Antispyware Soft Malware: Annoyance of the week (3,282 views)
In the past weeks, more and more clients are reporting infections with *Antispyware Soft* malware.
Antivirus Soft is yet another fake antispyware, similar to Antivirus Live and/or Spyware Protect 2009.
It imitates a system scan and claims to find multiple infections, no matter which shortcut you try to click on or which program you try to start.
Signs of infection:
Usually it starts with balloon notifications in the system tray:
But it quickly gets worse:
And screens similar to this will appear over and over:
Not only is it highly annoying, but do not make the mistake and give in to the scare by *buying their program*: If you do, the makers will also have your personal information and your credit card data!
The removal process only takes about 10 minutes:
Disclaimer: Editing the registry can be dangerous. If you are unsure, contact a professional. We take no responsibility for changes you make that leave your computer in a vegetative state.
Back up your system and your registry before making any changes.
Below are 16 simple steps to remove Antispyware Soft from your computer.
1. Restart your computer in *Safe Mode with Networking* mode (by hitting F8 during the startup process until you are presented with the selection screen). You will internet access later to download/update the removal tools.
If you have access to another computer, you don’t even need to restart. Simply download and copy the 2 files from step 5 and 10 to a USB stick and get the removal process on the infected computer started right away.
2. Open Internet Explorer, click on the Tools menu and select Internet Options:
3. Select the LAN settings:
4. Uncheck Use a proxy server for your LAN:
6. Double-Click the iexplore.exe icon to run HijackThis.
7. Click *Do a system scan only* and look for entries like this:
The actual file names might differ, but they all start with O4 and seem to end with sysguard.exe or some other random alpha-combination (badwsftav.exe and bogjsftav.exe in the above example).
The first entry should only be there if you haven’t yet reset the Internet Explorer settings outlined in steps 2-4.
8. Check the box next to these entries and click *Fix checked*.
9. Close HijackThis.
10. Download MalwareBytes Anti-malware (MBAM).
11. Double-click mbam-setup-1.46.exe to install MBAM.
(If you get error messages from the malware that the file is infected or cannot e opened, simply rename mbam-setup-1.46.exe to something else – abcd.exe is perfectly acceptable for our purpose)
12. Make sure that both checkboxes next to *Update Malwarebytes’ Anti-Malware* and *Launch Malwarebytes’ Anti-Malware* are checked, and then click *Finish*.
13. Select *Perform Quick Scan* and click *Scan*, and MBAM will start scanning your computer. Depending on your hardware/configuration this can be a lengthy process. Go get a cup of coffee or go to the store, but don’t interrupt the process.
14. MBAM will list all infections as it finds them; when the scan is finished click *OK* and *Show Results*.
15. Ensure all items are checked and click *Remove Selected*.
16. MBAM will open a log file (in Notepad) and it might require a restart (you should do a reboot anyway since you’re still in Safe Mode).