Remove AV Security Suite [Removal Guide]

This guide will give you easy instructions on how to uninstall or get rid AV Security Suite for free.


What is AV Security Suite? (Information)

AV Security Suite is a fake security software which uses fraudulent strategies by displaying false or exaggerated security issues on your computer rather than any legitimate ones to coerce you into purchasing their software.

When AV Security Suite is installed, it will display bogus warning messages that your computer is infected. AV Security Suite uses the aforementioned misleading ads in order to win your trust and make you actually believe your computer is compromised with viruses, spyware or trojans. It will then suggest that you purchase a copy of it to rid of the infections. The hoax is the fact that it's bogus antispyware database is totally incapable of performing any of the declared functions.

AV Security Suite is from the same group of rogue security software as Antivirus Soft and Antispyware Soft.

---

Follow these preparation instructions to continue:

Because AV Security Suite sets your browser to use an invalid proxy, you will not be able to surf any websites.

If you are using Internet Explorer, click on the Tools menu and select Internet Options.

• Now click on the Connections tab and then the Lan Settings button.
  
• Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN.
  
• Click the OK button. Then press the Apply button and then the OK button. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

If you are using Firefox, click on Tools and click the Advanced tab.

• Go to the Network tab and select Settings.
  
• Select No proxy and click the OK button and click OK again. Now that you have disabled the proxy server you will be able to browse the web again with Firefox.

After that, download HijackThis from HERE and save it to your desktop.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of the lines which look like this:
  
  O4 – HKLM\..\Run: [random] c:\documents and settings\user\local settings\application data\random\random.exe
  O4 – HKCU\..\Run: [random] c:\documents and settings\user\local settings\application data\random\random.exe
  
  
• Close all opened Windows
  
• Press "Fix Checked"
  
• Close Hijack This.
  

---

Now, time for the removal. You have to start computer in Safe Mode by doing the following:

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, keep tapping F8.
  
• Instead of Windows loading as normal, a menu should appear.
  
• Select the option, to run Windows in Safe Mode with Networking.

1. Please download the official version of Malwarebytes' Anti-Malware.




2. Install Malwarebytes' Anti-Malware by double clicking on mbam-setup




3. Follow the prompts. Make sure that Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware are checked. Then click finish.




4. Malwarebytes' Anti-Malware will automatically update itself after the installation, click the OK button to close that box and you will now be at the main program Window as shown below.

If you are having problems with the updater, you can use this link to manually update Malwarebytes' Anti-Malware with the latest database. Make sure that Malwarebytes' Anti-Malware is closed before installing the update.


5. Close All opened Windows, Programs, File or Folders.


6. Make sure you are on the Scanner tab. Select Perform quick scan then click the Scan button as shown below.




7. Malwarebytes' Anti-Malware will now start scanning your computer for infected files as shown below.




8. When the scan is finished a message box will appear, click OK to continue.




9. Click Show Results.




10. You will now be presented with a screen showing you the malware infections like shown below. Yours may look different depending on the infection you have.


11. Click on Remove selected.




12. When removing the files, Malwarebytes' Anti-Malware may require you to restart the computer in order to do a complete removal. If it displays a message stating that it needs to restart, click Yes.




13. After that you can close the Malwarebytes' Anti-Malware window, your computer is now cleaned from the malware infection.


To protect and prevent your computer from experiencing future threats like this, we highly recommend purchasing the FULL version of Malwarebytes' Anti-Malware with real-time protection from this link.

---

If you are still experiencing problems or difficulties following this guide or require any assistance removing this malware, please post your questions in our Virus, Spyware & Malware Removal forums for free help.

You have to be logged in to post questions. Registration is free. By registering you will be privileged to other resources and to ask questions.

Last edited by Doctor Inferno on 29th July 2010, 2:02 am; edited 11 times in total (Reason for editing : Information Update)

Worked a charm.. and removed the awful security suite in 20 mins, i love you guys man, thanks!

I will also have to purchase the full version with protection just so that this doesn't happen again!

I would like to say a huge thank you to Doctor Inferno for making this guide.

My computer is back to normal now. And the funny part is that I don't even know how this got on my computer.

Worked first time for me too. Thanks for the info. Gonna get the full version of malwarebytes.

so I followed these instructions but when I shut down my computer and restarted it, av security suite was still there. Then I went to bleepingcomputer and followed those instructions and then opened rkill and then the black screen disappeared and a notepad popped out saying

this log file is located at C:/rkill. log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as james on 06/08/2010 at 15:13:55.


Processes terminated by Rkill or while it was running:


C:/Documents and Settings/james/My Documents/Downloads/rkill.exe


Rkill completed on 06/08/2010 at 15:13:58.

so as you can see, rkill didn't terminate anything. Anyway, I continued on and ran malwarebytes, which found 6 items infected and then removed them but whenever I turned the pc back on again, av security suite was still there. I then repeated the process by using the other 3 versions of rkill, the one called rkill.pif somehow has a 404- not found link, and then ran each of those. However, the weird thing was that after each of these rkills turned into a notepad file, the my documents folder then automatically closed itself. I repeated with malwarebytes and found and killed some infected files once more but that also did not work. Finally, I repeatedly kept on clicking on all the rkills in my documents before the folder had closed. Then I repeated the malwarebytes process but this also did not work. Lastly, I have ran malwarebytes on both quick and full scan. So, can anyone help me to get rid of this av security suite?

After following all these steps, Malwarebytes found 6 files and deleted them. However, when I restarted, AV Security Suite still runs.

Any other options?

On 6/8/2010.. having the same issue... I followed some manual REGEDIT first... didn't work.

Reboot machine... still affected.

Found GeekPolice and attempted malwarebytes, but nothing found infected.

Reboot machine AV Security Suite still loading... AHHHHHHHHH

Everyone with problems removing AV Security Suite, please read this and post here for assistance.

Thanks much for this! Worked like a charm and really helped me out today.

I could not make it through the pre-process for this site because I could not install the necessary programs you request while I was in Safe Mode.

I then found this and it actually worked!!! For those of you that are still having trouble, use this link and follow the video! The HijackThis program plus Malwarebytes did the trick! It actually worked after 4 days of fighting this effing AV Security Suite!

Thank you so so much!

This is the only instruction which works for me after going to a couple of other sites. It removed av security suite in minutes.

What a nightmare! I spent 5 hours working on my friends computer to remove this awful program. It had permeated everything and all I tried to do to fix it was blocked - it blocked his McAfee (a lot of good that did) and anything Microsoft/Windows. I used my computer to download the programs needed and used a thumb drive to get them onto his laptop. It worked! I can't thank you enough for your help. You are awesome!

I Think it Worked !! Two Reboots and no AV SECURITY !!

WOW !! I have been several hours working on this, And this page had me going in 15 mins !

THANK YOU THANK YOU THANK YOU !!!!!!!

This worked like a charm. I was infected a little less than a half hour ago with this program from a website advertising online pictures taken with your webcam. It seemed harmless and really convenient, but it was definitely malicious. The second I downloaded the image, popups started.

Thank you so much for making this guide.

I Spoke too Soon, Now I'm Having redirects and search hijacks...Should I just start a thread to get help with my problems?

Can't thank you enough! Its gone! I'm happy! Dr. Inferno Rocks!

Not sure if im supposed to check all of the HKLM & HKCU files on the log. I tend to over think things so i apologize.
Here's my log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:41 PM, on 6/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Hijack This\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1025
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Wvaceqicoxicak] rundll32.exe "C:\Documents and Settings\Guest\Local Settings\Application Data\crtrtl.dll",Startup
O4 - HKCU\..\Run: [Gxesamep] rundll32.exe "C:\Documents and Settings\Guest\Local Settings\Application Data\elodocayewiduce.dll",Startup
O4 - HKUS\S-1-5-21-1214440339-1993962763-839522115-501\..\Run: [Wvaceqicoxicak] rundll32.exe "C:\Documents and Settings\Guest\Local Settings\Application Data\crtrtl.dll",Startup (User '?')
O4 - HKUS\S-1-5-21-1214440339-1993962763-839522115-501\..\Run: [Gxesamep] rundll32.exe "C:\Documents and Settings\Guest\Local Settings\Application Data\elodocayewiduce.dll",Startup (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - Unknown owner - C:\Documents and Settings\Administrator\My Documents\Port_APPS\PortableApps\Kaspersky_Portable\Kaspersky_Portable\avp.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6487 bytes

I have problems at the first stage already. I think AV Security Suite may be blocking something. So I go into internet explorer tools, followed by connections tab and the LAN setting. I uncheck the box for using a proxy and press OK. After this no APPLY button appears. So if I press OK the proxy settings reappear.

Please help me.

Thank you for this guide! My computer is fixed! Thank you thank you thank you! =D

I hope you've tried this first, before landing on this site here: 2-viruses.com/remove-av-security-suite .. 'cause all that site is designed to do is further your plight by trying to get you to buy another program called Spyware Doctor which is just another ploy to get your credit card #.. Thanks to this here GeekPolice I was able to remove this viscious sales commercial with only one blip in my internet having gone blind, but 1 more reboot fixed that. Those f*** bastards that created AV Security Maleware need to get their nuts removed by rusted hacksaw blades.. It's just this kind of nonsense that gives computer nerds a bad name. Right on to the freeware that resolved this stupid ploy to lock up my pc and reach around to my already empty pocket book.. telemarketing sales must be down now that I see they musta employed some pissed off pimply faced, obeese eunuch to write up a program like this. And I brought it all to a halt in just 3 minutes.. less time than it took to write this.

Hey. This AV Security Suite just appeared on my computer yesterday, and I've been doing everything I can to stop it. It's been forcing open random pages in Firefox and Internet Explorer, and some of its pop-ups cannot be closed. I set both Internet Explorer and Firefox to "No Proxy", though AV Security Suite could still open up pages. I came to this site and downloaded Hijack This as fast as I could, but AV Security Suite kept telling me that it was a virus and could not be executed. Every time I clicked Hijack This, it began to load and opened up, but then would disappear. So I was forced to start my desktop computer in Safe Mode with Networking in order to open up Hijack This.
So, my status at the moment is basically:
I cannot open Hijack This in Normal Mode. I can in Safe Mode with Networking, but I'm not sure which boxes to check before deleting by clicking "FIX THIS". There are many HKCU and HKLM lines, but I'm not sure which ones are necessary and uninfected and which ones I should be deleting. They are preceded by R0, R1, and 04.
Some of the HKCUs and HKLMs look important; things unrelated to the infection, like opening applications such as AIM or ADOBE stuff. . .

What I'm wondering is: can I run Hijack This in Safe Mode with Networking, instead of Normal, and still combat the infection enough before getting Malwarebytes? And: precisely which HKCUs and HKLMs should be deleted?
(My computer is a Windows XP desktop, but right now I'm using my uninfected laptop). Any help on getting rid of this AV Security Suite would be very much appreciated.

nick off every box with a HKCU and HKLM and run the proceedure as it's supposed to be run under safe mode w/networking.. it's just that point blank. i did it and it's gone with no aftermath of problems. i think each of those boxes is a block of some kind of block from the av security virus not allowing anything but it to be opened, which is why you must click off each box and remove them.

Last edited by dielaughing2 on 21st June 2010, 2:03 am; edited 1 time in total (Reason for editing : grammer)

I've been trying to remove AV since 2 days ago. I came across this page and it seems this might work, but I have tried to download HijackThis in normal mode and in safe mode and it won't let me. It just says that the "550 CWD command fialed...permission denied." Is there something else I can try? Also, can I download HijackThis in safe mode because the normal mode is giving me a lot of problems.

I appreciate your help. Thanks!

man, not to be rude or anything, but did you even bother reading this thread some? The answers to all your questions and problems are already covered here you just have to read and try.. Safe Mode With Networking would be where you start, but before you do that do yourself a favor and read this entire thread! Especially read the instructions, download the two things in safe mode w/networking and don't leave out reading my posts 'cause I don't wanna hear you askin more questions that have already been asked and answered..

Last edited by dielaughing2 on 23rd June 2010, 8:18 am; edited 1 time in total (Reason for editing : more info to add)

This is probably going to sound like a stupid question, but I want to get this out of my computer without ruining everything. I wasn't able to do the part of the instructions about HijackThis, but I did the second part and it's running fine. However, I went into the registry to make sure and it looks like some of the files that in the manuel removal are supposed to be deleted. But only some of them are there, and some aren't. Should I delete them? I'm assuming that maybe they're what would have been deleted if I did HijackThis right.

This didnt work for me

Im trying to install HijackThis on the windows XP where this funny program is and the AV is blocking every freaking program that pop-ups.

Help?!

Bump

Read the entire thread for f*** sake! You will never get rid of it unless you actually read this whole thread and inform yourself .. know what Safe mode is?!!!!!!!!!!!!!!!!!!!!!!!!

https://2img.net/h/i156.photobucket.com/albums/t26/PaddedWalls/AVSecuritySuiteMalwarebytes.jpg
^^This is total BS! Why can't I post a pic out of my own photobucket??! Only a link.. c'mon.. that's just lame!

this is what you should end up lookin at once you've actually read through and followed the full instructions in this thread.

Last edited by dielaughing2 on 25th June 2010, 2:48 am; edited 2 times in total (Reason for editing : This is total BS! Why can't I post a pic out of my own photobucket??! Only a link.. c'mon.. that's just lame!)

I can't download HiJack this, unable too. I tried looking for other sites with it and still no use..
Im on safemode right now..

I downloaded Malware Bytes and I did quick scan and it found no infections, I did perform full scan and it did, and I removed the infected but still AV is still on my PC

I tried using combo fix and still no use. Whats wrong?!

Orbox,

Have a look at the pre-posting instructions link in my signature and post a topic in the malware removal forums. Someone will help you

I was able to download the HijackThis executable to my Desktop, but the virus/infection won't let me install the actual application. Suggestions?

i can't open anything besides firefox and this av security is still on my computer, i downloaded the malware thing and i can't open it av blocks it. please help

Hi!
This is my first post here.

I had a problem while following the istructions.
I Used a proxy server for my LAN.
I downloaded Hijack this and fixed this 2 things
O4 – HKLM\..\Run: [random] c:\documents and settings\user\local settings\application data\random\random.exe
O4 – HKCU\..\Run: [random] c:\documents and settings\user\local settings\application data\random\random.exe

Everything was going OK, but Then I restarted my notebook and I pressed F8 many times... but nothing happened. Nothing at all.
My notebook then shifted to a black screen that says "Press F11 to restore" (in italian is "Premi F11 per ripristinare", I don't know if in English "restore" is the precise word).

Now every time my notebook starts it stops on this screen and there is nothing I can do to make windows XP start.
Is my notebook to burn now?
Any help?

worked great! only took a couple of minutes av is off my computer now!

I was trying to follow your instructions but after I unchecked use a proxy server, and then ok, Apply was not an option to click. Another idea?

I went to uncheck the LAN settings on IE and it checked it right back. I cannot do anything with it because of all the "infected" pop ups. any suggestions on what to do? I am so frustrated right now because I cannot do anything on my computer. I am trying to follow the instructions on a laptop to fix my PC, and well, I am ready to just scream... can someone help me please on getting this AV thing off my computer

Hello, gdoggluke, dmassinger, and luvz2play.

Welcome to GeekPolice.net.

• Read and follow the steps in this topic.
  
• Then, post a new topic containing those logs in this section.

Thanks!

I removed AV Security Suite Virus and it returned the next day. Removed AV Sec Suite Virus again using Malware both times. This time I did a full scan and found additional AV viruses in my registry. I'm hoping for the best.

Good luck All

If you need help, please follow my instructions on the post above.

I am really hijacked. I can use Firefox but can not change the LAN settings in Explorer.

When I get to the line "After that, download HijackThis from HERE and save it to your desktop." nothing happens.

What can I do?

Thank you!

Please follow the same instructions from post 37.

dmassinger wrote:

It will not let me download the HijackThis , Suggestions?

Please follow the same instructions from post 37.

I got this stupid Virus yesterday, Been working on it since. Followed these instructions (although I had to download HijackThis from somewhere else because the link wouldn't work.) and the first time I did the malwarebytes scan it showed viruses, but a family member was helping me and after we downloaded Malwarebytes and scanned (we did a full scan, without the instructions now, we thought we didn't need the instructions anymore ._.; and then the popup said "It couldn't remove everything, restart your PC?" we thought it meant that the virus was still there, so we clicked no. After that, we tried multiple things, and now im back again, following the directions. I did the quick scan, Gasp, Nothing there? I did the full scan, gasp, nothing there either! So I restart my PC, and I can go everywhere EXCEPT for Internet Explorer (im on Safe mode atm), because when I click on internet it says "Warning, this website (google) is potentially dangerous & stuff, and like buy our fake program or scan " and pretty much thats the virus, except its only on internet, where before I couldn't open ANYTHING because it said "this has a virus!" Sigh. Great, it wont even SHOW UP on the scan, and I still have it. How can I get rid of it on the internet too, I already did the proxy thing, its still unchecked but it still wont work. Safe mode is the only internet I can get, and I heard from a friend who works at a computer company that I cant go online in Safe Mode to places like myspace and stuff because ill spread the virus and I'll get banned. (I tried to log into myspace on safemode before & it just refreshed the homepage. Could it be im banned now?) I hate AV Security Suite, its messed up my computer, is now invisible to the scans, and has infected my Internet. Joy. :sad:

An alternative method i used.

I used Vista's windows restore in safe mode to its earliest point
then rebooted and downloaded malware bytes. ran it didn't find anything.
everything is unlocked and running ok

Thank you SO MUCH!

This was the first thing I tried and it worked like a charm, everything seems to be back to normal... But I'll certainly be keeping those two programs handy on my computer in case of anything else happening.
I was on youtube with my little brother and he clicked a side link before I could stop him and there we go, AV Security Suite had infected my computer.
But, all's well that ends well I suppose.

Thank you so much for your help!!!!! Your information fixed my computer! Thank you, Thank you!!!!!

Thanks SO MUCH, worked perfectly!!

Can't get past first step. When I try to change proxy settings it just resets. RKill won't execute, Task Manger ony stay up for a second.

Please help.


Thanks in advance.

Thank you so much