Remove Antivir Solution Pro. Removal instructions
Antivir Solution Pro is a rogue anti-spyware application from the same family as AV Security Suite and Antispyware Soft. This fake program is typically promoted via fake online scanners and misleading web pop ups that appear when browsing bogus websites. Those pop ups will state that your computer is infected with adware, spyware and other malware. Then you will be prompted to download and run their malware removal tool which is Antivir Solution Pro of course. Please also note that the rogue program may come bundled with other malware or it can enter your computer through software vulnerabilities. However, most of the time it has to be manually installed. If you find that your computer is infected with this virus, please follow the removal instructions below.
Once Antivir Solution Pro is active, it will be configured to start automatically when loading Windows. The rogue program will scan your computer and detect non-existent or system files files as infections, but won’t let you remove them until you purchase the program. This is obviously a scam because it asks you to pay for a license of a program that removes non-existent infections. What is more, the rogue program will display fake security alerts on your computer screen like every one or two minutes. These alerts will range from warnings about your computer be hacked to active malware processes being detected. Some of the fake security alerts read:
INFILTRATION ALERT Virus Attack
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trogan – dropper or similar.
DETAILS
Attack from:152.179.59.20, port 4703
Attacked port: 29484
Threat: BankerFox.A
Do you want block this attack?
Last, but not least, Antivir Solution Pro will blocks anti-spyware programs, Task Manager, Registry Editor and other useful system tools to protect itself from being removed. It will also block nearly all websites and especially security related ones. It won’t let you download malware removal tools that why you will have to end Antivir Solution processes first or reboot your computer is Safe Mode with Networking. As you can see, the main purpose of AntivirSolutionPro is to trick you into purchasing the program. Don’t purchase it. If you have already paid for it then contact your credit card company and dispute the charges. Then please use Antivir Solution Pro removal instructions below to remove this malware from your computer as soon as possible. Also, beware of such misleading websites as antiviractive.com.
Antivir Solution Pro removal instructions
1. Restart your computer. As your computer restarts but before Windows launches, tap “F8” key constantly. Use the arrow keys to highlight the “Safe Mode with Networking” option as shown in the image below, and then press ENTER.
2. Open Internet Explorer. Click on the Tools menu and then select Internet Options.
3. In the the Internet Options window click on the Connections tab. Then click on the LAN settings button.
4. Now you will see Local Area Network (LAN) settings window. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.
5. Download an automatic removal tool from this page and run a full system scan. Or download it from alternative location.
Related files: [random]tssd.exe, [random].exe
Antivir Solution Pro properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background
Antivir Solution Pro snapshot:
Automatic Antivir Solution Pro removal:
(2012-01-05 22:13:41)
Antivir Solution Pro manual removal:
Kill processes:
[random]tssd.exe
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run”[EIGHT RANDOM CHARACTERS]” = “%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]tssd.exe”
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Run”[HARACTERS]” = “%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\[SECOND SET OF RANDOM CHARACTERS]tssd.exe”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “EnabledV8” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE
HKEY_LOCAL_MACHINE\SOFTWARE\avSofT
HKEY_CURRENT_USER\Software\avSofT
how to remove registry entries
Delete files:
[random]tssd.exe
how to remove harmful files
Delete directories:
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]
Information updated: 2012-01-05 19:36:26