Tuesday, June 7, 2011

Vista Anti-virus 2012 Removal Guide

Vista Anti-Virus 2012 Removal Guide
Vista Anti-Virus 2012 is a fake antivirus program which intend to urge the user whose computer is infected by Vista Anti-Virus 2012 to purchase the full version of Vista Anti-Virus 2012. Vista Anti-Virus 2012 produces fake alert in order to cheat the user. Vista Anti-Virus 2012 installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. Vista Anti-Virus 2012 will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of Vista Anti-Virus 2012 to remove all the malwares. Vista Anti-Virus 2012 is highly likely to block genuine scanning software and hijack your web browser through a proxy server.

Vista Anti-Virus 2012 can be remove by stopping the process hee.exe and remove the file by using Emsisoft HiJackFree. Then the user should remove the registries entries added and modified by Vista Anti-Virus 2012 according to the removal guide stated below.

Vista Anti-Virus 2012 should be removed immediately!

Vista Anti-Virus 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "C:\Program Files\Internet Explorer\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "%1? %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1?
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1? = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "%1? %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

Remove Folders and Files
%AppData%\Roaming\Microsoft\Windows\Templates\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
%AppData%\Local\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
%AppData%\Local\.exe
%Temp%\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
%UserProfile%\Templates\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
%UserProfile%\Local Settings\Application Data\.exe
%AppData%\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
%AllUsersProfile%\9olpq2xnc6yhnjeuwnjIUks1k (or any random)

No comments:

Post a Comment