Thursday, July 08, 2010

AV Security Suite scam

This thing took over my computer tonight.

It didn't matter what application I tried to open this kept popping up.


AV Security Suite is a rogue anti-spyware program from the same family as Antispyware Soft and Antivirus Soft. Once installed, this fake program will display fake security alerts and state that your computer is infected with spyware, adware and other types of malware. Then it will prompt you to pay for a full version of the program to remove the infections and to make your computer more secure. Of course, that's not true, because AV Security Suite is an infection itself and obviously won't protect your computer from malware. Most importantly, don't purchase this bogus program. If you have already purchased it, then you should contact your credit card company and dispute the charges. Finally, please follow the removal instructions below to remove AV Security Suite from your computer as soon as possible either manually or with an automatic removal guide.

The link has instructions to get rid of it.

I wanted to post about local political happenings tonight but instead spent the wee hours fighting off this thing.

I oppose the death penalty in most cases but I will add these people to the list along with corrupt politicians

Dr. Joe and Michelle keep telling me to get a MAC.


Unknown said...

thanks, but I use Actymac DutyWatch ( for monitoring computer (actymac.com0

Anonymous said...

Usually, AV Security Suite scareware is installed after visiting an infected site which installs a Trojan Downloader. It later downloads the rogue program on the computer. Once installed, this fake antivirus program will report numerous false system security threats, display fake warnings and pop-ups, redirect searches, disable Task Manager and block legit anti-malware or anti-virus programs. It will even impersonate Windows Security Center and state that you should activate AV Security Suite to protect your computer against malware. Besides, it may block all programs, not only security software. For example, it may block Notepad and claim that it's infected.

Alternative AV Security Suite removal instructions using HijackThis (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for similar entries in the scan results:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O4 – HKLM\..\Run: [utrfklpe] C:\Documents and Settings\[User]\Local settings\Application data\oprtklr\andqgs.exe
O4 – HKCU\..\Run: [utrfklpe] C:\Documents and Settings\[User]\Local settings\Application data\oprtklr\andqgs.exe

The process name will be different in your case [RANDOM].exe, located in C:\Documents and Settings\[User]\Local settings\Application data\
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

3. Download at least one anti-malware program from the list below and run a full system scan.

* SUPERAntispyware
* Spybot S&D
* MalwareBytes Anti-malware
* Spyware Doctor

NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe.With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

James said...

thank you very much anonymous ^
the fucker has finnaly gone i owe you a great deal!