Fighting Vista Antivirus Pro and Vista Antimalware 2010
Vista Antivirus Pro is another one of those fake anti-virus programs that try to scare you into buying their bogus software. Like XP Antivirus Pro it prevents you from running almost any application and will run its own fake anti-virus program instead. To get around this, just right-click the application you want to run and select "Run as Administrator" and it should start normally.Typical anti-virus procedures apply (download Malwarebytes, update, boot to safe mode, scan) but the nasty part is that this virus makes a lot of malicious registry entries. Not all these entries may show up, especially if you've already run some sort of legitimate anti-virus software. However, failure to remove these files and entries can cause the virus to spring back even after running a full virus scan.
Delete these entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”%1? %
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”firefox.exe‚”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command‚”(Default)‚” = ‚”av.exe‚” /START ‚”firefox.exe‚” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command‚”(Default)‚” = ‚”av.exe‚” /START ‚”iexplore.exe‚”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ‚”AntiVirusOverride‚” = ‚”1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ‚”FirewallOverride‚” = ‚”1?
Also check for and delete these files:
%UserProfile%\Local Settings\Application Data\WRblt8464P
%UserProfile%\Local Settings\Application Data\av.exe
Good hunting!
Delete these entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”%1? %
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command ‚”(Default)‚” = ‚”av.exe‚” /START ‚”firefox.exe‚”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command‚”(Default)‚” = ‚”av.exe‚” /START ‚”firefox.exe‚” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command‚”(Default)‚” = ‚”av.exe‚” /START ‚”iexplore.exe‚”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ‚”AntiVirusOverride‚” = ‚”1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ‚”FirewallOverride‚” = ‚”1?
Also check for and delete these files:
%UserProfile%\Local Settings\Application Data\WRblt8464P
%UserProfile%\Local Settings\Application Data\av.exe
Labels: virus, Viruses, vista antivirus pro
posted by dagerm89 @ 2:25 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home