vegaseat 1,735 DaniWeb's Hypocrite Team Colleague

Just spent about an hour removing Antispyware Soft, a small miserable program that comes in on e-mail or certain church sponsored web sites.

It deposits a random named executable in your Windows OS (XP through Windows7) and then takes over the registry to a point where you can not run any other executable. It stops the executable and pops up a message telling you that this particular program is infected and will not run. It then directs you to a web-page where you can buy Antispyware Soft to remove the infection. The infections are a hoax. However you effectively have lost the use of your computer.

The recommended removal is a lesson on the Swiss Cheese nature of the Microsoft Windows operating system, and how easy it is to make a mess of it.

... from a helpfull comment on ...
http://www.xp-vista.com/spyware-removal/remove-antispyware-soft-antispyware-soft-removal

Here’s how to get rid of Antispyware Soft malware/scareware ...

First, shut your pc down and boot back up normally. As your desktop loads, hit CTRL-ALT-DELETE and click on the Task Manager before the malware gets control and then select the processes tab and then do the following:

[random characters] is something like msdyuhw

Stop the following process:

* [random characters]tssd.exe

The next step in Antispyware Soft removal is to delete the following file:

Windows XP:

* %Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe

Windows Vista/7:

* %User%\AppData\Local\[random characters ]\[random characters]tssd.exe

Once the above steps have been completed, Antispyware Soft no longer resides on your hard disk.

Removing files and folders alone is not sufficient to completely remove Antispyware Soft. The following keys and settings should also be removed from the Windows registry to complete Antispyware Soft removal:

* HKEY_CURRENT_USER\Software\AvScan
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random characters]"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random characters]"
* HKEY_CURRENT_USER\Software\avsoft
* HKEY_CURRENT_USER\Software\avsuite
* HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
* HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" ="1"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"

Reboot your PC and you should be clean now.