How To Remove Vista Anti-Virus 2011

Tags: Technology, Vista Anti-Virus 2011, Remove

Anti-Virus Virus

I was recently contacted by a friend to remove a virus from his computer. In this case it was a virus type that I like to refer to as "Anti-Virus Virus". An Anti-Virus Virus is a virus that pretends that it is an anti-virus, and it proceedes to misinform you that it has found "multiple threats" on your computer. It then promises to help you remove these viruses by directing you to a website that will get your credit card information and do who-knows-what with it.

These viruses usually get installed on your computer by simply opening up a window that looks like an official microsoft window as you are browsing around the internet. The message in this window will look almost identical to your system security window design, fonts, etc. It will then warn you that it has found multiples viruses of different types. If you click anywhere inside the window, you have given the offending code enough permission to respond to your action, and potentially install the virus. In some cases, you won't even see this window, if the virus is using a browser security exploit. (Keep your computer up to date. Microsoft addresses these as they arise.)

How do you react if this happens to you? DO NOT CLICK ANYWHERE ON THE VIRUS WARNING WINDOW. Simply hit ALT-F4, which will force the window to close, and prevent you from taking action on that virus warning window. This will reduce the chances of the virus being installed on your computer.

Removal

Here's how I removed the virus from my friends computer: 

First, I attempted to identify which process was causing the pop up windows by looking at the task-manager. This one was called dog.exe, which was easy to spot. (No pun intended) I right clicked the process and ended it. (The virus executable name may be different for each infection) After clicking around, I noticed that various actions I did restarted the virus.

After some google-ing, I was able to associate the following entries with the viruses. (I also noticed that the executable references in these entries referred to the .exe file in the task manager that I killed) I restored the following entries to their original values, and then restarted the computer.

  • HKEY_CURRENT_USER/Software/Classes/.exe/DefaultIcon "(Default)"  = '"%UserProfile%Local Settings\Application Data\dog.exe" -a "%1" %*'
    (Make sure that the above value is set to '%1')
  • HKEY_CURRENT_USER/Software/Classes/exefile/shell/open/command "(Default)" = '"%UserProfile%Local Settings\Application Data\dog.exe" -a "%1" %*' 
    (Change the value to: "%1" %*')
  • HKEY_CLASSES_ROOT/.exe/shell/open/command "(Default)" = '"%UserProfile%Local Settings\Application Data\dog.exe" -a "%1" %*'
    (Change the value to: "%1" %*')
  • HKEY_CLASSES_ROOT/exefile/shell/open/command "(Default)" = '"%UserProfile%Local Settings\Application Data\dog.exe" -a "%1" %*'
    (Change the value to: "%1" %*')
  • HKEY_LOCAL_MACHINE/SOFTWARE/Clients/StartMenuInternet/FIREFOX.EXE/shell/open/command "(Default)" = '"%UserProfile%Local Settings\Application Data\dog.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
    (Change the value to: '"C:\Program Files\Mozilla Firefox\firefox.exe"' or equivalent)
  • HKEY_LOCAL_MACHINE/SOFTWARE/Clients/StartMenuInternet/FIREFOX.EXE/shell/safemode/command "(Default)" = '"%UserProfile%Local Settings\Application Data\dog.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
    (Change the value to: '
    "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'' or equivalent)
  • HKEY_LOCAL_MACHINE/SOFTWARE/Clients/StartMenuInternet/IEXPLORE.EXE/shell/open/command "(Default)" = '"%UserProfile%Local Settings\Application Data\dog.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
    (Change the value to: '"C:\Program Files\Internet Explorer\iexplore.exe"' or equivalent) 

After a restart, the virus no longer came up automatically when I did anything. I then proceeded to search all files and folders on the C:\ drive for "dog.exe". I found it in one of the User Data folders, and deleted it.

Virus gone. I then updated whatever anti-virus was on the computer and ran a full scan.

Moral of the story? Free streaming of ESPN NBA Finals coverage will most likely cause you to contract a virus.

See also: The Best Anti-Virus Software

Add a Comment