AntiSpyware Soft Descriptions:
AntiSpyware Soft, also referred to as Anti-Spyware Soft or AntiSpywareSoft, is nothing more than a simple rogue, trying to get to your PC. AntiSpyware Soft uses fake computer scans, as well as threat warnings in order to convince you that you must urgently purchase the full version of this rogueware. Don’t get into trouble!
How can AntiSpyware Soft get into your PC? Just in a very simple way. In most cases, computer users don’t pay attention what sites they are visiting and what software, or updates they are putting on their PCs. Therefore, it is really easy to get the infection on your machine. You don’t even notice when the rogueware gets to your PC. Due to the fact that it is based on Trojan, AntiSpyware Soft is installed without your permission.
Once on the system, AntiSpyware Soft starts scanning your PC. After that you are bundled with fake warnings about Trojans and all kinds of viruses detected on the system. However, all of this leads to the purchase of the software.
Don’t ever trust AntiSpyware Soft. Remove it as soon as possible.
AntiSpyware Soft Manual Removal Instructions:
Stop These AntiSpyware Soft Processes:
(Learn how to do this)
[random string]tssd.exe
The strings might vary:
- bbyhkpmtssd.exe
- djwfikhtssd.exe
- efggrodtssd.exe
- fevbjhatssd.exe
- fpvdombtssd.exe
- gviccmctssd.exe
- haggiuktssd.exe
- ikduchmtssd.exe
- kvscnohtssd.exe
- mnharsvtssd.exe
- msdyuhwtssd.exe
- ntddsistssd.exe
- pgniugntssd.exe
- ptexfentssd.exe
- qapwmpqtssd.exe
- rtelsdjtssd.exe
- tdaocaetssd.exe
Find and Delete These AntiSpyware Soft Files:
(Learn how to do this)
%UserProfile%\Local Settings\Application Data\<random>\<random>tssd.exe
Remove These AntiSpyware Soft Registry Values:
(Learn how to do this)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random string]“
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random string]“
HKEY_CURRENT_USER\Software\avsoft
HKEY_CURRENT_USER\Software\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “<local>”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
No related posts.
Best thing to do is go into safe mode and restore your previous computer settings from another date *** like 30 days ago *** takes everything away…..
What a great resource!
How do you use system restore in Safe Mode? I tried and I get a message say it is turned off in Safe Mode.
Thank you for the pointers, I was able to remove the various .exe virus files that were present on my hard drive. At first I couldn’t get the regedit to open, it would open and immediately disappear. I wasn’t able to open firefox either. I thought I should try this: go to task Manager and kill all unfamiliar/suspect exes. Surprisingly Task Manager was still accessible and I was able to kills a few exes and then regedit worked fine. One of the registry entries listed above showed Regedit showed another clue, a virus file was in the Application Data folder. After that I went to Temp folder (I had Win7, it was at username\AppData\Local\Temp) and found a bunch of virus files, one of them was still running but not visible in Task Manager so I had to click “show processes from all users” and then I was able to kill it and delete. Everything seems to work fine now, it wasn’t as difficult to get rid of as I imagined!
I have this virus and nothing is working for me. Regedit, Msconfig, Ctrl+Alt+Delete, searchng for it in my files, etc. is not working because the “virus program” blocks them knowing it will be delted through those programs. How do I delete it? And how is this virus picked up??
To Chris* did your method work?
It wouldn’t let me open Task Manager. The AntiSpyware Soft claimed that Task Manager was a virus or threat file. But I turned my computer’s clock back by a month and everything is fine now.
Does Spyware Doctor work very well for this as well? It’s what I downloaded.
I was infected with and got rid of it within 5 minutes. Restart your computer. While it is restarting and before windows os opening up, constantly tap F8. This will open your computer in SAFE MODE. Scroll (arrow down key) down to SAFE MODE WITH NETWORKING. Click enter.
Now ckick the windows tab in the botton left corner. Next, find the back and restore center. Open it, and restore it to a previous date before this rogue program entered your computer.
Sorry about the typos. I was in a hurry.
I think I have everything deleted, but when i look under the startup section under the System Configuration Utility, there is still a startup item there called ybabpyvtssd. It’s unchecked, and everything seems to be working fine, but I’m still worried. What do i do?
Hi Tod,
what do i do if i can’t even open back and restore center?
If you can’t get anything working, restart your computer and use Safe Mode. Then use regedit to delete the strings then restart to normal mode. Then use your antivirus to delete the rest of Antispyware Soft. Worked for me ^^
@Cris
Search to see if the ybabpyvtssd is real/common on google. If there aren’t any matches, it’s probably Antispyware Soft or something you don’t need.
@ellie
Do what I said in my post above, or what TOD said.
The Antispyware Soft may still affect the computer abit after safe mode so go to task manager[it should work now] and end the random letter tasks. If the pop ups stop then you’ve got the right one. Make sure you use spyware software after!!!! Even if you think its gone, there still might be a little bit of it left so make sure you get the maximum amount of it gone!
while your computer is restarting, constantly tap on the F8 key. This will put in SAFE MODE.
Got this on a toshiba laptop, and have been trying to get rid of it, but i cannot get onto the internet or even safemode. the spyware is also infecting BIOS. Any help would be VERY appreciated!!!
Here’s how to get rid of it …
First, shut your pc down and boot back up normally. As your desktop loads, hit CTRL-ALT-DELETE and click on the Task Manager before the malware gets control and then select the processes tab and then do the following:
Stop the following process:
* [random characters]tssd.exe
The next step in Antispyware Soft removal is to delete the following file:
Windows XP:
* %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe
Windows Vista/7:
* %User%\AppData\Local\[random characters ]\[random characters]tssd.exe
Once the above steps have been completed, Antispyware Soft no longer resides on your hard disk.
Removing files and folders alone is not sufficient to completely remove Antispyware Soft. The following keys and settings should also be removed from the Windows registry to complete Antispyware Soft removal:
* HKEY_CURRENT_USER\Software\AvScan
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters]“
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random characters]“
* HKEY_CURRENT_USER\Software\avsoft
* HKEY_CURRENT_USER\Software\avsuite
* HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
* HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
Reboot your pc and you should be clean now.
hi Rob,
You saved my day. Your tips worked perfectly. I cannot believe that my PC is back to normal. Thanks a billion for sharing these tips.
Rob,
Thank you SO MUCH for your specific registry file list. I managed to get rid of the virus using Malware Bytes, but when I rebooted my internet was still not working (the fake error message in Opera and IE was still coming up). Deleting the entries you listed worked perfect. Thanks again!!!
Thanks Tod,
The solution for me was to start up in safe mode and restore the system to a last known good backup or system change. I am concerned that since my “Norton Internet Security” product did not detect it in the first place, I may need to rescan my computer with a product that actually works! (Thanks Symantec!)
Any suggestions?
Rob, thank you so much for your list. We somehow got attacked by this virus about an hour ago, and after reading your comment, it helped so much. After checking, and re-checking to make sure it’s all gone, my computer is fine again.
You’ve saved me a lot of frustration and money (if I had to take it to a computer shop for fixing)
Thank you!
Ok, so I have no idea what to do. I tried to boot up in safemode and it got to crcdisk and just stops. I’ve tried restoring to a point earlier today but windows tells me my disk has errors but chkdsk won’t finish. It gets through about 17% of process 2 and reboots. How am I supposed to fix this??? Is there a way to enter Cmd at startup. I don’t have a Vista disk as my laptop came with just a recovery partition… and that’s a POS
Wow that work for me.
Thanks
Thank you guys so much all I did was restart computer in safe mode. Tap “F8″ while computer is starting up.Then scrolled down to “Safe Mode With Networking” clicked “Enter” then clicked start tab then found restore computer in “Systems Recovery” it asks if you would like to start recovery clicked “Next” then you pick an earlier date to restore from in Bold and less than five minutes no more antispyware soft Yah!!!!
This FINALLY worked. I’ve been working on this for 4 hrs. on and off and and couldn’t get internet to work, or to restore my xp theme. after deleting the registry values, my computer now functions back to normal. thank you!
Rob is a genius, and a generous one. I just cleared my wife’s Home Vista machine per his instructions. Thanks.
I just spent about 5 hours working on getting rid of the AntiSpyware Soft virus. I tried all of the steps recommended by Rob and guess what…IT WORKED! I’m hoping to update all Spyware and Anti-virus programs as much as possible to avoid this from re-occuring.
Rob, you’re an angel. Bless your heart!
Rob is a savior. That definitely worked. Also showed I had another piece of spyware on my laptop.
Thank you! Was getting ready to do a full restore of my computer there…
Thanks!! this worked for me
Thank you all for posting solutions to the antivirus soft. Rebooted in safe mode, restored my computer and then deleted the registry keys as posted by Rob. Restarted my computer and it is back to normal. Blessings to you.
Rob is the man. I love it when you give exact details of how to remove this crap. I am still booting up but I know you got it.
Thanks
One thing, dont forget to uncheck the proxy settings in IE explorer or you will not be able to get out. Tools >Internet Options > Connections > LAN settings
At least mine were hosed up but I been down that road and know how to fix it.
Rob, thanks so much!! Your instructions worked great!
I have tugged with trying to get this off since June 1, following your instructions, I think it is gone….I hope so. My string was ytmmbkvtssd.exe and it was in 2 places, one I could delete the other said I did not have permission to delete it. So I put that one on the desktop and shut down my computer and as soon as I could I put it in the recycle bin and emptied it. That seems to have worked for me. Also I did have to uncheck the proxy settings in IE to access the internet. THANKS FOR ALL OF YOU WHO HAVE GIVEN HELP….
I didnt find all the keys you listed in regedit. But deleted all the ones i did find. One I did not see was AvScan.
Worked perfectly. I reviewed a number of the other “manual” remove intructions but they seemed combersome. I just restored back 24 hours and all worked fine. Thanks !
Tod and Rob thank you so much for this information. I got Antispyware Soft from using my company laptop on vacation looking for a local seafood restaurant in Florida. I thought sure I’d have to send it to the IS department. You saved me a lot of time and frustration. It’s good to know that there are many more good computer guys/gals out there than the low life’s that create this malware junk. May God bless both of you.
Greg
I was stupid enough to purchase the damn thing (69.95) Got the confirming email and just before downloading the file, I decided to google Antispyware and found all this bad news.
So,
1. Can I get my money back?
2. Is my credit card hopelessly compromised now?
I’m removing by either Safe Mode or following Rob’s instructions right after I post this
Looks like I have gotten rid pf it by following Rob’s directions.
I also did not find AvScan
Strangely it seems to have just gone away…but i do not trust that at all