Vista Security 2011
Remove Vista Security 2011 virus by following the guide on this post. Download essential tools and removers to eliminate User Protection from an infected computer.
Vista Security 2011 appears to be a reputable program for Windows. This virus intentionally incorporates the name Vista to appear as useful software and part of operating system. Unknown to many users, Vista Security 2011 targets PC running under the mentioned OS. In fact, the malware is part of a large family of rogue security software with primary objective of boarding the computer without warning. It detects operating system and gathers information such as OS version, hardware and software details. Thus, it installs the version based on these data. Loading itself cleverly as XP Security 2011 on XP machine and Win 7 Security 2011 on Windows 7 system makes it a considerable software.
In general, Vista Security 2011 can enter the computer in deceptive means. Fake online virus scanner is utilized to plant the unwanted software on victims PC. Another carrier of Vista Security 2011 virus is explicit multimedia web sites that prompt visitors to download video player consisting of malicious code. Once, the harmful program enters the device, wide ranges of modifications are implemented. Internet browser homepage is hijacked and redirected to other fake security web sites. Windows registry will be altered allowing Vista Security 2011 to run by itself.
Its presence on the system can cause hassle including frequent display of forged local virus scan results and barrage of pop-up alerts and task bar warning messages. Overall, this potentially unwanted tool repeatedly appears on desktop trying to promote the acquisition of the licensed version of Vista Security 2011.
The only solution we can recommend to stop these errors is to start running an entirely valuable anti-malware product. See the complete procedures below to eradicate Vista Security 2011 at once.
Screenshot Image of Vista Security 2011:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
How to Remove Vista Security 2011
Step 1 : Activating Vista Security 2011
The malware will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.
Once activated, downloading of necessary program to scan and remove Vista Security 2011 is now possible. Use the registration code below. If it prompts for email address, you can input any email address.
REGISTRATION CODE: 1147-175591-6550Step 2 : Scan the computer with recommended removal tool
1. First thing you should do is reboot the computer in Safe Mode with Networking to avoid Vista Security 2011 from loading at start-up.
NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.
To start Windows in Safe Mode with Networking, please do the following:
a. Remove all media such as floppy drive, cd, dvd, and USB devices. Then, restart the computer.
b. Before Windows begins to load, press F8 on your keyboard.
c. It will display the Advanced Boot Options menu. Select Safe Mode with Networking.
d. Windows will now start in Safe Mode and at the same time will load necessary drivers so that you can access the Internet.
2. Download the Removal Tool and save it on your Desktop or any location on your PC.
3. When finished downloading, locate and double-click on the file to install the application. Windows' User Account Control will prompt at this point, please click Yes to continue installing the program.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, check prompts that software will run and update on itself.
6. Click Finish. Program will run automatically and you will be prompted to update the program before doing a scan. Please download needed update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. Scanning may take a while. When done, click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Vista Security 2011.
10. Finally, restart your computer.
Note: If Vista Security 2011 prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.
Step 3 : Ensure that no more files of Vista Security 2011 are left inside the computer
1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.
4. Once the file is downloaded, navigate its location and double-click on the icon (NPE.exe) to launch the program.
5. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
6. On NPE main window, click on Advanced. We will attempt to remove Vista Security 2011 components without restarting the computer.
9. On next window, select System Scan and click on Scan now to perform standard scan on your computer.
10. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like Vista Security 2011. This may take some time, depending on the number of files currently stored on the computer.
11. When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.
Step 4 : Remove the Rootkit Trojan that installs Vista Security 2011
Rootkit Remover is a stand-alone utility developed by McAfee. It can be used to detect and remove rootkit Trojan that is associated with Vista Security 2011. This tool can detect rootkit that is part of ZeroAccess and TDSS family.
1. Download Rootkit Remover and save it to your desktop or any accessible location. Click the button below to begin download the tool.
2. Locate the file rootkitremover.exe and double-click to run the program.
3. When User Account Control prompts if you want to allow the program to make changes on the computer, please click Yes.
4. Rootkit Remover instantly scans the computer and look for presence of Trojans, viruses, and rootkit that is related to Vista Security 2011 .
5. Once it finishes scanning the computer, the tool will require you to restart Windows.
Alternative Removal Procedures for Vista Security 2011
Option 1 : Use Windows System Restore to return Windows to previous state
During an infection, Vista Security 2011 drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.
To verify if System Restore is active on your computer, you can type system restore into the Start menu search box. Typing rstrui on the same box and pressing Enter also opens this function.
If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.
Option 2 : Vista Security 2011 manual uninstall guide
IMPORTANT! Manual removal of Vista Security 2011 requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to Vista Security 2011.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Vista Security 2011 files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section.
- Close registry editor. Changes made will be saved automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
- Thoroughly scan the computer with your updated antivirus software.
4. Delete all files dropped by Vista Security 2011.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.
Technical Reference
Associated Files and Folders:File Location for Windows Versions:Added Registry Entries:
- %AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\
- %AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
- %Temp% refers to C:\Windows\Temp\.
Troubleshooting Guides
Did Vista Security 2011 blocks your Internet access?
It is usual that rogue program prevents user from downloading removal tools from the Internet. Thus, infected computer may be denied to access the Internet by making changes to computer's proxy, DNS, and Hosts file. To fix Internet connection problem, follow these steps:
1. Download the free program called MiniToolBox. Click the button below to begin. Save the file on your hard drive or preferably in your Desktop.
2. Close all running Internet browser and double-click on the file to run. It opens a window showing a list of features.
3. Make sure that you have a check mark on the following items : Flush DNS, Reset IE Proxy Settings, and Reset FF Proxy Settings.
4. Click on the GO button to start the process. The program automatically closes and displays a text file for your reference.
5. If the above solution does not work, you may try other method like fixing a virus-blocked Internet access. Also, make sure that your hosts file is free from any malicious entries. View steps in cleaning Windows host file.
barore
Nov 23, 2010 @ 00:00:41
I tried a ton of programs that claim to remove it but malwarebytes was the only one working! Scan takes almost 2 hours but is successful.
Pierre Cyr
Nov 25, 2010 @ 02:47:16
Tried regedit after booting into safemode route but there’s nothing listed in any of the places we’re told to look. Virus prevents any website opening up or exe starting from disk or usb stick.
The only thing that still works is email but no attachments allowed to open.
This virus is much worse than it seems. Looks like Ill have to format buds puter.
Bob duer
Feb 28, 2011 @ 18:19:11
I purchased vista security last week for my computer and it is no where to be found and my computer now cannot be used as viruses have attacked and I can not bring up.
Bob Duer
530-304-9436
Scoob
Mar 07, 2011 @ 02:36:03
This nasty thing just hijacked my sons vista pc, thankfully I have a Windows 7 laptop and found this page. Its now looking like the pc wont boot up but if it takes me all year im killing this virus!!! I cant afford a new pc for the boy just because someone decided to be nasty and invent this thing.
Scoob
Mar 07, 2011 @ 03:00:25
ran a system restore before finding this page and it seems to have solved the problem but still following steps listed to make sure its not there hidden
adams
Mar 10, 2011 @ 17:22:39
once i go to teh regedit search and get inside it, theres no way i can delete the file the delete option is greyed out, any ideas?
mohan
Mar 16, 2011 @ 10:33:59
hello adams vista security 2011 will be located in the temp,app,appilication data,or under program data folder u can check ur computer there will be 3 letters(random alphabets) files which will be having extension .exe trying searching that and remove that sice this virus will edit registry settings completly (you can check none of the virus removal tool will run they just crash)try a system restore to earlier point when ur system was working fine and again update ur antivirus and try scaning your system the best antivirus wat i recommend is kaspersky for any doudts try mailing ivapmohan at gmail com
charles miller
Mar 25, 2011 @ 17:17:47
To remove vista security 2011 from your system do a system restore.
it worked for me..
JJ
Mar 29, 2011 @ 05:24:14
Use VIPRERescue.com… It’s free and it works :D
william
Mar 31, 2011 @ 03:50:40
Don’t go to JJ’s spam site, will probably just be more of this stuff.
Joseph
Apr 04, 2011 @ 05:08:42
This thing just hijacked my comp out of nowhere tried system restore so far nothing, will try again and tha t doesnt work ill just have to buy anti virus software..
majdave
Apr 06, 2011 @ 05:53:35
Bob Duer – Do NOT buy the Vista Security. The whole thing is a scam. My daughter got it on her computer, probably through a “download update to movieviewer now” pop-up. Luckily, we recognized it as a virus and did not buy anything. Could not open firefox, could not open regedit. Finally located it by using task manager and right-clicking on the program (came up as voc.exe). Downloaded MBAM onto an external drive using my computer and then hooked it up to her computer and ran the program. Took 3 hours, but it found all 25 infected areas and cleaned this nasty bug out of the system.
majdave
Apr 06, 2011 @ 05:58:05
I would advise against trying the DIY modifications to your registry as it seems this virus takes on many different names. Just run a free anti-virus program like MBAM. Dave 256-313-4196 (work hours) if I can help.
Shelbell
Apr 07, 2011 @ 02:51:00
This virus is trying to scare you into buying protection against viruses, identity theft, etc. DON’T DO IT. It only wants your credit card information and will offer no protection and only makes matters worse. What was suggested to me is to start your computer in safe mode and download Malwarebytes Anti-Malware. Once you download it, you will want to perform a full scan. This will take a while. Watch a movie. Once it’s done, go ahead and get rid of those bad files.
Now I had a problem accessing the internet while the virus was on there, even in safe mode. On a separate computer, I downloaded spyware doctor from pctools.com onto a disk. When I inserted it into the infected computer, I opened the file and ran it. (You may have to run in normal mode versus safe mode). I had tried a trial (free) version of spyware doctor but it didn’t allow for a full scan with the trial. I went to uninstall it and it prompted me to buy a promotional item (which I found something I wanted anyway – cheap) and it gave me an upgraded trial (vs. paying the $29.99) that allowed me to scan and get rid of the virus it found. Again, you would want to run a full scan and get rid of the nasty bugs.
Good Luck with this beast!
Jeremy
Apr 07, 2011 @ 03:48:09
first thing which helped me alot was Ccleaner run cleaner, then run the registry cleaner, restart your computer. Use your anti virus software I.E. I used Kaspersky on the infected comp, even the free trial version will work then run a full scan and wait til it pops up then DISINFECT =) and then your all set to go.
kev
Apr 07, 2011 @ 05:44:48
This is how I removed vista security 2011
1.open the task manager.
2. find the 3letter processes with the same description
(e.g bwr.exe or tbb.exe processes name with bwr or tbb description)
3. right click the process and click open file location
4. it will transfer you to app.application etc. folder
5. click organize, click folder and search option
6. click view tab, click show hidden files and folders
then uncheck hide extensions for known file types
and hide protected operating system files (recommended)
7. now you will see bwr.exe (or whatever 3letter virus.exe)
8. go to the task manager, right click the 3letter virus and click
end process.
9. go back to the foler that has bwr.exe file.(#4 above)
10. click the bwr.exe one time and shift+d (which will erase
this virus permanently)
good luck
kev
Apr 07, 2011 @ 05:47:55
oh forgot to mention..
after you erase virus, don’t forget to do the reverse
(folder-organize-foler and search option)
click do not show hidden files and folders
click hide extensions for known file types
click hide protected operating system
nick 2006
Apr 07, 2011 @ 22:14:35
When ‘vista security 2011’ appears , do not close it. Press ctrl,alt,delete to open task manager window. on applications tab , right click on’vista security 2011’ . on drop down list , select ‘go to process’ it should then automatically open the process window and the offending file should already be highlighted. Select end process.
Yekkiw
Apr 08, 2011 @ 13:46:48
Oh man kev. thanks alot. really helped.
Lee
Apr 10, 2011 @ 01:22:57
Thanks kev
sunflower
Apr 11, 2011 @ 04:33:21
We had the virus.. and got rid of it.. but now can not locate ANY of our photos, music, documents.. anything at all. Is it gone? or just hidden?? any help would be appreciated!!
Thanks!
Harris
Apr 17, 2011 @ 10:17:27
Help required here : Already done system restore but upon reboot, the trojan/virus surface again. unable to run MBAM to clear this virus. Keeping me out of internet. Really sickening. What else must i do ?
Harris
Apr 17, 2011 @ 10:28:56
Even in safe mode this vista security virus can pop up
Lori
Apr 19, 2011 @ 01:47:49
Kev, I owe you one, really. This was a royal B#itch to get rid of, but it got through the first time I tried your method.
I want to make one update, everyone:
If the Virus is “open” when you try to delete this, it will have a window that pops up and says “you need permission to continue” or something along those lines. When that happens, follow Nick’s advice, and end the process, then you should delete it no problem.
Just remember to go to your recycle bin and be extra sure it’s gone for good.
Z
Apr 19, 2011 @ 22:02:51
Kevins method worked first try for me
Mike
Apr 23, 2011 @ 15:44:56
Easiest way to be rid of the virus (worked for me on my computer and my Daughters)
1. Close down computer
2. When booting the computer hit the F8 key to enter safe mode
3. Choose the option safe mode with command prompt
4. Once the computer boots enter rstrui.exe as a command
5. This will start system restore. Choose a restore date before the virus.
6. Let windows run its magic
7. Hopefully back to nomral operations.
elee
Apr 23, 2011 @ 17:59:18
system restore worked for me. all documents and programs and internet working ok
Anne
Apr 24, 2011 @ 08:43:58
Thanks a lot Kev <3 <3 <3 btw Mike n everyonw, what if I lost my restore system?
Mike
Apr 24, 2011 @ 10:59:40
Anne…I am not sure what you mean but not everyone has the system restore function turned on so that may be your case. Use the Kev method instead. You could always try the restore after by clicking the windows open programs icon and typing system restore in the command/start search box.
marcelsnews
Apr 25, 2011 @ 06:17:14
Oh thank Kev your solution perfectly works.
I did what you said and it works well. I think i’ve uninstall it successfully.
But Now it seems as my registry files have been damaged. I can not longer run any pre-installed program.
I’m running a ‘CHKDSK’ cmd. I don’t really know a way to repair damaged files. In fact, the computer doesn’t have any backup or restore point :-(.
Thanks.
abbey
Apr 25, 2011 @ 15:25:16
Kev thankyou so much! One in a million you are, truly amazing. My dad woulda’ bashed me up black n blue had he caught the virus running amuck on the comp, I owe ya.
Brittany
Apr 26, 2011 @ 04:35:41
I followed Kevin’s steps & now the virus is gone, but I can’t open internet explorer. It’s asking me what program I want to use toopen it & then when I try to run it that doesn’t work
Sue
Apr 26, 2011 @ 16:53:07
how do you get you money back? what is a phone number to call
Kefke
Apr 27, 2011 @ 21:40:41
Hey
did like kev said but have the same problems as marcelnews
if i now try to open like iexplorer it won’t work
all other shortcuts won’t work
does anyone know how i can fix this?
i can’t open word for example in my startup but it luckely will open a saved file in my documents.
thanks
f this virus
May 01, 2011 @ 19:34:04
Kev forgot to mention the little “i cant open anything after deleting this” part.
Go get the file exefix from here:
forums.techguy.org/windows-vista/990303-cant-open-exe-files.html
If you cant access the internet, go somewhere where you can and put the file on a usb disk or something. Put it on your desktop, and open it. It is not an .exe so it’ll open.
It worked perfect for me!
SoUpset
May 04, 2011 @ 06:13:35
So it looks like we all may have got played into screwing up our cpu’s even furthere after taking keg’s advice…has anyone heard or figured out what to do now that NOTHING on the CPU will work after this method in deleting the virus?
sharon
May 04, 2011 @ 13:34:12
first you stop the thing from running with ctrl, alt & del, and then turn off your computer as you would normally.
Open it again, except this time press f8 until you hear a couple of beeps.
select “open windows in safe mode with internet”
at some point, a box should open and ask if you want to use “system restore” select “yes” it will then open a box with dates in the past week. choose a date for the system to be restored to, a few days prior to the malware.
then just let the system fix itself.
after that, go straight to AVG and download their free malware removal program and run that.
Problem solved!
izequiele
May 05, 2011 @ 17:27:54
Thanks a lot big Kev
I owe you a pint
SoUpset
May 08, 2011 @ 00:04:10
Well I apologize to kev, I’m just frustrated but sharron what if ur system restore has been stopped by the virus already? I have deleted the virus like keV recommended but now my system restore won’t work my purchased version of mcafee won’t run a scan…NOTHING opens anymore…it always opens a box asking what program to open the file with!!!! Someone please HELP!!!!
Bevo
May 08, 2011 @ 14:55:08
I hit this problem & have no idea how it came in as I am usually very careful about rougue programs.
I run MS Security Essentials & this did not interecept it.
As I had no idea what this was and could no longer access the Internet as the fake web site & warning etc. kept coming up from the ‘MS shield’ logo, I removed MS Security Essentials (mistakenly thinking it may be related to this) & installed Norton, ran a full scan & removed any files. This however had no effect.
As I also have a Laptop which is OK and can access the Internet & can see that this describes exactly my problem, so am now trying to restore my PC to an earlier time & hope this will work.
Fingers crossed as this problem is a real shocker!
Ughhh
May 09, 2011 @ 02:38:06
@ SoUpset,
follow fthisvirus’ advice:
“Kev forgot to mention the little “i cant open anything after deleting this” part.
Go get the file exefix from here:
forums.techguy.org/windows-vista/990303-cant-open-exe-files.html
If you cant access the internet, go somewhere where you can and put the file on a usb disk or something. Put it on your desktop, and open it. It is not an .exe so it’ll open.
It worked perfect for me!”
chap
May 09, 2011 @ 03:04:22
to open system restore or other exe after deleting virus, right click n run as administrator
MommaBear
May 10, 2011 @ 05:20:05
Well, I have been trying all night to get rid of this darn thing but my laptop keeps turning off as soon as I start making any head way!! As soon as I can get it to stay running for more than 2 seconds…I will try KEV’s mwthod to this maddness and let ya’ll know.
MommaBear
Abinadi
May 10, 2011 @ 22:56:18
well i didn’t know it was a virus threat and i accidentally installed it i tried all the steps but nothing how can i get rid of it now that its on my computer?
Abinadi
May 10, 2011 @ 23:28:43
i have two accounts one name adinisrator and the other one that is for everybody but the one that is accesible to everyone is infeced with the virus how can i fix that?
MC
May 11, 2011 @ 01:22:24
I think I deleted the virus using malwarebytes. The problem is I try to do a system restore after and it says it won’t work. Also, when restarting windows defender automatically comes up with an error.
MC
May 11, 2011 @ 01:22:55
any ideas? it deleted 8 items, is that the correct amount?
Strikethrough
May 11, 2011 @ 07:36:29
This won’t effectively remove the virus, but it will let you brose your Internet while infected. YES! With any Browser.
Just go to “My Computer”, then on the address bar, type in “google.com”, or “facebook.com, or any other website. Too good to be true? Nope. Try it, it actually circumvents the activation of the virus. You are not activating mozilla directly or any other browser directly.
msal
May 12, 2011 @ 04:40:09
I tried the kev method and it looks like I erased the virus but just like everyone here I couldnt open programs. I loaded the EXE fix from a usb drive and so far so good. Im now able to get on line but Im still skeptical.Im going to run some anivirus software a few time just to maker sure its gone.
Lia
May 12, 2011 @ 15:33:07
Yay !
I got this virus today after trying to watch a film and after using kevs method and the link provided by ‘fthisvirus’ I managed to get rid of it and get my Internet working, just downloading the free AVG trial to do a quick check, took an hour and a half to sort out (plus research time on how to get rid of the buggar), but I’m just happy it’s gone!
Thanks to everyone who helped and gave advice, hopefully there will be no more set backs…
stetch
May 13, 2011 @ 02:26:08
Using kevs method I got to the point where I have found the location of the two xxx.exe (lsm, dem.exe) files though when trying to delete them it says I do not have permission to do this. I had ended both processes and application via task manager. When deleting didn’t work I tried tranfering to flash drive and system shut down. I was going to try to get into safe mode again (have only managed once in last few days) and try to find these files in system32 and delete now that I know the exact file name. The system reboots seconds into safe boot , and when trying to start windows normally it keeps going back to ‘start windows normally’ or ‘startup repair’, so it is in startup repair, and has been for some time. Last time running repair didn’t seem to do much, we’ll see. So I guess my main question is how do I get permission to delete those files in regular mode, and if I do get into safe mode, would I be able to seek out these files and delete them effectively? Anything explained would be nice. Sorry if this was confusing at all; reflects my current mental state! Argh this is so frustrating
alex
May 13, 2011 @ 09:45:33
sooo i used kev’s method it worked except now i can’t find windows firewall? help! it’s saying application isn’t found?
alex
May 13, 2011 @ 09:46:35
same goes for firefox!
Broderick
May 17, 2011 @ 05:10:08
I have malwarebytes, but the virus wouldn’t let me open it to run the scan. I found the virus in task manager (it was uuv.exe for me) and closed it, but as soon as I tried to open malware the virus would reopen. I did a system restore and it appears to have worked (so far).
Michelle
May 17, 2011 @ 15:16:38
I got this virus on Sunday and after a little research, found the following very helpful. I used RKILL to stop the virus process. The log file from RKILL showed me where file was located (it was in documents and settings\username\appdata\local) but I had to go into the folder options and uncheck “hide protected operating system files” in order to see the file. (file was named spk.exe) Once I did that, I was able to find the file and delete it. I then used Malwarebytes to scan the whole system, which took over 3 hours, but it found 4 issues and cleaned them all up.
Adam
May 17, 2011 @ 15:22:08
Hi there,
Just do SYSTEM RESTORE .. it will do the trick.
Set system restore 1 day before ..
I did it ..
Good luck.
Laura
May 18, 2011 @ 13:36:52
I have tried Kev method, however mine keeps blocking me on everything.
smitty
May 20, 2011 @ 01:41:35
allmost fell for it but closed it, went back in “time” and all is good SYSTEM RESTORE ROCKS!!
christine
May 20, 2011 @ 16:01:17
this thing has infected my daughters computer cannot do a restore as only comes up as other user and rejects her passwords and username cant get online and it wont let me install spydoctor in safe mode i think im going mad any help please
Mike M
May 20, 2011 @ 22:02:38
Kev’s solution worked great. However as a backup and in addition I ran Malwarebytes too. Malwarebytes is exceptional at removing as this is not the first time this has happened to me
Mou Lotti
May 21, 2011 @ 10:23:17
System restore worked for me too. Vista Security 2011 doesn’t allow you to run system restore, but you can do it on admin mode. Just right click system restore and choose ‘run as administrator’, then select to restore the day before (or more).
Good luck.
Sri
May 22, 2011 @ 10:58:35
1.open the task manager.
2. find the 3letter processes with the same description
(e.g bwr.exe or tbb.exe processes name with bwr or tbb description)
for me it was uei.exe.
3. right click the process and click open file location
4. it will transfer you to app.application etc. folder
5. click organize, click folder and search option
6. click view tab, click show hidden files and folders
then uncheck hide extensions for known file types
and hide protected operating system files (recommended)
7. now you will see bwr.exe (or whatever 3letter virus.exe uei.exe)
8. go to the task manager, right click the 3letter virus and click
end process.
9. go back to the foler that has bwr.exe file.(#4 above)
10. click the bwr.exe one time and shift+d (which will erase
this virus permanently)
After this point the virus will be cleaned up.But none of the exe will work.everything will say open with the following program.
at this point I restarted my system and while it was coming up I used f8 to go to safe mode and choose safe mode with commands.
then I ran rsturi and selected a date before my system got affected.and it works fine.
The reason I followed the above 8 steps is that sometimes when we restart with this virus it just crashes.so din take chances.
Sri
May 22, 2011 @ 11:04:48
Forgot to tell one more thing.If the exe files you are trying to run don’t work.Right click and run them as administrator.It will run.
2)to restore your system to a point where it was before it was affected , as I told press f8 multiple times before the booting and choose safe mode with commands.once the command prompt appears
c:\Windows\System32>rstrui.exe press enter
it will prompt a screen to restore the system to a earlier point.
GJ
May 25, 2011 @ 17:33:21
Thanx a lot Mike
mike solved my problem with his clear instructions
tahnx again.
Gary
May 25, 2011 @ 20:58:05
I am a 54 yr old professional I need my pc up and running…5 words
kev…you are a genius…
Chilly8
Jun 04, 2011 @ 11:12:13
This malware can spread through Flash ads as well. I was watching the Sharapova-Petkovic match via Meevos.TV the other day when the stream cut off and would not re-start. I suddenly found I had this “Vista Security 2011″ malware, and figured out that I somehow got it through one of the Flash ads on Meevos. There are people out there using flash ads to spread malware, such as Vista Security 2011.
Congress needs to pass a law making flash ads illegal. Malware can spread through Flash ads, as I found out the other dayu. therefore Congress should pass a law making flash ads illegal in video streams.
Therefore I advocate that Congress pass a law banning flash advertising, and cut off one outlet for malware to spread.
alex
Jun 13, 2011 @ 09:08:51
SOOOO there’s a new one except it’s “2012″ is the removal the same!?? help!!!!!!!!!
Late Nite Larry
Jun 18, 2011 @ 18:36:00
I received a customer’s laptop that was running Vista Premium 32-bit and it was infected with this Vista Security 2011 virus as a result of someone she loaned her PC to, installed a toolbar from filmfanatic while online shopping for movies. I speculated that this toolbar installed adware, which then nefariously ran a script that installed this Vista Security trojan.
It is definitely a very deadly virus.
I was able to remove the virus by running a program named UnhackMe in SafeMode; however, once the virus was removed my- customer’s PC was un-usable as no apps would actually execute or run.
To remedy this, and what I should have done initially,I created a parallel user account with admin level privileges with her identical desktop environment and icons etc..,
I then deleted her defective user account which had the infected registry/system files etc.., and vada ving vada voom her PC was like new.
I then installed MSE and ran a full scan with the result being 0 infected files found. I then installed WOT for Internet Explorer and advised my customer to observe the WOT’s warnings about fraudulent sites and to proceed with caution in the future when browsing.
This entire procedure took about an hour or so.
Carl
Jun 21, 2011 @ 20:15:40
Use mikes method it works so well ! Would recommend! Just done it perfect thanks mike !
Chris
Aug 10, 2011 @ 04:14:12
Kev, I LOVE YOU!!!!
Big Austin
Dec 18, 2011 @ 05:29:08
Thanks Mike who posted on 19 April 2011 at 10:02 pm. Kev’s way works but not for those of us with Windows Vista. It’s restoring as I speak. Before I tried going to backup restore on the laptop and was blocked. For those who missed it, I copied and pasted Mike’s directions.
Easiest way to be rid of the virus (worked for me on my computer and my Daughters)
1. Close down computer
2. When booting the computer hit the F8 key to enter safe mode
3. Choose the option safe mode with command prompt
4. Once the computer boots enter rstrui.exe as a command
5. This will start system restore. Choose a restore date before the virus.
6. Let windows run its magic
7. Hopefully back to nomral operations.