Vista Antispyware 2010 & can't run .exes or use system restore
7 replies, posted
The title says it all.
I have a virus on my computer called "Vista Antivirus 2010" which is slowing it down a ton and causing annoying messages to appear that say I have stealth intrusions and shit.
Now I can't run .exe files (Tried games, antiviruses, none work.) And I can't use System restore.
I'm trying booting my computer up in Safemode, but I want help that doesn't involve a reformat.
[url]http://www.bleepingcomputer.com/virus-removal/remove-vista-antivirus-2008[/url]
It is the same process i heard.
Malwarebytes didn't catch it, trying Spybot S&D.
I had this too. Google it. There are some registry entries you can delete to get rid of it.
I think it's gone.
I deleted the right registries and ran MalwareBytes again (Caught 3 viruses, two I was 100% sure were the virus I was looking for), now it seems to be gone.
I'm going to reboot, hopefully it's gone.
Ah, I had this a couple days ago. [del]It should have caught more than 3 though...[/del] actually, it looks like 3 is the correct number here.
Here's the quarantine list from when I had this infection.
[img]http://img246.imageshack.us/img246/1310/antimalware.png[/img]
Hopefully Malwarebytes removed a directory called SelectRebates from your computer.
ha, Familiar with this one.
What you should do...
The process is called av.exe right?
These are the possible locations it can be stored:
%System%\av.exe
%Temp%\av.exe
%Temp%\ixp000.tmp\av.exe
%UserProfile%\av.exe
%Windir%\av.exe
%Windir%\iexplore.exe
Find it, stop the process, delete it.
Next... Start -> Run -> regedit.
Find all av.exe strings and delete them all!
Next add these things to your registry, to get back acces to .exe, com and .msc files:
[url]http://dl.dropbox.com/u/4081738/comfix_vista.reg[/url]
[url]http://dl.dropbox.com/u/4081738/exefix_vista.reg[/url]
This is what is missing if you don't trust the .reg files and want to do it all by hand...
[code][HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\comfile\shellex]
[/code]
and presto, its gone...
darn amateurs
[b]Explanation of what it does:[/b]
The process binds to all .exe files.
you can no longer open com/msc/exe extensions.
Meaning that when you Shellexecute them it starts the process.
The process is a fake anti-virus that supposedly finds malware, trojans and other infections on your computer.
In order to remove them you need to buy the full version, as this shows up as a trial version.
You buy it, they steal your money.
And to think that people actually fall for this one...
[b]Why so helpful? ... I had it too, I hated it and got rid of it BY HAND, now its your turn.[/b]
(And I hope people will help me with my problem too...)
Lol decided to do a shits and giggles mbam full scan to see if I've picked any goodies up :v:.
Sorry, you need to Log In to post a reply to this thread.