AV Security Suite always states that the computer is not protected against malware. It changes Internet Explorer settings and enables proxy server which make the computer easily access by hackers! It show the computer was infected by malware such as BackdoorWin32S which is a fake alert.
AV Security Suite should be removed immediately!
AV Security Suite Removal Guide
Kill Process
(How to kill a process effectively?)
[random string]tssd.exe
[random string].exe
Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_CURRENT_USER\Software\AvScan
Remove Folders and Files
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string].exe
AV Security Suite should be removed immediately!
AV Security Suite Removal Guide
Kill Process
(How to kill a process effectively?)
[random string]tssd.exe
[random string].exe
Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
HKEY_CURRENT_USER\Software\AvScan
Remove Folders and Files
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string].exe
No comments:
Post a Comment