"Vista Internet Security 2010" Malware

My wife's computer uses Vista Home OS and has Panda Internet Security (up to date) installed.  I have used this antivirus / firewall for many years without any problems.  An application named "Vista Internet Security 2010" has literally taken over hte computer with regular pop ups claiming that it has detected key logger software and lists a large number of other viruses whci it claims to have detected.  This application is not visible under installed programs and I have found it impossible to delete it or disable it.  It constantly requests registration and of course a payment and is blocking any internet access.  A further popup when opening internet explorer requests clearance for a file named "av.exe " to access the internet.  I have searched for this file (system and hidden files visible) but it is not visible in the given location.
 

Question Info


Last updated March 25, 2018 Views 29,003 Applies to:
Answer

Read BOTH links about this.

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

Antivirus Vista 2010, Win 7 Antispyware 2010, and XP Internet Security 2010 are new rogues that are exactly the same program, but are shown with different names and interfaces depending on the version of Windows that it is run on. After I wrote this guide, I was told that this rogue goes under quite a few different names, which are listed below:

  • Antivirus Vista 2010
  • Vista Antispyware 2010
  • Vista Guardian
  • Vista Antivirus Pro
  • Vista Internet Security
  • Vista Internet Security 2010
  • XP Guardian
  • XP Antivirus Pro
  • XP AntiSpyware 2010
  • XP Internet Security
  • XP Internet Security 2010
  • Antivirus XP 2010
  • Win7 Guardian
  • Win 7 Antivirus Pro
  • Win 7 Antispyware 2010
  • Win 7 Internet Security
  • Win 7 Internet Security 2010

    That is but one of the many fake SCAM so-called Security Programs out there.

    http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

    Follow the exact removal instructions at the above link to remove it using Malwarebytes, AFTER you have stopped the ROGUE Process.

Download, install, update and scan with each of the two programs below to check for/remove Malware/spyware.

If necessary, do all the above work in Safe Mode with Networking.

 

To get into Safe Mode with Networking, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode with Networking from list of options, then hit ENTER.

 

 

Read all info below before starting:

 

http://www.malwarebytes.org/mbam.php

 

Malwarebytes is as the name says, a Malware Remover!

Download the Free Version from the link above.

Download, install, update and scan once a fortnight.


How to use Malwarebytes after it is installed:

1. Open Malwarebytes > Click on the Update Tab  across the top> get the latest updates.

2. On the Scanner tab, make sure the Perform full scan option is selected and then click on the Scan button to start scanning your computer

3. MBAM will now start scanning your computer for malware. This process can take quite a while.

4. When the scan is finished a message box will appear

5. You should click on the OK button to close the message box and continue with the Malware removal process.

6. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

7. A screen displaying all the malware that the program found will be shown

8. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

9. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.

10. You can now exit the MBAM program.

 



 

http://www.spybot.info/en/index.html

 

Spybot Search & Destroy 1.6.2 is a very good, FREE Anti-Spyware Program.

Download, install and update it.

Then SCAN with it.

Update it, and scan your System once a fortnight.

 

 

 

Important re: Safe Mode

If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode.

To get into Safe Mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER.

RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode.

 

If unable to install above Programs in Normal Mode:

Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating Programs to remove them.

If that happens, reboot into Safe Mode with Networking (from F8 list of Startup Options), and install, update and scan from there.

Cheers.


Mick Murphy - Microsoft Partner

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Answer

A family member infected my main computer with this particularly vicious malware.   I followed directions in a post on this site concerning MalwareBytes, but that was not successful for me. 

I was eventually able to temporarily disable it by running Windows Task Manager.  Using this, I was able to find the "Vista Internet Security 2010" application, and kill it outright for a few minutes at a time.  Then,  by right clicking on that entry for "Vista Internet Security 2010" application, I was able to then click on "Go to Process" to find out the name of the rogue process involved.  For me, the rogue process was named AV.EXE.  I was then able to find and delete the AV.EXE file.

However, this was disastrous in terms of my computer in general, since I then found that the rogue malware had also modified my registry.  In fact, some  .EXE registry entries had been modified to refer to  something like "SEC".  My general registry entries for .EXE were damaged as well.  So,  after killing AV.EXE my computer was nearly defunct.  I could run no .EXE programs at all.

But, I eventually found that I coulld run .EXE programs by right-clicking on them, and running "Run as Adminstrator".  I was then able to fix my broken registry by fixing the .EXE file association link, through the use of http://www.winhelponline.com/articles/165/1/Restore-the-exe-file-association-in-Windows-Vista-after-incorrectly-associating-it-with-another-application.html.

The above procedure may not be perfect [ it would need to be run independently by someone else ].  But it may help.  This virus is a particularly nasty one.

Rich

P.S.  As an aside, I must admit that I was also slightly irritated with Norton AntiVirus folks.  Their software, which I have paid quite a few dollars over the years to use was useless.  I called support.  Instead of using my case as a way to improve and fix their software, they wanted to charge me $99.  The end result is that over time, I plan to switch to MalwareBytes. 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.