View Table: My Document

Title
remove antivirus vista 2010 - Malware removal
Doc

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

 

This is a rogue malware program

 

What this programs does:

Antivirus Vista 2010, Win 7 Antispyware 2010, and XP Internet Security 2010 are new rogues that are exactly the same program, but are shown with different names and interfaces depending on the version of Windows that it is run on. After I wrote this guide, I was told that this rogue goes under quite a few different names, which I have listed below:

  • Antivirus Vista 2010
  • Vista Antispyware 2010
  • Vista Guardian
  • Vista Antivirus Pro
  • Vista Internet Security
  • Vista Internet Security 2010
  • XP Guardian
  • XP Antivirus Pro
  • XP AntiSpyware 2010
  • XP Internet Security
  • XP Internet Security 2010
  • Antivirus XP 2010
  • Antivirus Win 7 2010
  • Win7 Guardian
  • Win 7 Antivirus Pro
  • Win 7 Antispyware 2010
  • Win 7 Internet Security
  • Win 7 Internet Security 2010

When installed, this rogue pretends to be an update for Windows installed via Automatic Updates. It will then install itself as a single executable called AV.exe that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches Antivirus Vista 2010, Win 7 Antispyware 2010, or XP Internet Security 2010. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last, but not least, when try to browse to a web site, it will hijack your browser and state that the site is a security risk and not allow you to visit it.

 

 

Vista Antispyware 2010
Vista Antispyware 2010
For more screen shots of this infection click on the image above.
There are a total of 14 images you can view.

 

 

Once started, the rogue itself, like all other rogues, will scan your computer and state that there are numerous infections on it. If you attempt to use the program to remove any of these infections, though, it will state that you need to purchase the program first. In reality, though, the infections that the rogues states are on your computer are all legitimate files that if deleted could cause Windows to not operate correctly. Therefore, please do not trust anything it states are infections.

While running, Antivirus Vista 2010, Win 7 Antispyware 2010, and XP Internet Security 2010 will also display fake security alerts on the infected computer. The text of some of these alerts are:

Tracking software found!
Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing security scan.

XP Internet Security 2010 Firewall Alert!
XP Internet Security 2010 has blocked a program from accessing the Internet
Internet Explorer is infected with Trojan-BNK.Win32-Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Just like the scan results, these fake security warnings and alerts are all fake and should be ignored.

Without a doubt, this rogue is designed to scam you out of your money by hijacking your computer and trying to trick you into thinking you are infected. Therefore, please do not purchase this program , and if you have, please contact your credit card company and dispute the charges. Finally, to remove Antivirus Vista 2010, Win 7 Antispyware 2010, and XP Internet Security 2010 please use the guide below, which only contains programs that are free to use.

 

Threat Classification:

 

Advanced information:

View XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 files.
View XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 Registry Information.
 

 

Tools Needed for this fix:

 

 

Guide Updates:

01/27/10 - Initial guide creation.
01/27/10 - Updated for new rogue names.
01/28/10 - Updated for new rogue names.
02/03/10 - Updated for new rogue names.

 


Automated Removal Instructions for XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 using Malwarebytes' Anti-Malware:

 

  1. For the first part of this removal guide you will need to use a different computer than the infected one. This is also a tricky rogue to remove, so please follow the instructions carefully. If you are concerned about whether or not you can do this, do not be, as I have made these instructions easy to follow for people of any computer expertise.

     
  2. From another computer, please download Malwarebytes' Anti-Malware, or MBAM, and the reg files from the following locations and save it to an external media such as an external hard drive or a USB flash drive. We will then use the external drive or flash drive to to transfer these files to your infected computer. If you do not own a USB flash drive, you can get one from any local or online computer store for a small price. An example of a good and cheap one can be found at Newegg. The files that you should download onto this device are:

    Malwarebytes' Anti-Malware Download Link - Everyone should download this

    FixExe.reg - Everyone should download this


     
  3. Once you have downloaded all the necessary files to a removable device, you need to plug it into your infected your computer so it can access them.

     
  4. On the infected computer make sure XP Internet Security 2010, Antivirus Vista 2010, or Win 7 Antispyware 2010 is running. If it is not, you can launch it by running any program on your computer as that will trigger the rogue program to run. Once running, do not close it during the entire length of this guide.

     
  5. Now open the drive that corresponds to the removable media that you copied the programs from step 2 onto. Once open, double-click on the FixExe.reg file. When Windows prompts whether or not you want to allow the data to be added to your computer, click on the Yes button.

     
  6. Now you should be able to run the mbam-setup.exe file that you saved on your removable media in step 2. Double-click on this file to install MalwareBytes' on to your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. If you already have MalwareBytes' installed, simply launch it now and continue to step 8.

     
  7. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.


    MalwareBytes Anti-Malware Screen
     

     
  8. On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 related files.

     
  9. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.


    MalwareBytes Anti-Malware Scanning Screen
     

     
  10. When the scan is finished a message box will appear as shown in the image below.


    MalwareBytes Anti-Malware Scan Finished Screen

     
    You should click on the OK button to close the message box and continue with the XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 removal process.

     
  11. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

     
  12. A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.


    MalwareBytes Scan Results

     

    You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

     
  13. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.

     
  14. You can now exit the MBAM program.
     

Your computer should now be free of the XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 programs. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

 

 

*******************************************

 

manual removal

 

 

Vista Antivirus 2010 manual removal:
Kill processes:
Vista Antivirus 2010.exe Uninstall.exe 
 
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Vista Antivirus 2010”
HKEY_CURRENT_USER\Software\Vista Antivirus 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vista Antivirus 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Vista Antivirus 2010
 
 
Delete files:
Vista Antivirus 2010.exe Uninstall.exe System Root%\\Samples User Profile%\\Local Settings\\Temp Program Files%\\Vista Antivirus 2010 Program Files%\\LabelCommand Documents and Settings%\\All Users\\Start Menu\\Programs\\Vista Antivirus 2010 Documents and Settings%\\All Users\\Application Data\\Vista Antivirus 2010 
 
Revised
3/13/2010
Key Words
info
Owner
Webmaster
upload
user ID
5