Virus help.... Vista security 2011

**dasteph** · 3 April, 2011, 18:55

Originally posted by krazylegz

The girlfriends lappy has got a nasty virus on it in the name of vista security 2011. A google search has returned with that it's a basicly false antivirus that shuts your current antivirus down and wants you to enter your payment details to get the full version, basicly stealing your money.

Now the ways to remove it in google aren't working for me.

Anyone got any ideas? I know I could reformat it but it has photos on which I need off, system restore is also not working

its malware so use malwrebytes to remove it. do it in safe mode with network support and update malwarebytes before you do a full scan.

**johnboy1974** · 3 April, 2011, 19:15

agreed- malwarebytes free version is very very good at getting rid of these nasties.

**krazylegz** · 3 April, 2011, 23:55

Thanks guys ill give it a bash but it wouldn't let me install anything earlier even in safe mode

**tacochuck** · 4 April, 2011, 00:01

Install Malwarebytes, update and then boot into safe mode and scan with malwarebytes!

You can download to usb drive from clean pc if needed!

**Elric** · 4 April, 2011, 00:08

maybe this might help you gonna need to kill vista security first

Vista Security 2011 manual removal:
Kill processes:
pw.exe MSASCui.exe

Delete registry values:
HKEY_CURRENT_USERSoftwareClassespezfile
HKEY_CLASSES_ROOTpezfile
HKEY_CURRENT_USERSoftwareClasses.exeshellopencomma nd "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassespezfileshellopenco mmand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternet FIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternet FIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternet IEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"

Delete files:
%UserProfile%Local SettingsApplication DataopRSK %UserProfile%Local SettingsApplication Datapw.exe %UserProfile%Local SettingsApplication DataMSASCui.exe %UserProfile%AppDataLocalopRSK %UserProfile%AppDataLocalpw.exe %UserProfile%AppDataLocalMSASCui.exe

**Cod3waX** · 4 April, 2011, 09:42

^If that dosent work

option 1

partition your C:/ drive
save anything u need on new partition
format reinstall windows (win 7 is the best)
Buy your anti virus 1 year licence i recommend ESET Smart Security 4

Option 2

Buy a new HDD for the lappy
Buy a CNM Sata HDD Docking station to look at old HDD
Buy your anti virus 1 year licence i recommend ESET Smart Security 4

**dik** · 4 April, 2011, 12:11

Should be an easy fix, done loads of similar fake anti virus removals by booting in safe mode then using system restore to a date before infection

**toeknee** · 5 April, 2011, 22:04

CCleaner is good at removing this kind of thing as you can remove the fake virus from the startup. then look for the path that it goes to and remove the executable, then reboot into safe mode and do a malware scan...

Hope this helps.

**arbia39** · 5 April, 2011, 22:33

Xptcprep tool to repair the communication problems

xptcprep.rar

Virus help.... Vista security 2011

Virus help.... Vista security 2011

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment