Question

Q: Infected by Malware/Virus Vista Internet Security..

Infected by Malware/Virus Vista Internet Security..
Ravindra Mohan

Answer

A:

 

For the first part of this removal guide you will need to use a different computer than the infected one. This is also a tricky rogue to remove, so please follow the instructions carefully.  

Read this:

XP Security Tool 2010, XP Defender Pro, Vista Security Tool 2010, and Vista Defender Pro are all new rogues that are exactly the same program. They are just shown with different names and interfaces depending on the version of Windows that it is run on. This guide run under quite a few different names, which Bleepingcomputers have listed below based upon the version of Windows:

Windows XP Rogue Name
Windows Vista Rogue Name
Windows 7 Rogue Name
AntiSpyware XP AntiSpyware Vista AntiSpyware Win 7
AntiSpyware XP 2010 AntiSpyware Vista 2010 AntiSpyware Win 7 2010
Antivirus XP Antivirus Vista Antivirus Win 7
Antivirus XP 2010 Antivirus Vista 2010 Antivirus Win 7 2010
Total XP Security Total Vista Security Total Win 7 Security
XP AntiSpyware 2010 Vista Guardian Win 7 Antispyware 2010
XP Antivirus Pro Vista Security Tool Win 7 Antivirus Pro
XP Guardian Vista Security Tool 2010 Win 7 Guardian
XP Security Tool Vista Smart Security Win 7 Security Tool
XP Security Tool 2010 Vista Smart Security 2010 Win 7 Security Tool 2010
XP Smart Security Vista AntiMalware Win 7 Smart Security
XP Smart Security 2010 Vista AntiMalware 2010 Win 7 Smart Security 2010
XP AntiMalware Vista AntiSpyware Win 7 AntiMalware
XP AntiMalware 2010 Vista AntiSpyware 2010 Win 7 AntiMalware 2010
XP Antivirus Pro Vista Antivirus Pro Win 7 Antivirus Pro
XP Defender Vista Defender Win 7 Defender
XP Defender Pro Vista Defender Pro Win 7 Defender Pro
XP Security Vista Security Win 7 Security
XP Security 2010 Vista Security 2010 Win 7 Security 2010
XP Internet Security Vista Internet Security Win 7 Internet Security
XP Internet Security 2010 Vista Internet Security 2010 Win 7 Internet Security 2010

When installed, this rogue pretends to be an update for Windows installed via Automatic Updates. It will then install itself as a single executable called AV.exe that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches XP Security Tol 2010, XP Defender Pro, or Vista Defender Pro. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last, but not least, when try to browse to a web site, it will hijack your browser and state that the site is a security risk and not allow you to visit it.

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

Follow the EXACT uninstall info at the above link, running this Program: FixExe.reg and then scanning with Malwarebytes.

 

If necessary, do all the work in Safe Mode with Networking.

 

To get into Safe Mode with Networking, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode with Networking from list of options, then hit ENTER.

 

 

Read all info below before starting:

 

http://www.malwarebytes.org/mbam.php

 

Malwarebytes is as the name says, a Malware Remover!

Download the Free Version from the link above.

Download, install, update and scan once a fortnight.

 

How to use Malwarebytes after it is installed:

1. Open Malwarebytes > Click on the Update Tab  across the top> get the latest updates.

2. On the Scanner tab, make sure the Perform full scan option is selected and then click on the Scan button to start scanning your computer

3. MBAM will now start scanning your computer for malware. This process can take quite a while.

4. When the scan is finished a message box will appear

5. You should click on the OK button to close the message box and continue with the Malware removal process.

6. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

7. A screen displaying all the malware that the program found will be shown

8. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

9. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.

10. You can now exit the MBAM program.

 

 

If neccesary, also scan with this Program

 

 

http://www.spybot.info/en/index.html

 

Spybot Search & Destroy 1.6.2 is a very good, FREE Anti-Spyware Program.

Download, install and update it.

Once installed > Right-click on its Desktop Icon > Run as Admin

Then SCAN with it.

Update it, and scan your System once a fortnight.

 

 

 

Important re: Safe Mode

 

If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode.

To get into Safe Mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER.

RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode.

 

If unable to install above Programs in Normal Mode:

Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating Programs to remove them.

If that happens, reboot into Safe Mode with Networking (from F8 list of Startup Options), and install, update and scan from there.

 

 

Cheers.


Mick Murphy - Microsoft Partner

Did this solve your problem?

Sorry this didn't help.



 
Question Info

Views: 661 Last updated: March 26, 2018 Applies to: