Home Malware Programs Rogue Anti-Spyware Programs AntiSpyware Soft

AntiSpyware Soft

Posted: April 14, 2010

Threat Metric

Threat Level: 10/10
Infected PCs: 319
First Seen: April 28, 2010
OS(es) Affected: Windows

AntiSpyware Soft is a counterfeit security program that uses several illicit tactics to get unsuspecting computer users to download, install and purchase the full AntiSpyware Soft application. AntiSpyware Soft is able to perform these actions through many deceiving tactics such as displaying of misleading popup alerts and flooding bogus scan results with fake parasites.

AntiSpyware Soft is not a program that can detect or remove spyware or any other type of parasite. It is highly advisable to detect and remove AntiSpyware Soft with a good spyware detection tool so as to not cause any damage to essential system files.

Aliases

Trojan.Win32.Fraudpack [Sunbelt]Troj/FakeAV-BKA [Sophos]Trj/CI.A [Panda]Artemis!E0180F34E3B5 [McAfee-GW-Edition]Trojan.Win32.FraudPack.axnx [Kaspersky]Trojan.Generic.KD.15337 [BitDefender]TR/FakeAV.299008.A [AntiVir]Trojan.Win32.Generic!BT [Sunbelt]Win32/Adware.SpywareProtect2009 [NOD32]Gen:Variant.TDss.17 [BitDefender]Mal/FakeAV-DM [Sophos]Heuristic.BehavesLike.Win32.Dropper.B [McAfee-GW-Edition]Trojan/Win32.FakeAV [AhnLab-V3]FakeAlert-SpyPro.gen.d [McAfee]TrojWare.Win32.Kryptik.~Fak [Comodo]
More aliases (36)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



mnharsvtssd.exe File name: mnharsvtssd.exe
Size: 269.56 KB (269568 bytes)
MD5: 6e226635c69490f483f36f74cb952d79
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 18, 2010
ucqvgbwtssd.exe File name: ucqvgbwtssd.exe
Size: 272.03 KB (272032 bytes)
MD5: 3fa35fdce55d77c5de9fe904fc5b6bad
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 3, 2010
ljoujugtssd.exe File name: ljoujugtssd.exe
Size: 270.59 KB (270592 bytes)
MD5: f2208b09ee23f8e0c669f97621130d7f
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 3, 2010
lgdgvqetssd.exe File name: lgdgvqetssd.exe
Size: 270.59 KB (270592 bytes)
MD5: 2cc8fdf5de16057d926063c58c708132
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 3, 2010
gviccmctssd.exe File name: gviccmctssd.exe
Size: 337.66 KB (337664 bytes)
MD5: 8ce5ad710cbda9059fa662100c6269d1
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 3, 2010
rxltseftssd.exe File name: rxltseftssd.exe
Size: 266.75 KB (266752 bytes)
MD5: 800aef7782af49d41b6dea71eecc5741
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 3, 2010
vhxsmibtssd.exe File name: vhxsmibtssd.exe
Size: 308.48 KB (308480 bytes)
MD5: a55a01a80bf1bdfecc35b21be832f387
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 8, 2010
fpvdombtssd.exe File name: fpvdombtssd.exe
Size: 279.8 KB (279808 bytes)
MD5: 1951c723258d70a77922d5026c169fe7
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 7, 2010
fevbjhatssd.exe File name: fevbjhatssd.exe
Size: 272.64 KB (272640 bytes)
MD5: 4a535f7c259e853760622e1ed4e6188c
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 28, 2010
rmenpuq.exe File name: rmenpuq.exe
Size: 295.16 KB (295168 bytes)
MD5: e0180f34e3b5296a04daa483d2659355
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 29, 2010

Additional Information

The following URL's were detected:
antispy-tool.net
The following messages's were detected:
# Message
1Antivirus software alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan - dropper or similar.
Details
Attack from: IP Address, port 39096
Attacked Port: 30516
Threat: Win32/Nuqel.E
2Windows Security Alert
Application cannot be executed. The file cmd.exe is infected. Do you want to active your antivirus software now?
3Windows Security alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.

Related Posts

28 Comments

  • Dorothy says:

    I unwittlying ended up with that piece of crap in my laptop. I cannot thank you enough for these instructions on removing it.Thank You Thank You Thank You

  • DJ says:

    Looks I have finally manually got rid of the antispyware soft ... its a nasty one. Thanks.

  • T D says:

    Thank you,

    It's nice to know you take the interest to fight against malware.

    These people are evil... don't they have anything better to do. They are equal to drug dealers... who live off of hurting others to make a living. My they be cursed... see how they like it. What goes around comes around.

    Thanks for the easy to follow instructions. .. And helping many to return to some normality in our lives.

    Bless You,
    T. D.

  • HELP says:

    i try to do the things you do to help me remove this spyware but as soon as it opens, it closes and antispyware soft claims that it is infected. how do i stop that?????

  • Ashley says:

    I think this virus had hidden my local settings folder. After I open [User Name] I cannot figure out where to go. Please help. I take online classes and I have been borrowing computers for a week now and can't get this virus off mine. Thanks!

  • Brian says:

    The same thing is happening to me. I can't even open task manager without the supposed Windows Security alert popping up and saying that my computer is infected. Is there any way of wiping out the spyware junk and eliminating the registry issues witout having to reimage?

  • Logan says:

    my pc is infected with "antispyware soft" and "data protection" spywares. My task Manager is disabled aswell My Virus program(avsat) is not running. I have purshaces Mcafee aswell but it wont allow it to run its setup. I downlaoded Spyware cease But now i cant get it to uninstall. I need some major help on this issue.. Plz anyone! Thanks

  • Custom says:

    hey, this is a SHOCKING malware! iv followed steps from about 10 websites trying to remove and somehow it comes back a few days later, at least now i can control it and slowly remove each file manually. deleted a good 200 files so far, they keep coming back! lol

    Anyway thank you for info and help 🙂

  • Saltuk says:

    Reboot using prompt key F8 start in the Safe Mode with Network Connections. Launch the cleaner in this safe mode. Otherwise the damn spyware will block it.

  • James says:

    The virus has evolved to the point that any function it deems 'infected' (which is everything, IE, run, task manager, install/uninstall, regedit) will not be opened unless you pay them the 60 bucks they want for hacking MY GODDAMN COMPUTER. Assistance please.

  • .. says:

    I have the same problem as 'HELP'

  • rob says:

    is it via cmd?or task manager as said above??????

  • HEEEELP says:

    Same problem as guy above - Antispyware soft prevents any program from executing, incl task manager. I have tried starting in Boot Mode w Networking, but for some reason, Boot Mode only fails and recycles the process, back to the same screen.

    I have tried scanning the drive with Malwarebytes using another computer, detected and erased the bad stuff. put it back into computer as boot disk and it's like nothing changed. same problems.

  • mark says:

    I am having the same problem as help. I'm stuck and this software won't let me do anything without shutting down the application and saying it is infected.

  • mark says:

    I\'ve got the same issue as help. I can\'t due anything without it giving me a pop up and blocking the application.

  • Jim says:

    Thank you so much I have been trying to rid my system of this for hours, until I stumbled here. I will remember your greatness.

  • ralph bean says:

    My computer is infected with antispyware soft.I am using Windows 7.I cannot even open Internet Explorer. Can you help me?

  • Brian says:

    Was just infected with Antispyware Soft. it locked me out of everything. i managed to hit ctrl alt del several times and it wasn't able to shut down the taskmgr fast enough and i was able to end the task. anyone know how to re enable my internet now that i successfully rid my comp of this program?

  • Chuck Hurst says:

    I believe my computer was infected with this virus because I\'m an idiot and not nice to my co-workers. Oh well.

  • Gusman says:

    Thankyou much. Your site really helped I thought I wouldnt be a victim but this one cut right through my defences and my antivirus/spyware software once I clicked on the sham virus detection alert box. I take some consolation that this one was on top of your list. I'll be alot more careful next time. GM

  • Yogesh says:

    This thing infected my PC last night and I just could not get a good sound sleep.... been trying to research it and fix it all day! Those manual instructions worked like a charm! Thanks so much.

  • Neil says:

    HELP: Try using safe mode (with networking). Just reboot and hold F8 while Windows loads.

    Also, on another site I found these registry values that should be deleted:
    HKEY_CURRENT_USER\Software\AvScan
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters]“
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random characters]“
    HKEY_CURRENT_USER\Software\avsoft
    HKEY_CURRENT_USER\Software\avsuite
    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
    HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"

  • THEDONG says:

    Awesome. If this works I will be stoked. That spyware popped up and i was like WTF?
    Wouldnt let me access anything without a thousand pop ups. Interesting how it would only let me into sites where i would put my password and bank details in. Dodgy f$@$@$@!! Thank you so much. Pretty clever. I could see a lot of people panicking and buying this scareware

  • Tanushiheadbash says:

    Top advice. Used the manual instructions to clean a friends PC. Worked. Only comment was my Registry entries differed ever so slightly. I had two Keys \"avsuite\" and avsoft. I checked against another machine and they seemed to be not needed. The key: avsuite had lots of random values and one that pointed to AVSoft.
    Thank you very much - will give you a mention on my blog site.

  • nivesh says:

    [reply to HELP "i try to do the things you do to help me remove this spyware but as soon as it opens, it closes and antispyware soft claims that it is infected. how do i stop that?????"]

    1. right click on the desktop, select new > shortcut
    2. in the box, type taskmgr
    3. click next, then click finished
    4. now right click the taskmgr icon on your desktop, and select run as
    5. type username and password of another user on the computer
    6. in taskmgr:
    A. find the process(es) netsqp32.exe and/or {RANDOM STRING OF LETTERS} most likely ending with ssd. end this/these processes.
    B. more effective method (will affect other running applications/processes, if any): select the processes tab, and end ALL processes, except for taskmgr.exe, explorer.exe, and processes run by SYSTEM or NETWORK SERVICE.
    7. you should be able to use applications normally. but remember Antispyware Soft has only been stopped, not removed from your system. now you can follow the very effective instructions given on how to remove it. (by the way, you cannot block Antispyware Soft from entering from the internet again,, it always comes as a random string of letters that is different evry time,, no way to stop it without a powerful anti-virus/anti-spyware)

  • James Potter says:

    These are my instructions.

    1) Find where it is, [APP data]
    2) Rename the folder to somthing else like LOL go into the folder rename the EXE to LOL
    3) as its a bast-ard it wont let you turn off your computer soo unplug your pc and plug it back in
    4) and turn it on. just in case open up task manager as quick as possible
    5) find the lol folder and delete it.
    6) There is damage after but you do have internet still. but cant open anypages.
    7) run spybot search and destroy. google it. on another pc and transfer it over some how.
    8) To fix the issue with opening web pages, you have to system restore.

  • t.j.p. says:

    Reply to HELP: When it pops up those messages, say NO to the 'do you want to scan this file' message. And, you should download a SpyHunter trial, it will remove any malware it finds for 1 full week.

  • HelpAlso says:

    It won't let me open anything to follow these steps either

Loading...