Vista Antispyware 2010
You must be aware of the fact that Vista Antispyware 2010 is a bogus computer security. The malware will target specific machine running under Windows Vista. It has a tendency to rename itself to match victim’s system. On XP machines, it can name itself as XP Internet Security, XP Guardian or Antivirus XP 2010. The same process applies to different Windows versions. These programs will propagate via Trojan and their own fake security websites Vista Antispyware 2010 is promoting itself as a real antivirus program that will remove threats and viruses from your machine.
When Vista Antispyware 2010 resides on your computer, it will always display fake alert messages that tell you about security risks. This detection is far from your computer’s real status. Even a clean unit will collect the same findings. That is how rogue program works to fool its victims.
It will prompt to remove these threats by redirecting Internet browser to a payment processing website where fraudulent transactions will take place. Keep in mind that having the full versi0n of this rogue program will never resolve computer problems. In fact fake programs must be remove from your computer using only a legitimate and effective anti-malware application.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
Vista Antispyware 2010 Removal Procedures
Vista Antispyware 2010 REMOVAL TOOL:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.
MANUAL REMOVAL PROCEDURE:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Vista Antispyware 2010″. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
av.exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the system and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Vista Antispyware 2010 Virus.
4. Registry entries created by Vista Antispyware 2010 must also be removed from the Windows system. Please refer below for entries associated to the rogue program.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.
5. Exit registry editor.
6. Get rid of Vista Antispyware 2010 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
av.exe
7. Click Apply and restart Windows.
Technical Details and Additional Information:
Malicious Files Added by Vista Antispyware 2010
%UserProfile%\AppData\Local\av.exe
%UserProfile%\AppData\Local\[random chaaracters]
File Location for Windows Versions:
- %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
Vista Antispyware 2010 Registry Entries:
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?
Rick
Feb 13, 2010 @ 21:12:24
if your on vista when the infection is happening and cannot install malwarebyte save the setup to your desktop and right click, go to run as administrator.
busymum
Mar 03, 2010 @ 13:17:46
thanks for the above, its really saved me today. I read on another forum that you get it from porn sites but just to warn others I think mine came from a seemingly innocent recipe video – definitely no porn involved.
Aaron
Mar 27, 2010 @ 19:18:11
@Rick
Thanks for the tip (run as admin)
Thats what I ended up needing to do.
zola farrior
Apr 02, 2010 @ 01:05:21
Can you PLEASE stop your post on my computer it’s very distirbing, If I want to continue to use your spyware I’ll renew it. You know that this is a form of harassment! So PLEASE stop the reminders
Aido
Apr 05, 2010 @ 22:11:29
lol this is the site too remove that annoying software not supply it
Alli
Apr 06, 2010 @ 22:46:23
I tried to do this, but it won’t let me on the internet at all. I also tried to manually delete it through the registry, but now it won’t let me on the registry (it won’t run any of the programs that I enter in the ‘run’ field, says that the computer doesn’t have the capability). I can’t open anything now, it’s completely shut down my computer and I’ve had to use another computer just to search for solutions.
Mark
Nov 21, 2010 @ 22:32:26
I used Malwarebytes but the thing still pops up, it was gone for a day and returned. I used the scanner again and it told me to restart to delete the file. Upon restart the thing was still popping up. Help please
Brittany Miller
Mar 12, 2011 @ 14:29:34
This virus is tricky I cna’t seem to remove it yet it wont let me download real virus protection and it wont let me install one from a data stick….
Also I got it from downloading a free game trial from pop cap which is a legit game place and I’ve never had problems before!
Emma
Apr 22, 2011 @ 13:06:00
Thanks for the help!
This wouldn’t let me load any websites up, luckily I already had AVG installed, I had to right-click and run as administrator to get it to load, but once it did and it updated and scanned and I restarted, it removed the virus.
Hope this helps as well :)
halie
May 01, 2011 @ 23:32:29
I have tried everything and nothings working, I also have avg installed but even opening as admin doesn’t work… what can I do now???
Jonny
May 13, 2011 @ 15:37:42
Thank you so much for this solution! I panicked when I got this virus and quickly searched it up and came to this website. The Malwarebyte successfully removed the virus and I can now use the internet browser properly. Comment number 1 & 9′s solution worked, So thank you very much!