Vista Security 2011

11 November 2010 71 Comments

Vista Security 2011 appears to be a reputable program for Windows. This virus intentionally incorporates the name Vista to appear as useful software and part of operating system. Unknown to many users, Vista Security 2011 targets PC running under the mentioned OS. In fact, the malware is part of a large family of rogue security application with primary objective of boarding the computer unannounced. It detects environment and gathers information such as operating system, hardware and software configuration, thus it install the version based on these data. Loading itself intelligently as XP Security 2011 on XP machine and Win 7 Security 2011 on Windows 7 system makes it a considerable software.

In general, Vista Security 2011 can enter the computer in deceptive means. Fake online virus scanner is utilized to plant the unwanted software on victims PC. Another carrier of Vista Security 2011 virus is explicit multimedia web sites that prompt visitors to download video player consisting of malicious code. Once, the harmful program enters the device, wide ranges of modifications are implemented. Internet browser homepage is hijacked and redirected to other fake security web sites. Windows registry will be altered allowing Vista Security 2011 to run by itself.

Its presence on the system can cause harsh aggravation including frequent display of forged local virus scan results and barrage of pop-up alerts and task bar warning messages. All in all, this potentially unwanted application repeatedly appears on desktop trying to promote the acquisition of the licensed version of Vista Security 2011.

The only solution we can recommend to stop these irregularities is to start running an entirely valuable anti-malware product. See the complete procedures below to eradicate Vista Security 2011 at once.

Screen Shot Image:

Image of Vista Security 2011

Alias: XP Security 2011, Win 7 Security 2011

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Vista Security 2011 Removal Procedures

Manual Removal:
1. Stop Vista Security 2011 process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
(random 3 characters).exe
winupdate86.exe

2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Vista Security 2011 entries as shown below.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.

5. Exit registry editor.
6. Remove Vista Security 2011 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
(random 3 characters).exe
winupdate86.exe

7. Click Apply and restart Windows.

Vista Security 2011 Removal Tool:
In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Technical Details and Additional Information:

Malicious Files Added by Vista Security 2011:
%AllUsersProfile%\bhdy5477ifksm,g9u772jsm55plo
%AppData%\Local\[random 3 characters].exe
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru
c:\[random].exe
c:\Program Files\Vista Security 2011
c:\Program Files\Vista Security 2011\VS2011.exe
c:\WINDOWS\system32\[random].exe
c:\WINDOWS\system32\winhelper86.dll
c:\WINDOWS\system32\winlogon86.exe
c:\WINDOWS\system32\winupdate86.exe

File Location for Windows Versions:
%AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\
%AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
%Temp% refers to C:\Windows\Temp\.

Vista Security 2011 Registry Entries:
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended 'Vista Security 2011' removal procedure from visitors so please use it at your own risks.

Before posting your comment, please check the following FAQ first if your inquiry pertains to payment refund and credit card issues.

Frequently Asked Question

You cannot apply for a refund on this site. We do not sell rogue security programs. It is clearly stated in the "Disclaimer" section of every fake anti-virus software articles that precisesecurity.com is not in any way connected with the product.You may apply for a refund on the site where you purchased the software. Contacting your credit card issuer may also help to get your money back.

How can I refund my payment for Vista Security 2011? Can I ask for a refund here?

When you searched the Internet for "Vista Security 2011," search engine might show our URL in the result because we have article that is relevant to your query. However, having this article on our web site does not mean that we are endorsing or selling the program. Read the whole article first before concluding that we are associated to the fake anti-virus.

How come that when I search for "Vista Security 2011," I ended up on precisesecurity.com?

We encourage you to dispute the online transaction made to acquire Vista Security 2011. You have been a victim of an online fraud with widely lucrative operation. Immediately file a complaint to your credit card issuer and get a charge back. Read this article for some guidelines.

Should I dispute the online purchase to my credit card company or bank? How can I do that?

71 Comments

barore
Nov 23, 2010 @ 00:00:41
I tried a ton of programs that claim to remove it but malwarebytes was the only one working! Scan takes almost 2 hours but is successful.
Pierre Cyr
Nov 25, 2010 @ 02:47:16
Tried regedit after booting into safemode route but there’s nothing listed in any of the places we’re told to look. Virus prevents any website opening up or exe starting from disk or usb stick.
The only thing that still works is email but no attachments allowed to open.
This virus is much worse than it seems. Looks like Ill have to format buds puter.
Bob duer
Feb 28, 2011 @ 18:19:11
I purchased vista security last week for my computer and it is no where to be found and my computer now cannot be used as viruses have attacked and I can not bring up.
Bob Duer
530-304-9436
Scoob
Mar 07, 2011 @ 02:36:03
This nasty thing just hijacked my sons vista pc, thankfully I have a Windows 7 laptop and found this page. Its now looking like the pc wont boot up but if it takes me all year im killing this virus!!! I cant afford a new pc for the boy just because someone decided to be nasty and invent this thing.
Scoob
Mar 07, 2011 @ 03:00:25
ran a system restore before finding this page and it seems to have solved the problem but still following steps listed to make sure its not there hidden
adams
Mar 10, 2011 @ 17:22:39
once i go to teh regedit search and get inside it, theres no way i can delete the file the delete option is greyed out, any ideas?
mohan
Mar 16, 2011 @ 10:33:59
hello adams vista security 2011 will be located in the temp,app,appilication data,or under program data folder u can check ur computer there will be 3 letters(random alphabets) files which will be having extension .exe trying searching that and remove that sice this virus will edit registry settings completly (you can check none of the virus removal tool will run they just crash)try a system restore to earlier point when ur system was working fine and again update ur antivirus and try scaning your system the best antivirus wat i recommend is kaspersky for any doudts try mailing ivapmohan at gmail com
charles miller
Mar 25, 2011 @ 17:17:47
To remove vista security 2011 from your system do a system restore.
it worked for me..
JJ
Mar 29, 2011 @ 05:24:14
Use VIPRERescue.com… It’s free and it works :D
william
Mar 31, 2011 @ 03:50:40
Don’t go to JJ’s spam site, will probably just be more of this stuff.
Joseph
Apr 04, 2011 @ 05:08:42
This thing just hijacked my comp out of nowhere tried system restore so far nothing, will try again and tha t doesnt work ill just have to buy anti virus software..
majdave
Apr 06, 2011 @ 05:53:35
Bob Duer – Do NOT buy the Vista Security. The whole thing is a scam. My daughter got it on her computer, probably through a “download update to movieviewer now” pop-up. Luckily, we recognized it as a virus and did not buy anything. Could not open firefox, could not open regedit. Finally located it by using task manager and right-clicking on the program (came up as voc.exe). Downloaded MBAM onto an external drive using my computer and then hooked it up to her computer and ran the program. Took 3 hours, but it found all 25 infected areas and cleaned this nasty bug out of the system.
majdave
Apr 06, 2011 @ 05:58:05
I would advise against trying the DIY modifications to your registry as it seems this virus takes on many different names. Just run a free anti-virus program like MBAM. Dave 256-313-4196 (work hours) if I can help.
Shelbell
Apr 07, 2011 @ 02:51:00
This virus is trying to scare you into buying protection against viruses, identity theft, etc. DON’T DO IT. It only wants your credit card information and will offer no protection and only makes matters worse. What was suggested to me is to start your computer in safe mode and download Malwarebytes Anti-Malware. Once you download it, you will want to perform a full scan. This will take a while. Watch a movie. Once it’s done, go ahead and get rid of those bad files.
Now I had a problem accessing the internet while the virus was on there, even in safe mode. On a separate computer, I downloaded spyware doctor from pctools.com onto a disk. When I inserted it into the infected computer, I opened the file and ran it. (You may have to run in normal mode versus safe mode). I had tried a trial (free) version of spyware doctor but it didn’t allow for a full scan with the trial. I went to uninstall it and it prompted me to buy a promotional item (which I found something I wanted anyway – cheap) and it gave me an upgraded trial (vs. paying the $29.99) that allowed me to scan and get rid of the virus it found. Again, you would want to run a full scan and get rid of the nasty bugs.
Good Luck with this beast!
Jeremy
Apr 07, 2011 @ 03:48:09
first thing which helped me alot was Ccleaner run cleaner, then run the registry cleaner, restart your computer. Use your anti virus software I.E. I used Kaspersky on the infected comp, even the free trial version will work then run a full scan and wait til it pops up then DISINFECT =) and then your all set to go.
kev
Apr 07, 2011 @ 05:44:48
This is how I removed vista security 2011
1.open the task manager.
2. find the 3letter processes with the same description
(e.g bwr.exe or tbb.exe processes name with bwr or tbb description)
3. right click the process and click open file location
4. it will transfer you to app.application etc. folder
5. click organize, click folder and search option
6. click view tab, click show hidden files and folders
then uncheck hide extensions for known file types
and hide protected operating system files (recommended)
7. now you will see bwr.exe (or whatever 3letter virus.exe)
8. go to the task manager, right click the 3letter virus and click
end process.
9. go back to the foler that has bwr.exe file.(#4 above)
10. click the bwr.exe one time and shift+d (which will erase
this virus permanently)
good luck
kev
Apr 07, 2011 @ 05:47:55
oh forgot to mention..
after you erase virus, don’t forget to do the reverse
(folder-organize-foler and search option)
click do not show hidden files and folders
click hide extensions for known file types
click hide protected operating system
nick 2006
Apr 07, 2011 @ 22:14:35
When ‘vista security 2011’ appears , do not close it. Press ctrl,alt,delete to open task manager window. on applications tab , right click on’vista security 2011’ . on drop down list , select ‘go to process’ it should then automatically open the process window and the offending file should already be highlighted. Select end process.
Yekkiw
Apr 08, 2011 @ 13:46:48
Oh man kev. thanks alot. really helped.
Lee
Apr 10, 2011 @ 01:22:57
Thanks kev
sunflower
Apr 11, 2011 @ 04:33:21
We had the virus.. and got rid of it.. but now can not locate ANY of our photos, music, documents.. anything at all. Is it gone? or just hidden?? any help would be appreciated!!
Thanks!
Harris
Apr 17, 2011 @ 10:17:27
Help required here : Already done system restore but upon reboot, the trojan/virus surface again. unable to run MBAM to clear this virus. Keeping me out of internet. Really sickening. What else must i do ?
Harris
Apr 17, 2011 @ 10:28:56
Even in safe mode this vista security virus can pop up
Lori
Apr 19, 2011 @ 01:47:49
Kev, I owe you one, really. This was a royal B#itch to get rid of, but it got through the first time I tried your method.
I want to make one update, everyone:
If the Virus is “open” when you try to delete this, it will have a window that pops up and says “you need permission to continue” or something along those lines. When that happens, follow Nick’s advice, and end the process, then you should delete it no problem.
Just remember to go to your recycle bin and be extra sure it’s gone for good.
Z
Apr 19, 2011 @ 22:02:51
Kevins method worked first try for me
Mike
Apr 23, 2011 @ 15:44:56
Easiest way to be rid of the virus (worked for me on my computer and my Daughters)
1. Close down computer
2. When booting the computer hit the F8 key to enter safe mode
3. Choose the option safe mode with command prompt
4. Once the computer boots enter rstrui.exe as a command
5. This will start system restore. Choose a restore date before the virus.
6. Let windows run its magic
7. Hopefully back to nomral operations.
elee
Apr 23, 2011 @ 17:59:18
system restore worked for me. all documents and programs and internet working ok
Anne
Apr 24, 2011 @ 08:43:58
Thanks a lot Kev <3 <3 <3 btw Mike n everyonw, what if I lost my restore system?
Mike
Apr 24, 2011 @ 10:59:40
Anne…I am not sure what you mean but not everyone has the system restore function turned on so that may be your case. Use the Kev method instead. You could always try the restore after by clicking the windows open programs icon and typing system restore in the command/start search box.
marcelsnews
Apr 25, 2011 @ 06:17:14
Oh thank Kev your solution perfectly works.
I did what you said and it works well. I think i’ve uninstall it successfully.
But Now it seems as my registry files have been damaged. I can not longer run any pre-installed program.
I’m running a ‘CHKDSK’ cmd. I don’t really know a way to repair damaged files. In fact, the computer doesn’t have any backup or restore point :-(.
Thanks.
abbey
Apr 25, 2011 @ 15:25:16
Kev thankyou so much! One in a million you are, truly amazing. My dad woulda’ bashed me up black n blue had he caught the virus running amuck on the comp, I owe ya.
Brittany
Apr 26, 2011 @ 04:35:41
I followed Kevin’s steps & now the virus is gone, but I can’t open internet explorer. It’s asking me what program I want to use toopen it & then when I try to run it that doesn’t work
Sue
Apr 26, 2011 @ 16:53:07
how do you get you money back? what is a phone number to call
Kefke
Apr 27, 2011 @ 21:40:41
Hey
did like kev said but have the same problems as marcelnews
if i now try to open like iexplorer it won’t work
all other shortcuts won’t work
does anyone know how i can fix this?
i can’t open word for example in my startup but it luckely will open a saved file in my documents.
thanks
f this virus
May 01, 2011 @ 19:34:04
Kev forgot to mention the little “i cant open anything after deleting this” part.
Go get the file exefix from here:
forums.techguy.org/windows-vista/990303-cant-open-exe-files.html
If you cant access the internet, go somewhere where you can and put the file on a usb disk or something. Put it on your desktop, and open it. It is not an .exe so it’ll open.
It worked perfect for me!
SoUpset
May 04, 2011 @ 06:13:35
So it looks like we all may have got played into screwing up our cpu’s even furthere after taking keg’s advice…has anyone heard or figured out what to do now that NOTHING on the CPU will work after this method in deleting the virus?
sharon
May 04, 2011 @ 13:34:12
first you stop the thing from running with ctrl, alt & del, and then turn off your computer as you would normally.
Open it again, except this time press f8 until you hear a couple of beeps.
select “open windows in safe mode with internet”
at some point, a box should open and ask if you want to use “system restore” select “yes” it will then open a box with dates in the past week. choose a date for the system to be restored to, a few days prior to the malware.
then just let the system fix itself.
after that, go straight to AVG and download their free malware removal program and run that.
Problem solved!
izequiele
May 05, 2011 @ 17:27:54
Thanks a lot big Kev
I owe you a pint
SoUpset
May 08, 2011 @ 00:04:10
Well I apologize to kev, I’m just frustrated but sharron what if ur system restore has been stopped by the virus already? I have deleted the virus like keV recommended but now my system restore won’t work my purchased version of mcafee won’t run a scan…NOTHING opens anymore…it always opens a box asking what program to open the file with!!!! Someone please HELP!!!!
Bevo
May 08, 2011 @ 14:55:08
I hit this problem & have no idea how it came in as I am usually very careful about rougue programs.
I run MS Security Essentials & this did not interecept it.
As I had no idea what this was and could no longer access the Internet as the fake web site & warning etc. kept coming up from the ‘MS shield’ logo, I removed MS Security Essentials (mistakenly thinking it may be related to this) & installed Norton, ran a full scan & removed any files. This however had no effect.
As I also have a Laptop which is OK and can access the Internet & can see that this describes exactly my problem, so am now trying to restore my PC to an earlier time & hope this will work.
Fingers crossed as this problem is a real shocker!
Ughhh
May 09, 2011 @ 02:38:06
@ SoUpset,
follow fthisvirus’ advice:
“Kev forgot to mention the little “i cant open anything after deleting this” part.
Go get the file exefix from here:
forums.techguy.org/windows-vista/990303-cant-open-exe-files.html
If you cant access the internet, go somewhere where you can and put the file on a usb disk or something. Put it on your desktop, and open it. It is not an .exe so it’ll open.
It worked perfect for me!”
chap
May 09, 2011 @ 03:04:22
to open system restore or other exe after deleting virus, right click n run as administrator
MommaBear
May 10, 2011 @ 05:20:05
Well, I have been trying all night to get rid of this darn thing but my laptop keeps turning off as soon as I start making any head way!! As soon as I can get it to stay running for more than 2 seconds…I will try KEV’s mwthod to this maddness and let ya’ll know.
MommaBear
Abinadi
May 10, 2011 @ 22:56:18
well i didn’t know it was a virus threat and i accidentally installed it i tried all the steps but nothing how can i get rid of it now that its on my computer?
Abinadi
May 10, 2011 @ 23:28:43
i have two accounts one name adinisrator and the other one that is for everybody but the one that is accesible to everyone is infeced with the virus how can i fix that?
MC
May 11, 2011 @ 01:22:24
I think I deleted the virus using malwarebytes. The problem is I try to do a system restore after and it says it won’t work. Also, when restarting windows defender automatically comes up with an error.
MC
May 11, 2011 @ 01:22:55
any ideas? it deleted 8 items, is that the correct amount?
Strikethrough
May 11, 2011 @ 07:36:29
This won’t effectively remove the virus, but it will let you brose your Internet while infected. YES! With any Browser.
Just go to “My Computer”, then on the address bar, type in “google.com”, or “facebook.com, or any other website. Too good to be true? Nope. Try it, it actually circumvents the activation of the virus. You are not activating mozilla directly or any other browser directly.
msal
May 12, 2011 @ 04:40:09
I tried the kev method and it looks like I erased the virus but just like everyone here I couldnt open programs. I loaded the EXE fix from a usb drive and so far so good. Im now able to get on line but Im still skeptical.Im going to run some anivirus software a few time just to maker sure its gone.
Lia
May 12, 2011 @ 15:33:07
Yay !
I got this virus today after trying to watch a film and after using kevs method and the link provided by ‘fthisvirus’ I managed to get rid of it and get my Internet working, just downloading the free AVG trial to do a quick check, took an hour and a half to sort out (plus research time on how to get rid of the buggar), but I’m just happy it’s gone!
Thanks to everyone who helped and gave advice, hopefully there will be no more set backs…
stetch
May 13, 2011 @ 02:26:08
Using kevs method I got to the point where I have found the location of the two xxx.exe (lsm, dem.exe) files though when trying to delete them it says I do not have permission to do this. I had ended both processes and application via task manager. When deleting didn’t work I tried tranfering to flash drive and system shut down. I was going to try to get into safe mode again (have only managed once in last few days) and try to find these files in system32 and delete now that I know the exact file name. The system reboots seconds into safe boot , and when trying to start windows normally it keeps going back to ‘start windows normally’ or ‘startup repair’, so it is in startup repair, and has been for some time. Last time running repair didn’t seem to do much, we’ll see. So I guess my main question is how do I get permission to delete those files in regular mode, and if I do get into safe mode, would I be able to seek out these files and delete them effectively? Anything explained would be nice. Sorry if this was confusing at all; reflects my current mental state! Argh this is so frustrating
alex
May 13, 2011 @ 09:45:33
sooo i used kev’s method it worked except now i can’t find windows firewall? help! it’s saying application isn’t found?
alex
May 13, 2011 @ 09:46:35
same goes for firefox!
Broderick
May 17, 2011 @ 05:10:08
I have malwarebytes, but the virus wouldn’t let me open it to run the scan. I found the virus in task manager (it was uuv.exe for me) and closed it, but as soon as I tried to open malware the virus would reopen. I did a system restore and it appears to have worked (so far).
Michelle
May 17, 2011 @ 15:16:38
I got this virus on Sunday and after a little research, found the following very helpful. I used RKILL to stop the virus process. The log file from RKILL showed me where file was located (it was in documents and settings\username\appdata\local) but I had to go into the folder options and uncheck “hide protected operating system files” in order to see the file. (file was named spk.exe) Once I did that, I was able to find the file and delete it. I then used Malwarebytes to scan the whole system, which took over 3 hours, but it found 4 issues and cleaned them all up.
Adam
May 17, 2011 @ 15:22:08
Hi there,
Just do SYSTEM RESTORE .. it will do the trick.
Set system restore 1 day before ..
I did it ..
Good luck.
Laura
May 18, 2011 @ 13:36:52
I have tried Kev method, however mine keeps blocking me on everything.
smitty
May 20, 2011 @ 01:41:35
allmost fell for it but closed it, went back in “time” and all is good SYSTEM RESTORE ROCKS!!
christine
May 20, 2011 @ 16:01:17
this thing has infected my daughters computer cannot do a restore as only comes up as other user and rejects her passwords and username cant get online and it wont let me install spydoctor in safe mode i think im going mad any help please
Mike M
May 20, 2011 @ 22:02:38
Kev’s solution worked great. However as a backup and in addition I ran Malwarebytes too. Malwarebytes is exceptional at removing as this is not the first time this has happened to me
Mou Lotti
May 21, 2011 @ 10:23:17
System restore worked for me too. Vista Security 2011 doesn’t allow you to run system restore, but you can do it on admin mode. Just right click system restore and choose ‘run as administrator’, then select to restore the day before (or more).
Good luck.
Sri
May 22, 2011 @ 10:58:35
1.open the task manager.
2. find the 3letter processes with the same description
(e.g bwr.exe or tbb.exe processes name with bwr or tbb description)
for me it was uei.exe.
3. right click the process and click open file location
4. it will transfer you to app.application etc. folder
5. click organize, click folder and search option
6. click view tab, click show hidden files and folders
then uncheck hide extensions for known file types
and hide protected operating system files (recommended)
7. now you will see bwr.exe (or whatever 3letter virus.exe uei.exe)
8. go to the task manager, right click the 3letter virus and click
end process.
9. go back to the foler that has bwr.exe file.(#4 above)
10. click the bwr.exe one time and shift+d (which will erase
this virus permanently)
After this point the virus will be cleaned up.But none of the exe will work.everything will say open with the following program.
at this point I restarted my system and while it was coming up I used f8 to go to safe mode and choose safe mode with commands.
then I ran rsturi and selected a date before my system got affected.and it works fine.
The reason I followed the above 8 steps is that sometimes when we restart with this virus it just crashes.so din take chances.
Sri
May 22, 2011 @ 11:04:48
Forgot to tell one more thing.If the exe files you are trying to run don’t work.Right click and run them as administrator.It will run.
2)to restore your system to a point where it was before it was affected , as I told press f8 multiple times before the booting and choose safe mode with commands.once the command prompt appears
c:\Windows\System32>rstrui.exe press enter
it will prompt a screen to restore the system to a earlier point.
GJ
May 25, 2011 @ 17:33:21
Thanx a lot Mike
mike solved my problem with his clear instructions
tahnx again.
Gary
May 25, 2011 @ 20:58:05
I am a 54 yr old professional I need my pc up and running…5 words
kev…you are a genius…
Chilly8
Jun 04, 2011 @ 11:12:13
This malware can spread through Flash ads as well. I was watching the Sharapova-Petkovic match via Meevos.TV the other day when the stream cut off and would not re-start. I suddenly found I had this “Vista Security 2011″ malware, and figured out that I somehow got it through one of the Flash ads on Meevos. There are people out there using flash ads to spread malware, such as Vista Security 2011.
Congress needs to pass a law making flash ads illegal. Malware can spread through Flash ads, as I found out the other dayu. therefore Congress should pass a law making flash ads illegal in video streams.
Therefore I advocate that Congress pass a law banning flash advertising, and cut off one outlet for malware to spread.
alex
Jun 13, 2011 @ 09:08:51
SOOOO there’s a new one except it’s “2012″ is the removal the same!?? help!!!!!!!!!
Late Nite Larry
Jun 18, 2011 @ 18:36:00
I received a customer’s laptop that was running Vista Premium 32-bit and it was infected with this Vista Security 2011 virus as a result of someone she loaned her PC to, installed a toolbar from filmfanatic while online shopping for movies. I speculated that this toolbar installed adware, which then nefariously ran a script that installed this Vista Security trojan.
It is definitely a very deadly virus.
I was able to remove the virus by running a program named UnhackMe in SafeMode; however, once the virus was removed my- customer’s PC was un-usable as no apps would actually execute or run.
To remedy this, and what I should have done initially,I created a parallel user account with admin level privileges with her identical desktop environment and icons etc..,
I then deleted her defective user account which had the infected registry/system files etc.., and vada ving vada voom her PC was like new.
I then installed MSE and ran a full scan with the result being 0 infected files found. I then installed WOT for Internet Explorer and advised my customer to observe the WOT’s warnings about fraudulent sites and to proceed with caution in the future when browsing.
This entire procedure took about an hour or so.
Carl
Jun 21, 2011 @ 20:15:40
Use mikes method it works so well ! Would recommend! Just done it perfect thanks mike !
Chris
Aug 10, 2011 @ 04:14:12
Kev, I LOVE YOU!!!!
Big Austin
Dec 18, 2011 @ 05:29:08
Thanks Mike who posted on 19 April 2011 at 10:02 pm. Kev’s way works but not for those of us with Windows Vista. It’s restoring as I speak. Before I tried going to backup restore on the laptop and was blocked. For those who missed it, I copied and pasted Mike’s directions.
Easiest way to be rid of the virus (worked for me on my computer and my Daughters)
1. Close down computer
2. When booting the computer hit the F8 key to enter safe mode
3. Choose the option safe mode with command prompt
4. Once the computer boots enter rstrui.exe as a command
5. This will start system restore. Choose a restore date before the virus.
6. Let windows run its magic
7. Hopefully back to nomral operations.