AV Security Suite
Encyclopedia
AV Security Suite is a piece of scareware
and malware
or more specifically a piece of rogue security software, which poses as a pre-installed
virus scanner on a victim's computer system. It is currently known to affect only Microsoft Windows
systems, though may simply operate under a different name on other platforms to better fit in with their user-interfaces, as its disguise is a key component of its success. In the task manager it appears as a string a random characters that end with "tssd.exe" – an example is yvyvsggtssd.exe. It also can show a random string of characters that end with "shdw.exe".
). AV Security Suite will show results of a fictitious virus scan, this time using its own name, informing the user that their system is infected by viruses. Using a variety of different messages, some imitating Windows and some under the software's real name, it instructs the user to upgrade to the full version of AV Security Suite to remove the viruses. It then fakes the presence of unspecific viruses by performing actions such as preventing the opening of any programs (including Windows Task Manager
) and blocking internet connections. In essence, it renders a system almost useless. Since it is disguised as an anti-virus program, it is not considered to be a virus to any accessible anti-virus or anti-spyware programs.
or other Adobe components found in regular websites, and so does not require voluntary download of software by the user. It has also been known to attack using Java
software. There are currently no effective tools available to remove it, though some that claim to be able to do so are questionable in authenticity. Very few virus scanners are capable of detecting and removing the program. Norton and AVG Free Edition have been reported not to detect it. The paid edition of Malwarebytes' Anti-Malware
has detected and removed it while the system is in safe mode, however a few months later the messages and program had come up again. While an operating system is infected, the malware will notify the user of infected system files and change the proxy server settings of the user's web browser so that the user will be under the false perception of no longer having Internet access. In addition, two websites that were not manufactured by the company will spontaneously pop up on the user's computer. One of these websites is for the erectile dysfunction drug Viagra, and the other is a pornographic website. Users are advised to dispose of the AV Security Suite virus immediately after their computer becomes infected, as the virus is possibly dangerous for younger users.
Another alternative to these methods is to open the task manager immediately after booting the computer system and killing the process ending with "tssd.exe" or "shdw.exe" as soon as it appears under the list. After, one should restart their computer in safe mode and run a virus scanner, which will most likely detect the virus.
Alternatively, computers using multiple boots with a non-Windows operating system, such as most Linux
distributions, can also access these files outside of Windows to delete them. Using a linux Live CD
such as Ubuntu
or Fedora is notably the most successful of these methods, as it can be booted from a CD drive instead of the hard drive.
, actions (dropping malware which attempts to send users to the same exact adult websites), and method of infection reveals it is likely that this piece of malware was developed, or at least inspired by, the same group which developed the fraudulent Antivirus System PRO, Antispyware Soft, Antivirus Center, and Antivirus Live, along with a number of other rogue antivirus applications. The claim on AV Security Suite's website, however, states that the developers of the program are based in London.
Scareware
Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at...
and malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
or more specifically a piece of rogue security software, which poses as a pre-installed
Pre-installed software
Pre-installed software is the software already installed and licensed on a computer bought from an original equipment manufacturer .-Bundled software:...
virus scanner on a victim's computer system. It is currently known to affect only Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
systems, though may simply operate under a different name on other platforms to better fit in with their user-interfaces, as its disguise is a key component of its success. In the task manager it appears as a string a random characters that end with "tssd.exe" – an example is yvyvsggtssd.exe. It also can show a random string of characters that end with "shdw.exe".
Methods
After being installed on a target system, AV Security Suite sends out simulated virus alerts using pop-up windows that open from the rightmost section of the task bar. These notifications appear the same as those used by Windows itself, so can look genuine to a user not familiar with Windows' own style of reporting viruses (Windows DefenderWindows Defender
Windows Defender, formerly known as Microsoft AntiSpyware, is a software product from Microsoft to prevent, remove, and quarantine spyware in Microsoft Windows...
). AV Security Suite will show results of a fictitious virus scan, this time using its own name, informing the user that their system is infected by viruses. Using a variety of different messages, some imitating Windows and some under the software's real name, it instructs the user to upgrade to the full version of AV Security Suite to remove the viruses. It then fakes the presence of unspecific viruses by performing actions such as preventing the opening of any programs (including Windows Task Manager
Windows Task Manager
Windows Task Manager is a task manager application included with the Microsoft Windows NT family of operating systems that provides detailed information about computer performance and running applications, processes and CPU usage, commit charge and memory information, network activity and...
) and blocking internet connections. In essence, it renders a system almost useless. Since it is disguised as an anti-virus program, it is not considered to be a virus to any accessible anti-virus or anti-spyware programs.
Infection
AV Security Suite can infect computers using Adobe flashAdobe Flash
Adobe Flash is a multimedia platform used to add animation, video, and interactivity to web pages. Flash is frequently used for advertisements, games and flash animations for broadcast...
or other Adobe components found in regular websites, and so does not require voluntary download of software by the user. It has also been known to attack using Java
Java
Java is an island of Indonesia. With a population of 135 million , it is the world's most populous island, and one of the most densely populated regions in the world. It is home to 60% of Indonesia's population. The Indonesian capital city, Jakarta, is in west Java...
software. There are currently no effective tools available to remove it, though some that claim to be able to do so are questionable in authenticity. Very few virus scanners are capable of detecting and removing the program. Norton and AVG Free Edition have been reported not to detect it. The paid edition of Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a computer application that finds and removes malware. Made by Malwarebytes Corporation, it was released in January 2008...
has detected and removed it while the system is in safe mode, however a few months later the messages and program had come up again. While an operating system is infected, the malware will notify the user of infected system files and change the proxy server settings of the user's web browser so that the user will be under the false perception of no longer having Internet access. In addition, two websites that were not manufactured by the company will spontaneously pop up on the user's computer. One of these websites is for the erectile dysfunction drug Viagra, and the other is a pornographic website. Users are advised to dispose of the AV Security Suite virus immediately after their computer becomes infected, as the virus is possibly dangerous for younger users.
Removal
As the program will stop nearly all processes including shutting your computer down, the simplest removal method is to rebuild your computer from scratch using a previously made backup. The previously recommended method of restarting your computer in SAFE MODE rarely works with the more recent versions of this malware. Attempts to boot into SAFE MODE in newer versions usually result in a blue screen of death. If the user can get into SAFE MODE, they must search through the hidden system files (usually hidden to protect the user from accidentally deleting vital information from the system) and look for the malware manually. It will be disguised under an incoherent-looking string of letters and will not always include tssd.exe at the end.Another alternative to these methods is to open the task manager immediately after booting the computer system and killing the process ending with "tssd.exe" or "shdw.exe" as soon as it appears under the list. After, one should restart their computer in safe mode and run a virus scanner, which will most likely detect the virus.
Alternatively, computers using multiple boots with a non-Windows operating system, such as most Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
distributions, can also access these files outside of Windows to delete them. Using a linux Live CD
Live CD
A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
such as Ubuntu
Ubuntu (operating system)
Ubuntu is a computer operating system based on the Debian Linux distribution and distributed as free and open source software. It is named after the Southern African philosophy of Ubuntu...
or Fedora is notably the most successful of these methods, as it can be booted from a CD drive instead of the hard drive.
Developers
An analysis of the virus' graphical user interfaceGraphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
, actions (dropping malware which attempts to send users to the same exact adult websites), and method of infection reveals it is likely that this piece of malware was developed, or at least inspired by, the same group which developed the fraudulent Antivirus System PRO, Antispyware Soft, Antivirus Center, and Antivirus Live, along with a number of other rogue antivirus applications. The claim on AV Security Suite's website, however, states that the developers of the program are based in London.