Posted on Friday, 5th March 2010 by Michael
Vista Antivirus 2010 Quick removal
Vista 2010 is a rogue anti-virus program that is usually advertised through the use of pop ups and fake security alerts that state that your computer is infected and that you should run an online anti-malware scan. Once the rogue program is installed, it will claim to scan your computer for malware and display a list of false threats just to confirm that your computer is infected with malware (usually Trojans and computer worms). Then it will ask you to pay for a full version of the program in order to remove the threats which as we already know don't even exist. Most importantly, don't buy it. If you did, then please contact your credit card company and dispute the charges.
Though this piece of malicious code is extremely annoying it is also very easy to remove. I have put a kit together for quick download to remediate this issue. The kit includes a custom batch file called avkill that will loop looking for the process av.exe and kill it automatically. This will allow you to execute other tools to remove the virus. It also includes a registry fix to remove the changes it makes to the registry. The file is called fix.reg and contains the following information:
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
To download the kit go to http://www.digitaloffensive.com/files/av2010.zip
The first thing you need to do is to extract the kit and open the avkill executable. This will stop the av.exe process that is associated with this virus. Once that is running just minimize it and let it continue to run. Then either use regedit or just double click the fix.reg file to remove the virus from your registry and to stop it from restarting. Once this is done successfully you can now stop the avkill executable. This process will stop the virus from running. Once it is stopped we suggest you go to http://www.malwarebytes.org/ and download their free scanner to remove the actual malicious files from your system.
If you have any questions or concerns please feel free to contact me.
Posted in Papers | Comments (2)
March 10th, 2010 at 2:52 pm
[…] Digital Offensive » Blog Archive » Vista Antivirus 2010 Quick removal […]
June 29th, 2010 at 9:16 pm
Thanks for taking the time to put together this kit and for the explanation. My dad (bless his heart) is the kind of person that gets fooled by this kind of security pop ups and fell for this one. We live far apart and all my “tech” support is done by phone. Luckily you have made it easy. I’m going to have a go with this and see if I can save my dad!
Thanks a bunch.