Saturday, 13 November 2010

Remove Vista Antispyware 2011 and Vista Security 2011 (Uninstall Guide)

Vista Antispyware 2011, Vista Security 2011 and Vista Antimalware 2011 are a few names of the same rogue security program that intentionally misrepresents the security status of your computer, pretends to scan your computer for malicious software and blocks certain executable files (.exe) from running. The scam is intended to frighten you into purchasing the fake program. Please do not purchase Vista Antispyware 2011, Vista Antimalware 2011 or any other rogue program from the list below. This rogue program is downloaded mostly by trojans that come from fake online scanners, infected websites or spam emails. The bad guys may also distribute their bogus products on Facebook, Twitter and other social networks. If you got hit by this rogue security program please follow the removal instructions below.

This rogue program goes by many different program names listed below.
  • Vista Antispyware
  • Vista Antispyware 2011
  • Vista Anti-Virus 
  • Vista Anti-Virus 2011
  • Vista Home Security
  • Vista Home Security 2011
  • Vista Security
  • Vista Security 2011
  • Vista Internet Security
  • Vista Internet Security 2011
  • Vista Antimalware
  • Vista Antimalware 2011
  • Vista Guard
  • Vista Total Security
  • Vista Total Security 2011
A screen shot of Vista Security 2011
Vista Antispyware 2011, Vista Security 2011 or Vista Antimalware 2011 pretends to be a security update for Windows. The fake Windows update looks quite convincing. Once the rogue program is installed, it will inform you that you are infected with new threats. The misleading application will then present itself and run a scan of the system. Of course, it will find numerous infections on your computer and then will ask you to pay for a full version of the program. Furthermore, the rogue program will block legitimate anti-malware software. The main process of this rogue program pw.exe and several newly added Windows registry values will launch the rogue program instead of the requested executable, e.g. Task Manager or MS Paint. While Vista Antispyware 2011 or Vista Guard is running, it will display numerous security alerts and "balloon messages" that appear in the lower right-hand side of the system. The rogue program will claim that Internet Explorer is infected with keylogger or that private data can be stolen by third parties. Some of the fake alerts read:
Vista Antispyware 2011 Firewall Alert
Vista Antispyware 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
The scan results and security warnings produced by the misleading application are entirely false and should be ignored. Last, but not least, this fake program will hijack Internet Explorer and Mozilla Firefox. It will display a fake alert message and block nearly all websites you attempt to visit. The message that you will see is:
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site's pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.


Things you can do:
- Get a copy of Vista Antispyware 2011 to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)


It goes without saying that you should remove this rogue program from your computer as soon as possible. It exaggerates the problems on the system and refuse to fix them until the vendor is paid. Please do not pay for a program that doesn't work. It will give you a false sense of security and may eve leads to potentially greater risks from more aggressive threats. If you have already purchased this bogus program then you should contact your credit card company and dispute the charges. We also recommend you to cancel your credit card. Finally, please follow the removal instructions below to remove Vista Antispyware 2011, Vista Security 2011 or Vista Antimalware 2011 from your computer for free using legitimate anti-malware applications. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!

Vista Antispyware 2011, Vista Security 2011 or Vista Antimalware 2011 removal instructions:

1. Click Start->Run or press WinKey+R. Type in "command" and press Enter key.


2. In the command prompt window type "notepad" and press Enter key. Notepad will come up.


3. Copy all the text in blue color below and paste to Notepad.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


5. Double-click on the fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

7. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus 4.

Associated Vista Antispyware 2011, Vista Security 2011 or Vista Antimalware 2011 files and registry values:

Files:
  • C:\ProgramData\[SET OF RANDOM CHARACTERS]
  • C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe
  • C:\Users\AppData\Local\[SET OF RANDOM CHARACTERS]
  • C:\Users\AppData\Roaming\Microsoft\Windows\Templates\[SET OF RANDOM CHARACTERS]
  • C:\Users\[Username]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS]
For example:
[SET OF RANDOM CHARACTERS] = d6e3porotq7359g8rm1q286zx
[3 RANDOM CHARACTERS].exe = hyf.exe

Registry values:
  • HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
  • HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe.exe" /START "%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
  • HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
  • HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
  • HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "%1" %*'
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
  • HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
  • HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
  • HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
  • HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
  • HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
  • HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "%1" %*'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
Share this information with other people:
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)