05/12
2010
Antispyware Soft Malware: Annoyance of the week (4,424 views)
In the past weeks, more and more clients are reporting infections with *Antispyware Soft* malware.
Antivirus Soft is yet another fake antispyware, similar to Antivirus Live and/or Spyware Protect 2009.
It imitates a system scan and claims to find multiple infections, no matter which shortcut you try to click on or which program you try to start.
Signs of infection:
Usually it starts with balloon notifications in the system tray:
But it quickly gets worse:
And screens similar to this will appear over and over:
Not only is it highly annoying, but do not make the mistake and give in to the scare by *buying their program*: If you do, the makers will also have your personal information and your credit card data!
The removal process only takes about 10 minutes:
Disclaimer: Editing the registry can be dangerous. If you are unsure, contact a professional. We take no responsibility for changes you make that leave your computer in a vegetative state.
Back up your system and your registry before making any changes.
Below are 16 simple steps to remove Antispyware Soft from your computer.
1. Restart your computer in *Safe Mode with Networking* mode (by hitting F8 during the startup process until you are presented with the selection screen). You will internet access later to download/update the removal tools.
If you have access to another computer, you don’t even need to restart. Simply download and copy the 2 files from step 5 and 10 to a USB stick and get the removal process on the infected computer started right away.
2. Open Internet Explorer, click on the Tools menu and select Internet Options:
3. Select the LAN settings:
4. Uncheck Use a proxy server for your LAN:
5. Download Hijack This, but save it as/rename it to iexplore.exe and then save it to your Desktop (alternate download link).
6. Double-Click the iexplore.exe icon to run HijackThis.
7. Click *Do a system scan only* and look for entries like this:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] "C:\Users\Owner\AppData\Local\[random]\badwsftav.exe"
O4 – HKCU\..\Run: [random] "C:\Users\Owner\AppData\Local\[random]\bogjsftav.exe"
The actual file names might differ, but they all start with O4 and seem to end with sysguard.exe or some other random alpha-combination (badwsftav.exe and bogjsftav.exe in the above example).
The first entry should only be there if you haven’t yet reset the Internet Explorer settings outlined in steps 2-4.
8. Check the box next to these entries and click *Fix checked*.
9. Close HijackThis.
10. Download MalwareBytes Anti-malware (MBAM).
11. Double-click mbam-setup-1.46.exe to install MBAM.
(If you get error messages from the malware that the file is infected or cannot e opened, simply rename mbam-setup-1.46.exe to something else – abcd.exe is perfectly acceptable for our purpose)
12. Make sure that both checkboxes next to *Update Malwarebytes’ Anti-Malware* and *Launch Malwarebytes’ Anti-Malware* are checked, and then click *Finish*.
13. Select *Perform Quick Scan* and click *Scan*, and MBAM will start scanning your computer. Depending on your hardware/configuration this can be a lengthy process. Go get a cup of coffee or go to the store, but don’t interrupt the process.
14. MBAM will list all infections as it finds them; when the scan is finished click *OK* and *Show Results*.
15. Ensure all items are checked and click *Remove Selected*.
16. MBAM will open a log file (in Notepad) and it might require a restart (you should do a reboot anyway since you’re still in Safe Mode).
Done!
[…] This post was mentioned on Twitter by ninanet. ninanet said: Antispyware Soft Malware: Annoyance of the week http://bit.ly/aRsFvN #spyware #virus #infection #removal […]
If I find the people responsible for this they are going to wake up six feet under the ground.
This should not be legal, and whoever made Antispyware Soft should die. On the other hand, this was a completely helpful article and it saved me!
This article was a lifesaver. MUCH easier to use than the others and I didn’t have to buy crap to get rid of the fake antivirus. Thanks VERY much!
After a lengthy process & 3 hours, my husband managed to remove this POS & scan the files last night.
Unfortunately, I didn’t find your page till today. We had to do everything in Firefox because IE wouldn’t work. Tried everything today & it’s gone, but IE & other programs still not working because LAN settings are all out of whack.. Can I run your solution after what he did last night??
Christine,
sorry to hear you were having such a hard time 🙁
But have you checked the IE settings outlined in steps 2-4? They take care of the LAN settings.
Of course you can run everything in the list at any time:
if HiJackThis or Anti-Malware find suspicious items – delete those items (unless you have a really good reason to keep them)
BTW, Firefox is the better choice anyway.