SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2007
    Location
    Hull.UK
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    how to remove vista internet security 2010

    Hi guys i am receiving the msg that your system on risk and bla bla , and can not open any web site ;


    any idea

    how to delete this system file,

    av.exe

  2. #2
    SitePoint Wizard silver trophy Crazybanana's Avatar
    Join Date
    Mar 2003
    Location
    In tha fruit cellar
    Posts
    1,379
    Mentioned
    32 Post(s)
    Tagged
    1 Thread(s)
    get this and save it to disk, then get this and save it too, to disk.

    then delete all temp files and make sure "vista internet security 2010" is running and doubleclick on "FixExe.reg" and choose yes to add data.
    then install mbam-setup.exe -> run it -> update it -> scan -> remove.

    get ccleaner install it and run it. get hijackthis and run it and see if there are any more files to be removed, but be carefull and do not remove any files you'll need.

    if you're having trouble, try reboot into safe mode (f8), and do the removal process there.

    the files this rogue malware creates is:
    av.exe and WRblt8464P, and the regvalues it creates are:

    HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
    HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
    HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
    HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

    but malwarebytes anti malware (mbam) should be able to take care of it's reg keys, if not - try from safe mode.

    good luck
    Who's to doom when the judge himself is dragged before the bar


  3. #3
    Follow: @AlexDawsonUK silver trophybronze trophy AlexDawson's Avatar
    Join Date
    Feb 2009
    Location
    England, UK
    Posts
    8,111
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    And that is why you don't install anything which you cannot vouch for. Even if you manage to fix all those steps, there is a chance it may not remove all the remnants. Fake security software is notoriously hard to remove, if I ever got infected by something like that I would hit the system restore button, if that wouldn't make it disappear, it would be a format. I would be too paranoid that it might be stealing personal information (as those kinds of products tend to do).

  4. #4
    SitePoint Wizard silver trophy Crazybanana's Avatar
    Join Date
    Mar 2003
    Location
    In tha fruit cellar
    Posts
    1,379
    Mentioned
    32 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by AlexDawson
    And that is why you don't install anything which you cannot vouch for
    Yes, but these kind of malware can be very sneaky when it comes to the install process, especially to unexperienced users.
    But of course i agree with you, one shall not install anything one do not know, is unsure about or cannot verify.
    Who's to doom when the judge himself is dragged before the bar



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •