Vista guard 2010

Tep · Post by **Tep** » 04 Mar 2010, 23:02

some how picked this up no idea how

but anyways im on my laptop which runs vista hence the name

ive end av.exe which is the virus

but when i go to delete parts of the registry it wont let me
nor edit the permissions

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/security center

is the file i cant delete
others i can and already have

anyways any help would be awesome

thanks
-Tep

Post by **bad_brain** » 05 Mar 2010, 05:44

hm, the path HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/security center is a valid one and you shouldn't delete it anyway, it would damage the system.
what entries are in there?

Alien1 · Post by **Alien1** » 05 Mar 2010, 10:31

Why not try downloading Malwarebytes and installing and updating then running a scan, it should resolve that malware.

Tep · Post by **Tep** » 05 Mar 2010, 12:21

i was following the instructions at this link
http://www.spywareremove.com/removeVist ... n2010.html

under security center there is

monitoring and svc

monitoring i can delete but it'll come back all it holds is something called default which is a REG_SZ type file with no data value set

and svc holds another default

3 other files call Antispyware override, Antivirus override and firewall override all three files are REG_DWORD types and the values seem to be set to 0 (0x00000000 (0))

Post by **bad_brain** » 05 Mar 2010, 12:56

hm, ok, anything to find in the autostart entries in msconfig?

DrVirus · Post by **DrVirus** » 05 Mar 2010, 13:18

@B_B: There is a malware called the security center. It installs itself in the computer and then detects imaginary viruses and demands money to remove them. Very much a mess. I had that problem few months back in the computer of a client of mine. Even wrote a post on the whole thing ! There you go http://www.suck-o.com/modules.php?name= ... ght=#60629

Found another one in here http://www.bleepingcomputer.com/virus-r ... ritycenter

Hope they are what u are looking for !!

DrV

Tep · Post by **Tep** » 05 Mar 2010, 13:55

ehh nothing that i can see no av.exe or anything like that

Post by **bad_brain** » 05 Mar 2010, 14:00

well, if Windows is blocking the removal of those registry entries you can still get Knoppix and edit the registry from Linux:
http://www.extremetech.com/article2/0,2 ... 306,00.asp

bozotheclown138 · Post by **bozotheclown138** » 07 Mar 2010, 17:28

if you have that.... restart in safe mode if allowed, or use erd commander 2005, and go ahead and delete the startup entries. that gets rid of the main problem and everything else is jsut left over which you can easily delete by malwarebytes.

Post by **computathug** » 10 Mar 2010, 07:11

I repaired a pc with this last week.

VistaInternetSecurity2010 removal instructions:

1. Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK.
2. Type "notepad" as shown in the image below and press Enter. Notepad will open.
3. Copy and past the following text into Notepad:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

4. Save file as "exefix.reg" (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files
5. Double-click to open exefix.reg. Click "Yes" for Registry Editor prompt window.

Download and run malwarebytes in safe mode.