Antispyware Soft Rogue

Just a “head up”.  I’ve been dealing with this Rogue called “Antispyware Soft” all week.  Antispyware Soft completely takes over the users PCantispyware soft preventing them from opening anything or accessing the internet.  It’s really easy to get rid of, here’s how I do it.

  1. Start the PC in safemode with networking (or safemode).
  2. Install and Update MalwareBytes, then run a quick scan.  Remove anything found.  Reboot.
  3. AntiSpyware Soft has been removed.

You may need to do a little cleanup after this rogue has been remove:

  1. If your EXE’s are broken then run this
  2. If you can’t load any websites then follow these instructions

28 Responses to Antispyware Soft Rogue

  1. NormanSecuritySuite!! June 1, 2010 at 7:49 pm #

    Thankss Matt. x

  2. Stef June 1, 2010 at 8:15 pm #

    Thanks for the sharing info

  3. croatian sensation June 1, 2010 at 8:35 pm #

    Hey Matt,

    Dude, I had to clean like three computers in my dorm building of this crap. Ya i just went on the internet and found out how to fix internet explorer, and then i just downloaded malwarebytes and took care of it. I then installed avast 5, and malwarebytes on their computer. Funny thing is both of them had a fully update Norton internet security which costs like 80 dollars, but my free malwarebytes and avast kept it away. Soon all paid antiviruses will be history.

    Croatian

  4. Kudzu June 1, 2010 at 10:00 pm #

    Croation, you are correct. The days of paid antivirus are few.

  5. Tweak June 2, 2010 at 12:10 am #

    This, or one almost identical to it I think has been making the rounds for around a month now, I think it is the same name though, annoying but as stated a very easy fix, these are the ones you have to love because they make you the easy money! Funny how many people have Malwarebytes and an anti virus solution installed that end up with these little pests, pretty much every single one is due to the fact they simply do not update them nor run even an occasional scan.

  6. MCSW June 2, 2010 at 2:47 am #

    I find with most if not all of Rogues if I get into Task Manager
    as soon as I can before the Rouge loads I can kill it with Task Manager, Fix the Proxy Setting and then I am able to install MBAM to remove the Rouge.

    I have a small Computer Repair Business here is Australia
    I guess I would do ablout 3 or 4 Virus removal jobs aweek

    Anyway great site Matt have got alot of info from this site
    keep up the good work

  7. croatian sensation June 2, 2010 at 2:47 am #

    @tweak

    Ya I noticed that my friend’s computers had Norton but it was either expired or they weren’t updating. When I told them what a virus could do, such as stealing your banking information etc. They began to listen and i put avast on automatic update, so it should be pretty hard for them to screw anything up lol

    Croatian

  8. hayden diaz June 2, 2010 at 3:54 am #

    I had to remove it from my dads pc

  9. Tweak June 2, 2010 at 5:18 am #

    @ Croation…you’d think that true but I can almost promise you they will find a way to screw things up again! Getting people away from IE helps as does installing apps like Threatfire and WOT for Firefox, K9 Web Protection and OpenDNS.org, only ones that seem to do really well have many layers of protection but done in such a way that it is neither intrusive to them nor a major resource hog for the pc they are using. Web based filtering and protection like what is offered by K9 and OpenDNS, WOT even and the security/anti-phishing of Spyware Terminator is where the main prevention seems to occur I find also. Finding the best options and balance for the particular individual can prove tricky on occasion but it is definitely PROPERLY layered security that wins the prize with todays on-line environment.

  10. croatian sensation June 2, 2010 at 6:21 am #

    Tweak

    Ya I put WOT and showed them how to use it and I STRONGLY suggested they use firefox. I think avast and threatfire are prob good enough to keep the average user safe.

  11. Anonymous June 2, 2010 at 1:05 pm #

    My sister was attacked by that very same rogue. And what was worse was that Malwarebytes could not turn on in normal mode and wouldn’t update in safe mode. So I scanned with a very outdated database. Luckily it was able to remove part of the rogue, preventing it from being able to produce popups. I was able to update Avast (which was outdated because she didn’t update to 5.0) and installed Threatfire on the machine. Threatfire stopped the .exe of the rogue and that was it. No more rogue.

  12. Wayne Williams June 2, 2010 at 4:35 pm #

    I’ve done this numerous times in the last month or two, as well. The people freak out, but it’s easy to eliminate.

  13. Wayne Williams June 2, 2010 at 4:36 pm #

    Has anyone tried ASquared to kill this? I’ve used ASquared before and it found some malware on my computers, but I haven’t had the chance to try it on this rogue yet.

  14. Rich June 2, 2010 at 5:52 pm #

    My cousin had this on his computer. NO internet NO safemode. and just the weekend before, i installed malwarebytes, started a scan, and added teamviewer. The rogue sensed my teamviewer so it killed the internet, killed, malwarebytes, deleted pictures, and now i gotta use an antivirus boot cd to kill it.

  15. croatian sensation June 2, 2010 at 6:44 pm #

    @Wayne

    I haven’t tried a-squared, it might catch it tho.. they have a pretty good database.

    Croatian

  16. Wayne Williams June 2, 2010 at 8:03 pm #

    ASquared has caught a few things that MBAM has not, so rely on that more and more.

  17. Tweak June 3, 2010 at 12:46 am #

    ASquared is nice but I think it finds more false positives than most other scanners, in some cases this is a good thing, other times, not so much.
    @ Croation, agreed, those combinations work well and should suffice for most users. What you can do or what I’ve done is put together a little information (2 pages) with each application listed, what it does, little tips on its use, and the website for each and presented that with the repaired pc. It lists 7 things that are installed or can be installed. So basically this is what does well for the typical user, it for the most part offers them a multi-layered solution without conflicts and hindrances from multiple apps doing the same job as well as covering most every need they generally are going to have.
    1-Threatfire
    2-Malwarebytes’ Anti-Malware
    3-Avira Antivir Antivirus
    4-CCleaner
    5-Mozilla Firefoxfirefox.html
    6-Web of Trust (WOT)
    7-K9 Web Protection
    Obviously there are many choices but these all work great together and do not slow the machine (even a bit older rigs) and are pretty thorough and of course all are free with options for purchase to increase the protection levels offered. It’d be a good idea for other people that own shops to do similar if they do not and maybe to share some of what they do and how they handle such matters in reference to client education.

  18. Adam June 3, 2010 at 1:51 am #

    Does this malware install any rootkits on the system?

  19. Tweak June 3, 2010 at 2:46 am #

    @ Adam Not that I know of however with this one both Malwarebytes and SuperAntiSpyware detect and remove it and if you want to be a bit more sure you can grab Dr Web CureIt for free and double-check for root-kits. (Obviously some other root-kit scanners work equally well but Dr Web does a great job and if needed you can run via boot-able devices.

  20. Michael Seegmiler June 3, 2010 at 9:02 pm #

    Matt,

    Panda Cloud Free Anti Virus version 1.1 has just been released today, June 3,2010. according to Panda Security the new version has a new behavioral blocking capability. can you please make a video review on this latest version on how good it is this time around in preventing viruses and spyware.

    I will be waiting for your review and analysis on this new version.

    Thanks,
    Michael Seegmiller

  21. nick June 3, 2010 at 11:50 pm #

    Malwarebytes,SuperAntiSpyware,ASquared kick malwares ass out the door

  22. Sheen June 4, 2010 at 3:03 am #

    Thanks for the info, Matt.

  23. Alexander June 5, 2010 at 5:31 pm #

    It’s amazing how simple it is sometimes to clean a pc. Of course ultimately, especially with important data backed up, a clean install of the OS will fix all ills. Or one can boot into a portable OS and fix the problem. It’s the silent malware though that’s scary. Keyloggers and what-not.

  24. croatian sensation June 5, 2010 at 8:48 pm #

    @alexander

    I agree

    Croatian

  25. Jere June 9, 2010 at 1:06 am #

    I am going crazy with this fake AV Security Suite popping up on my computer. It has just about blocked everything, but I managed to get on the computer through Foxfire and find this site. I downloaded and ran Malwarebytes (quick scan) and it found and removed the threat…but when I rebooted, it was still there. Now I am running a complete scan and am hoping it will get the rest of it. If it doesn’t what else should I try?

    • malwarekilla June 9, 2010 at 3:07 pm #

      Try scanning with Malwarebytes in safemode with networking. Also, make sure you update Malwarebytes. If you can’t update Malwarebytes then turn off any proxy settings in your internet connection settings.

  26. ROOTKITS June 14, 2010 at 7:42 pm #

    Adam: Yes, this malware DEFINITELY installs rootkits on the system. Antispyware Soft is a rootkit-based malware which some say was created in Russia and some say in Croatia. Even after you remove the malware, your system is still damaged. The attacker can remotely install or modify components, steal locally stored personal information and even use the compromised machine for illegal activities. You need to remove the rootkits it installs on your pc.

  27. Jennifer June 14, 2010 at 7:45 pm #

    I was infected with Antispyware Soft while watching those “funny” spoof videos that celebrities make on funnyordie.com. Malwarebytes will remove Antispyware Soft but not all of the damage it has done. Antispyware Soft alters files, folders, permissions & registry keys. You need to not only remove it but also repair your PC. You have to clean your registry and remove the rootkits.

Leave a Reply