Win32 Virus Removal

AV Security Suite is a phony anti-malware program which infects your system through spamming messages, trojans, worms, hacked websites etc. AV Security Suite is derived from the Antivirus Soft and AntiSpyware Soft viruses and after it goes past your current security software, it will start scanning your computer and tells you that your PC is infected with various viruses, and to remove those you need to buy the full version of AV Security Suite, but you should know that all those supposedly infected files are in fact harmless and the ’so called’ anti-virus application which AV Security Suite posses is in fact a virus that infects and tries to get money from distracted users.

AV Security Suites uses multiple deceiving tactics that will infect your PC without you even being aware of it. It takes advantage from the fact that various Windows applications contain vulnerabilities that can be easily exploited, like Adobe Reader, Flash and other common applications. Also, it uses hacked websites which are taking advantage of those vulnerabilities that every outdated application contains. So, to avoid being infected you need to permanently check for updates for all your installed applications or you can simply download the Secunia Online Software, which is a tool that scans your system for outdated programs and after that it displays all the updates that you need to install for all those security vulnerabilities to vanish.

AV Security Suite

If you update all your installed applications, then your computer will be much more secure against future infiltrations. AV Security Suite doesn’t allow you to perform various common tasks and by doing this, you won’t be able to get rid of it that easily. It will change your proxy server to 127.0.0.1:1041 and by doing this it will take control over your web browsers, and when you try to visit one it will tell you that the web address you just typed contains malware, the warning message sounds something like this :

• This website has been reported as unsafe. We Recommend that you do not continue to this website. This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial informations.

Even if you remove that proxy server address you shouldn’t be so sure that you managed to get rid of it, as AV Security Suite will re-enable it at a system startup. Also, it blocks programs by stating that those applications you’re trying to run are infected and AV Security Suite takes this kind of action because it tries to protect itself against virus removal applications. The warning displayed when an application is blocked, looks something like this :

• Windows Security Alert. Application Cannot Be Executed. The file blabla.exe is infected. Do you want to activate your antivirus software now?
• Spyware Alert. Application Infected! The file blabla.exe is infected. Do you want to allow this application now?

All these warning messages are false and your applications are fine. The problem is the AV Security Suite which doesn’t allow you to run them and so it forces you to buy its full version, but it won’t do anything and you will only be tricked and your money will be gone. See below other false malware alerts :

• Windows Security alert. Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.
• Antivirus software alert. Infiltration Alert. Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.

Also, AV Security Suite will show you a false Windows Security Center windows that looks like the genuine Windows application. Another way to be sure that your system infected with the AV Security Suite virus is to download the HijackThis application and set it to scan your system registries. Download it from HERE. If the scan log displays the following line, then you’re sure that your system is infected with AV Security Suite :

• O4 – HKCU\..\Run: [] %UserProfile%\local settings\application data\\.exe
• R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1041
• O4 – HKLM\..\Run: [] %UserProfile%\local settings\application data\\.exe

So, to completely remove the AV Security Suite virus you should follow the instructions below :

1. First, you need to save the instruction below on a nearby PC or you can print them. This should be done because at some point you will be required to close all opened windows and applications, including this browser.
2. AV Security Suite might block any kind of download onto infected computer and so you might need to port files on CD / DVD, USB flash drive or with any other removable storage drive and so you will be able to copy them in your system.
3. Now you need to Reboot your system and you have to enter Windows in Safe Mode with Networking. To do this you need to start tapping the F8 key immediately after the system reboots and select Safe Mode With Networking and hit Enter and after you see the Windows desktop go on to the next step. See below how the Safe Mode with Networking screen should look like.


Safe Mode With Networking

4. As I told you above, this virus will modify your proxy server and by doing this it won’t let you enter any website or it won’t let you update the security applications. Now, open your Internet Explorer browser and click the Tools menu and now you need to select the Internet Options. See image below.


Internet Options

5. Now you should see the Internet Options window and now you have to click the Connections tab. See image below.


Click Connections Tab

6. After you clicked Connections tab you need and you have to click Lan Settings tab. See image below.


Click LAN Settings

7. Now you should see the Local Area Network ( LAN ) screen. Click Proxy Server and uncheck the box called at the left of ‘Use a proxy server for your LAN’. Now you have to press OK and close the window. Now close the Internet Option screen by clicking OK. The proxy server now is disabled and you can surf the internet again with the IE web browser. See below the LAN Setting screen.
8. Now you need to close all AV Security Suite’s processes. To do this you need the Rkill.com process killer. Download it from HERE. If you can’t download it, use another computer which allows you to grab it and so you’ll have to run it from a CD or DVD disk or you can use a USB flash drive.
9. Now, double-click the Rkill.com icon and it will start scanning your system for malicious software and after it detects them, it will terminate the AV Security Software processes. AV Security Suite might display a screen which tells you that Rkill.com is a virus, leave the warning message open and open Rkill again until it will end all viruses’ running processes. Those messages are all fake and Rkill.com is perfectly safe to use. If the Rkill.com software is unable to end those processes, you might need to try using iExplore.exe, get it from HERE, or eXplorer.exe, get it from HERE. These two programs are similar with Rkill.
10. After you do the above step, please under any circumstances you shouldn’t reboot your system, so DO NOT REBOOT Windows. Go to the next step.
11. Now you need to download the Malwarebytes’ Anti-Malware, which will remove AV Security Suite from your PC. Download it from HERE.
12. After Malwarebytes’, aka MBAM, has been downloaded you should close all opened widnows, applications and this browser.
13. Now you should see the desktop, click the mbam-setup.exe icon and Malwarebytes’ Anti-Malware will be installed on your PC.
14. After installation is on, you shouldn’t change any default settings, you simply need to continue until MBAM will be completely installed. When MBAM displays the finish screen you need to be sure that the Update Malwarebytes’ Anti-Malware and the Launch Malwarebytes’ Anti-Malware boxes are checked. Now you can press Finish and MBAM might ask you to reboot Windows, please DO NOT REBOOT Windows.
15. Now MBAM will start and you it will ask you update it to its latest version, click OK and after that you will be taken to its main screen. See image below.


MBAM Scanner Tab

16. Now you need to check the Perform Full Scan box, which you can clearly see in the Scanner screen, and after that click Scan and MBAM will start searching for the AV Security Suite virus files.See below an image displaying the scanning operation.
    

    MBAM Scanning Process

17. After the scanning process is completed, you will a screen like the one in the picture below. CLick OK to get to the next step.
    

    MBAM Scanning Completed

18. Now you see the Scanner tab again. Click Show results.
19. Now, you should see all the malicious files the MBAM has found. Click Remove Selected button and it will start removing all the AV Security Suite virus files. MBAM might require rebooting in order to remove various infected files, now you have to let it reboot your system. After you see the desktop again, you are free to continue with the next step. See an image below that displays the scanning results, please note that the results in our scans with the one in your scans might be different.
    

    MBAM Scanning Results

20. After Malwarebytes’ successfully removed AV SEcurity Suite, you will be taken to see the scan log of all operations. After you finish reviewing the log you can close the Notepad screen.
21. Now, you can finally close MBAM and hopefully all infectious files were removed.

I hope that you all managed to remove the AV Security Suite from your computers. If you have any question you want to ask regarding this removal guide, please feel free to comment or open a new thread in your forums.