How to remove vista internet security 2010

kmyousafzai · February 7, 2010, 8:59pm

Hi guys i am receiving the msg that your system on risk and bla bla , and can not open any web site ;

any idea

how to delete this system file,

av.exe

Crazybanana · February 7, 2010, 11:20pm

get this and save it to disk, then get [URL=“http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe”]this and save it too, to disk.

then delete all temp files and make sure “vista internet security 2010” is running and doubleclick on “FixExe.reg” and choose yes to add data.
then install mbam-setup.exe -> run it -> update it -> scan -> remove.

get ccleaner install it and run it. get [URL=“http://free.antivirus.com/hijackthis”]hijackthis and run it and see if there are any more files to be removed, but be carefull and do not remove any files you’ll need.

if you’re having trouble, try reboot into safe mode (f8), and do the removal process there.

the files this rogue malware creates is:
av.exe and WRblt8464P, and the regvalues it creates are:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

but malwarebytes anti malware (mbam) should be able to take care of it’s reg keys, if not - try from safe mode.

good luck

AlexDawson · February 10, 2010, 2:08am

And that is why you don’t install anything which you cannot vouch for. Even if you manage to fix all those steps, there is a chance it may not remove all the remnants. Fake security software is notoriously hard to remove, if I ever got infected by something like that I would hit the system restore button, if that wouldn’t make it disappear, it would be a format. I would be too paranoid that it might be stealing personal information (as those kinds of products tend to do).

Crazybanana · February 10, 2010, 10:58am

Yes, but these kind of malware can be very sneaky when it comes to the install process, especially to unexperienced users.
But of course i agree with you, one shall not install anything one do not know, is unsure about or cannot verify.