but proves that your system is not fully normal.
did you already download the SDA client that we recommend?
Some other suggestions
1. Ensure your network is working
2. Re-set your hosts file
3. Re-set your Winsock settings
In most cases real security software can repair most the damage already done but if you have not installed anything that is why you got infected in the first place.
We do have a Hosts reset tool in the side bar that you can use as well.
I had to fully remove all the registry files connected to the virus, as well as the virus itself, and then I was able to connect to the internet.Also I had Symantac antivirus and it did not protect me. I got Kaspersky before I was able to find this site and now I am running it. Thanks for all your help!!!!!!!!!
Very helpful. Especially since my computer could not access the internet and download an antivirus program.
Great help. Thanks again.
Great Find! I double checked an infected system and this is 100% accurate.
Guide will be updated to reflect this.
Hi
Think I had the same problem. It was the proxy server setting, the virus sets it as using a proxy server so you cant download a solution (apart from thier scam). Try turning the proxy server off at LAN settings on the conections tab of Internet Options.
Hope this helps
John
confirmed, the virus checked this box to stop me from getting on the internet. i followed your tip john, and now i can go online after following the guide as well.
-windows xp running internet explorer 8
thanks guys
So some new information. I’ve had this happen to a friend of mine before and had to go the whole nine to clean it up. I managed to catch it, BUT was able to kill it without having to restart into safe mode- I was able to access the internet via Firefox- they have their own built in proxy settings unlike IE and Chrome, which share the same Windows Internet Settings function that the virus attacks.
So anyhow, I tried using rkill.exe- and only mildly successful. Then I managed to download and run (you have to name every file you run to Iexplore.exe since the AVSoft allows it to run). I was able to then run a Process explorer (I used Sysinternals) since task manager was disabled, and shut down two processes that were running (the major one being ######tssd.exe). Then got everything back online and mostly fixed without having to restart.
Anyhow thought, I’d share with you here some other locations I found registry keys (if you know what you’re doing, you should double check and run a search for Avsoft, AVsuite, Avscan, and tssd- odds are, you’ll find something, and I did. I have a 64 bit Windows 7 System and I found it in
HKEY_CLASSES_ROOT\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\AVsoft (and AVscan)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASMANCS
Anyhow, back up your registry if you do anything.
Thanks for helping to update the guide. Your work will be included in the master guide.
After spending my time fighting this virus cursing the people who write such vile things, I must say now I’m cheering people like you who figure out how to get rid of them. Thanks!
I have Windows 7 and I set my files to show hidden folders. When i tried to find the appdata folder it wasn’t there. I also checked in program data and other folders and it was not in those either. Also, when i open the task manager in safe mode, none of the processes that are shown above are there. But i definitely have the virus.
Please help me out!
Thank you so so much!!!!
You are Most Welcome. Glad we were able to help.
Be sure to tell your friends.
it wont let me delete it due to the fact that it says i need permission to do that action
Most people who get permission errors get it because they are in the wrong directory. If you are using Windows 7 or Vista you need to be in the %User%\AppData\Local\[random characters ]\ folder.
I bet you were following the XP path which will give you the permission error.
Ensure you have admin privileges. Most likely this is not the reason for the error but could be if you are using an account that is limited.
this helped a lot, our desktop got infected. I use my own laptop so you can kinda tell who was using it (non computer ppl, oh idk!) But this step by step helped a lot.
While looking for HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\######tssd_RASMANCS, I found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMAN. I’m on vista. Are these the same? Should I delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMAN? I read on the McAfee website that the trojan virus changed this file, but they dont say what to do about it…other than to purchase a McAfee product. Otherwise, thanks guys! This was a HUGE help! I have Norton 360 and it didn’t detect any of this!
PS- When looking for HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″, I only saw “RunInvalidSignatures” 0x00000001 (1) . Are they the same? Should I delete it?
Again, thanks a MILLZ!
Help.. I cannot find the Documents and Settings folder in my computer
FOLLOW THE GUIDE!!!!!!!!!!!! You have Vista or Windows 7. You will not have a Documents and settings folder. Use the Vista and Windows 7 file paths shown above.
i removed all the files on the guide. and i removed all of the rogue HKEYs that i could find, but my internet wont let me download anti-virus software. i turned of the proxy, but when i click on the recommended anti-virus, it gives me an error page or never loads at all
Sounds like the Windows Hosts file is infected.
Download the Re-set Host files tool in our side bar. Or else read http://www.removevirus.org/how-to-guides/how-to-reset-hosts-file-xp-vista-windows-7
If this does not work for you report back.
It worked like a charm and resolved issue compeletely. Thanks a lot…..
Once I renamed the file, rebooted the computer, and deleted the file, I went to find “%User%\AppData\Local\[random characters ]\[random characters]tssd.exe”. However, that does not exist. Does that mean I do not have to worry anymore?
No it does not. You need to scan your computer using a real security client to ensure no other threats are installed.
To be 100% clear: There is NO directory called %User%\AppData\Local\[random characters ]\[random characters]tssd.exe
The “\[random characters ]\[random characters]” is just that. random characters that will be 100% unique to your computer. You have these file paths for sure if you were infected. you just need to find out what the names are for your installation. That is were security software can help out.
Windows Vista/7:
* %User%\AppData\Local\[random characters ]\[random characters]tssd.exe
I copied this from the above article. Yes we do list the paths in the video as well. My guess is you are skipping steps. Read the above article for more detailed info. The guide works.
We also detail in the video on how you can find the path yourself.
I have Vista Home Premium, which does not have documents and files, so what do I do?
i had spyware doctor with anti virus on my computer and still got antispyware soft,, spyware doctor never picked up the virus and so i dont understand why everyone insits that spyware doctor can remove the virus..i uninstalled spyware doctor from my computer and as soon as i restarted my computer was acting better..i still have some of the virus left and cant get rid of it.. i have stopped the process in my startup menu so at least it wont run but is still there..its called utjfactssd.. i have tried so many things to try to manually remove it but nothing seems to be working..none of the registry keys are the same either,, i just dont know wat to do now..
Chances are you never did the free upgrade to the 2010 client or you did not have the security client updated with the latest traces. Every security client needs to be kept up to date.
Many warning come up when this thing tries to install and in 100% of our testing the current SDA client blocked this threat. However as with any security client nothing can stop 100% of all threats. That is why you should take advantage of the free support from PCtools and have them help you remove the threat if you are having issues.
The SDA client worked 100% of the time to remove this virus from our test computers. It’s one of the best security suits out there and that is why everyone is recommending it. The problem most people have is simply stopping the running process first so they can then install the security client.
Worst case have http://www.onlinecomputerrepair.org remove the virus for you.
thank u for ur reply, i had the latest up to date version of spyware doctor and updates were current,,i think the virus is hidden so well in my system that i cant find it,, guess i will have to seek professional help,, thank u for ur reply and concern..
oh and i forgot to mention i contacted pc tools thru their email support and all they told me was to run an update and scan again,,which of course didnt help,,again thank u for ur time..
Do exactly what they say and report it back to them. If the client does not catch anything they will then move you up to the next line of support. They want to help you out because if it’s a newer strain they need to know this stuff so they can make additional updates to the client.
Hi, I watched the video and followed all the instructions for removal.I restarted my computer and got an error message: “windows explorer has encountered a problem and needs to close”. Is there a way to fix this? Or did I do something wrong?
This error may of been the result of the virus. However this site is focused on virus issues only and not other related PC errors. I would ask this question over at http://www.techguy.org
With that said I’m still going to give you an answer. After you get the error open up the task manager. Select the FILE tab then NEW. Type in Explorer.exe to re-start the process. In many cases doing this once ends up solving the issue. Not all the time but it’s quick to try.
I totally feel like a computer genius, but I know it was all you. Thank you, thank you, thank you. You just saved the computer I need for school from a horrible attack by Antivirus Soft. The video was a great help too!
Gina :)!
Just want to say many thanks for the excellent video and step by step instructions! I have bookmarked your site (not that we really wanna go through that again!). We couldn’t get on the internet at first, but read through the notes people had left, and your responses, and it appears that everything’s up and running okay again.
Again, thank you very much for helping the e-community! You need an S on your chest 🙂
Thanks for the kind words. I do hope you never have to visit our site again but we are here if you need us.
i cant find the random character file in my window 7 pc.
i follow all the steps but when i get to to locate that file its not there. all the files have real names not some random characters.