Antispyware Soldier Removal Guide

Table of contents.
Why do you need to get rid of AntiSpyware Soldier?
What installs Antispyware Soldier without your knowledge and consent?
Are you infected?
Automatic removal of the Anitspyware Soldier trojan
Manual removal of the Antispyware Soldier trojan
Alternate Antispyware Soldier manual removal instructions

AntiSpyware Soldier is a corrupt anti-spyware program illegally installed to user computers by widely spread trojans, through malicious advertisements, and via numerous exploits. This application is not only a weak spyware remover, but also a clone of the infamous SpyAxe, Spyware Strike, SpyFalcon, Spyware Quake, Spyware Sheriff and VirusBlast risks.

Results of thorough tests we have conducted reveal that although the program does not produce false positives and really finds some malicious parasites, it cannot completely eliminate most prevalent infections, and therefore is definitely unable to protect user privacy and system security.

The application refuses to remove any parasites it finds and asks to register and purchase the full product. Essential program components like Soldiers, real-time monitors, are not available in the free version.

Antispyware Soldier is a trojan that displays an icon in the system tray. This icon shows a message, which says that the compromised computer is infected with dangerous spyware parasites and asks the user to download and install a removal program, which actually is AntiSpyware Soldier, the same named corrupt illegally distributed spyware remover. Once the user clicks on that message, the trojan opens a web site distributing AntiSpyware Soldier. It may also try to download the application. The trojan is able to change the Internet Explorer default home page and redirect the web browser to malicious web sites. Furthermore, it can secretly download from the Internet and install malicious parasites to the infected system. Antispyware Soldier automatically runs on every Windows startup.

Your system is infected with Antispyware Soldier if you can see any of the following symptoms:

a) There is a suspicious icon in the system tray. It might be a circle with a red cross or an icon similar to one of the Windows Update tool.

b) A suspicious icon in the system tray pops up a message saying that your computer is infected with dangerous parasites. It asks you to download and install a removal program, which actually is AntiSpyware Soldier.

c) You receive a warning purportedly generated by Windows Security Center. It states that your computer runs slowly. It also says that your PC might be infected with dangerous spyware or adware. The warning asks you to download a spyware remover, which actually is AntiSpyware Soldier.



d)
Some unknown anti-spyware program that you didn’t install keeps displaying scan reports, alerts and warning messages. Each of them says that your system is infected and asks you to remove spyware.

e) AntiSpyware Soldier, a corrupt spyware remover is installed to your system. It runs on every Windows startup. The program’s main window is shown above.

f) Your Internet Explorer home page has changed and you cannot get it back. Now you get a warning page saying that spyware is detected on your PC and asking you to run a free scan in order to remove malware.

g) Your web browser is redirecting you to a suspicious anti-spyware site (ANTISPYNETWORK, http://antispynet.com) or other unsolicited web pages.

h) Any of the following processes are running:
C:\WINDOWS\susp.exe
C:\WINDOWS\System32\a.exe
C:\WINDOWS\System32\officescan.exe
C:\WINDOWS\System32\runsrv32.exe
C:\WINDOWS\System32\smartdrv.exe
C:\WINDOWS\System32\tcpservice2.exe
C:\Program Files\Antispyware Soldier\antispysoldier.exe

Windows 2000 users should replace WINDOWS with WINNT here.

i) Your HijackThis log contains any of the following entries:
O2 – BHO: (no name) – { [CLSID, a combination of letters of digits] } – (no file)
O4 – HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 – HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – HKCU\..\RunOnce: [srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – HKLM\..\RunOnce: [srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – Startup: antispysoldier.lnk = C:\Program Files\Antispyware Soldier\antispysoldier.exe

Windows 2000 users should replace WINDOWS with WINNT here.

Removing the Antispyware Soldier trojan along with the same named corrupt spyware remover automatically is easy. Just follow these steps:

1.
Download PC Tools STOPzilla or Webroot Spy Sweeper. These programs are the most effective and popular spyware removers available.
2. Install the downloaded program to your system. Read STOPzilla and Spy Sweeper tutorials to learn more.
3. Update the installed anti-spyware.
4. Run full system scan.
5. Remove all the threats the application will find.

Please note that eliminating the parasites automatically might be a paid function, which is not available in the limited free version. Purchasing STOPzilla or Spy Sweeper makes these products fully functional also enabling built-in real-time protection.

1. Download the SmitFraudFix tool and unpack its files to a chosen folder.

2. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the Antispyware Soldier entry. Uninstall the corresponding program.

3. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O2 – BHO: (no name) – { [CLSID, a combination of letters of digits] } – (no file)
O4 – HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 – HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – HKCU\..\RunOnce: [srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – HKLM\..\RunOnce: [srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – Startup: antispysoldier.lnk = C:\Program Files\Antispyware Soldier\antispysoldier.exe

4. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator’s privileges.

5. Once in Safe Mode, run the SmitFraudFix tool by executing the smitfraudfix.cmd file.
The official SmitFraudFix tutorial can be found here.

6. Delete the following directories (if present):
C:\Program Files\Antispy Soldier
C:\Documents and Settings\[Current User]\Local Settings\Application Data\AntispywareSoldier

If you cannot download or use the SmitFraudFix tool, please follow alternate manual removal instructions:

1. Download Pocket KillBox or KillBox utility.

2. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the Antispyware Soldier entry. Uninstall the corresponding program.

3. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O2 – BHO: (no name) – { [CLSID, a combination of letters of digits] } – (no file)
O4 – HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 – HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – HKCU\..\RunOnce: [srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – HKLM\..\RunOnce: [srv32] C:\WINDOWS\system32\runsrv32.exe
O4 – Startup: antispysoldier.lnk = C:\Program Files\Antispyware Soldier\antispysoldier.exe

4. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator’s privileges.

5. Once in Safe Mode, use either Pocket KillBox or KillBox to delete all the files from the list above present in your system.

Malicious files in C:\WINDOWS\System32 or C:\WINNT\System32:
a.exe
officescan.exe
runsrv32.exe
smartdrv.exe
tcpservice2.exe
alxres.dll
bridge.dll
dailytoolbar.dll
jao.dll
office_pnl.dll
questmod.dll
runsrv32.dll
smaexp32.dll
txfdb32.dll
udpmod.dll
winblsrv.dll
wstart.dll
winlogon.ini

Malicious files in C:\WINDOWS or C:\WINNT:
susp.exe
alexaie.dll
alxie328.dll
alxtb1.dll
btgrab.dll
dlmax.dll
pynix.dll
zserv.dll

Malicious files in C:\Program Files\Antispy Soldier:
antispysoldier.exe
bz.dll

6. Delete the following directories (if present):
C:\Program Files\Antispy Soldier
C:\Documents and Settings\[Current User]\Local Settings\Application Data\AntispywareSoldier
Starting STOPzilla for the first time
Using STOPzilla
Using STOPzilla real-time protection
Conclusion

STOPzilla, made by PC Tools, is one of the most effective and advanced spyware removal and real-time protection solutions available on the market. This product is not only very popular, but also highly appreciated by reputable computer security experts. STOPzilla provides superb easy-to-use protection from practically any kind of privacy and security threats.

More information about the product can be found in our STOPzilla review. Download STOPzilla.

By reading the following guide you will learn how to use STOPzilla in order to get rid of spyware, adware and other dangerous parasites.

STOPzilla is a commercial anti-spyware that costs 29.95 US dollars. However, you can try it out for free by downloading the limited trial version from our web site. The current size of STOPzilla 3.2 is less than 5MB, so the download shouldn’t take more than a couple minutes.

Now you can install the program. Double-click on the downloaded executable file to start the setup. Select the language you wish to use during the installation, read and accept the license agreement and select destination folder. In the next screen click on the Install button. The setup will copy files and register the program. In the next screen click on the Finish button. Now STOPzilla is installed to your system.


Image 1. Finish the setup

You may select the Start STOPzilla and scan for infections option. This would start the application after you exit the setup. However, this step is not required as in the next section you will learn how to manually launch the program and use it to check your system for infections.

To start the program you have to double-click on STOPzilla desktop icon or select STOPzilla shortcut from the start menu. Main program screen will appear.

1. Enabling OnGuard protection

On the first run STOPzilla will ask you to enable a real-time protection monitor called OnGuard. This tool detects running malicious processes, browser hijackers, keyloggers and prevents parasites from modifying the system. OnGuard is disabled by default. However, you are highly advised to turn it on, unless you are using different real-time monitor.

Within the appeared dialog click on the Yes button.


Image 2. Enable real-time protection

2. Updating the program

Now you should update the application. This step is very important, because without latest updates STOPzilla may be unable to detect and remove recent threats. Click on the Live Update link.


Image 3. Open the update screen

This will bring the Live Update window. Within it click on the Next > button to check for STOPzilla updates. Now the next section should appear. It contains the list of recent updates and allows to select what of them to install. All list items are select by default. You should leave them untouched, as all of them are required. Press the Next > button.


Image 4. Select updates

The application will contact its home server and download selected updates. The process may take a while, so be patient. Do not cancel it! Then STOPzilla will automatically apply updates. Click Finish after the process will end.


Image 5. Finish the update

1. Scanning the system for threats

To perform your first system scan click on the Scan Your Computer button (on Image 6 it is designated by the blue box). This will start default system scan, usually quick or full.


Image 6. Start default system scan or customize scan settings

To choose different scan type and check the system using it click on the Start Scan button (on Image 6 it is the red box). This will bring the System Scan section, in which you will have to select an appropriate scan type. Pick the Full System Scan option (on Image 7 it is in the blue box). Then press the Start Scan button (in the red box). This will start full system scan.


Image 7. Run full system scan

System scan takes a while, so be patient.

2. Analysing detected objects

After the scan is over the program will display a scan report, which contains the list of found parasites. Each item in this list can be expanded. Click on the + icon (on Image 8 it is designated by the red box) next to an item. You will see the list of objects related to the parasite distributed into groups according their type (Processes, Registry, Files, etc.). Each group of objects can also be expanded. Click on the + icon next to a group to view all files, registry entries, running processes and other malicious objects that the parasite uses.


Image 8. Examine found parasites

To get the parasite’s description and other information select its name with your mouse or keyboard and press the View details button (on Image 8 it is in the blue box). This will open an additional window similar to one shown on Image 9.


Image 9. Get additional information on the detected risk

3. Removing detected parasites

To remove found parasites from the system place a checkmark (on Image 10 it is in the red box) next to items you want to eliminate and then press the Fix Checked button (in the blue box).


Image 10. Select items you want to remove

STOPzilla will ask you to confirm the removal by displaying an additional window similar to one shown on Image 11. Please carefully read the legal notice provided in it. To continue with the removal click Continue Removal.


Image 11. Confirm your actions

After all the parasites were successfully removed click on the Finish button.

The program may need to reboot your computer in order to completely eliminate remaining spyware components on the next Windows startup. A message will be displayed (Image 12). You will have to save your work and then click press OK.


Image 12. Restart your computer if necessary

4. Restoring quarantined items

After each system clean up STOPzilla backups removed objects and saves them to a special Quarantine List, so that they could be easily restored later. This feature can help to repair the system in case harmless essential system objects were accidentally removed. To access the Quarantine List, click on the Click to View Quarantine List link (on Image 13 it is designated by the red box).


Image 13. View Quarantine List

The Quarantined Files section will appear. It contains the list of quarantine files corresponding to recently performed system clean ups. To view quarantined objects select the required file using your mouse or keyboard and press the Details button (on Image 14 it is in the red box).


Image 14. Select a quarantine file

You will see the complete list of objects removed during recent system scan. To restore certain items, place a checkmark next to them and press the Restore button. STOPzilla will ask you to confirm the action. If you really want to restore selected items, reply positively by pressing the OK button (on Image 15 it is in the red box).


Image 15. Restore selected items

STOPzilla includes the real-time protection tool called OnGuard. It consists of several specific tools called guards that can run independently from each other. By default all OnGuard guards are enabled. Each tool has its own settings. OnGuard provides truly effective protection that should be present on every system to which STOPzilla is installed.

To access OnGuard configuration click on the OnGuard button (on Image 16 it is designated by the blue box). This will bring the OnGuard Protection section. To enable real-time monitoring (if you haven’t done it before on the program’s first run) place a checkmark next to the Activate OnGuard option (it is in the red box).


Image 16. Enable OnGuard

All present OnGuard guards reside in the column (on Image 16 it is in the green box) located in the same section. To view current settings, alter configuration or turn off a particular guard click on its icon or name. In the right part of the screen you will guard’s properties. By default all OnGuard guards are enabled and configured for optimally effective protection. I suggest leaving the default configuration unchanged.

STOPzilla is a powerful, efficient and highly user-friendly anti-spyware program. This product is recommended for all computer users who need really working and easy-to-manage protection from practically any kind of spyware, adware, keyloggers, browser hijackers and other dangerous parasites.
Download STOPzilla


Files
Software
Compare
Like us on Facebook