Vista Anti-Virus 2011
Vista Anti-Virus 2011 is a rogue anti-virus product that uses fake alerts and inaccurate scans to terrify you into spending money on registering it. Among other problems it can cause, Vista Anti-Virus 2011 is highly likely to block genuine scanning software and hijack your web browser through a proxy server. You should avoid having anything to do with Vista Anti-Virus 2011 or its websites, since its existence is solely for sucking up money while giving you zero actual malware-fighting functions in exchange.
A Multitude of Names, But Just One Purpose
Vista Anti-Virus 2011 primarily spreads through Trojan infections, although it can also be downloaded intentionally from generic file-sharing sites with poor upload security. Vista Anti-Virus 2011 actually changes its name and appearance slightly depending on the system it's installed on, so you may also see it by many other nicknames. In all cases, the name of the operating system (XP, Vista, or Windows 7) will precede the rest of the title. The '2011' at the end is also a variable and may not appear in every individual infection.
Unlike the majority of rogue security products that run automatically when Windows starts up, Vista Anti-Virus 2011 restricts itself to running only when you start an application (or executable file). You shouldn't think that this makes Vista Anti-Virus 2011 a less harmful rogue anti-virus product, though, because it causes plenty of problems for any computer unfortunate enough to be its host.
Vista Anti-Virus 2011's Browser Hijacking and Other Deceitful Attacks
Although Vista Anti-Virus 2011 attacks the host system in various ways, a common theme to all tactics is the essential thread of deception. Vista Anti-Virus 2011 relies on lying to the user about the state of his or her computer to create fear and urgency, which the rogue anti-virus product attempts to capitalize on by getting you to buy a registration key. Since even the registered version of Vista Anti-Virus 2011 is completely unable to detect or fight malware threats, there's no reason to avoid deleting it. However, the registration key '1147-175591-6550' may prove useful in disabling some of Vista Anti-Virus 2011's functions to ease deletion.
You'll quickly feel the impetus to want to remove Vista Anti-Virus 2011 in short order, too, since it hampers both your web browsing and your ability to use your computer in general! Here's the potential damage tally:
- Vista Anti-Virus 2011 will close programs with fake infection error messages. Although it's most likely to occur with security software and system maintenance tools, any program can be shut down this way.
- Besides being a rogue anti-virus product, Vista Anti-Virus 2011 is also a browser hijacker. So far, Vista Anti-Virus 2011 has been confirmed to target Internet Explorer and Firefox, using a proxy server and more fake error message obfuscation to redirect you towards malicious sites.
- As a final irritant, Vista Anti-Virus 2011 will periodically annoy you with extra error messages about infections that aren't real, just to keep you on your toes. These files being pointed at are usually preexisting ones that your computer needs to keep running, so don't delete them hastily.
No matter what else you choose to do, Vista Anti-Virus 2011 will continue to display these messages and interfere with your computer use until you finally delete it. Since Vista Anti-Virus 2011 blocks many security programs, you may need to stop this rogue anti-virus product from running at all before you can successfully delete Vista Anti-Virus 2011 from your machine.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\hee.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exeHKEY_CURRENT_USER\Software\Classes\.exe | @ = "pezfile"HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIconHKEY_CURRENT_USER\Software\Classes\.exe\shellHKEY_CURRENT_USER\Software\Classes\.exe\shell\openHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = ""%AppData%\hee.exe" /START "%1? %*"HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = ""%1? %*"HKEY_CURRENT_USER\Software\Classes\.exe\shell\runasHKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\startHKEY_CURRENT_USER\Software\Classes\.exe\shell\start\commandHKEY_CURRENT_USER\Software\Classes\pezfileHKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIconHKEY_CURRENT_USER\Software\Classes\pezfile\shellHKEY_CURRENT_USER\Software\Classes\pezfile\shell\openHKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\commandHKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = ""%AppData%\hee.exe" /START "%1? %*"HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = ""%1? %*"HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runasHKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\pezfile\shell\startHKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
When I had this virus, I wasn't able to run any programs on my vista machine. I would open the process list in the task manager and find a bunch of processes called fnd.exe. I could delete the process trees, but each time I tried to open one of my programs, instead of it opening, fnd.exe would apear. When I tried to use File->Run to open msconfig or regedit in the task manager, the same result would happen; my program wouldn't work and a new instance of fnd.exe would open. So I right clicked on the fnd.exe process, and went to 'open file location'. After changing my folder options to both view hidden files and view hidden system files, I found the file fnd.exe. In the task manager, I deleted the process tree, then deleted the file itself from the folder it was located. After that, no more popups.
However, I had a new problem. I couldn't open a program without right clicking it, and clicking "run as administrator". In the task manager, I held down "CTRL" then selected file->run, then in the command window typed "regedit.exe opening the registry editor. From here, I deleted all the keys I could find from the list in the above tutorial.
Now my programs would open fine. I still had a few weird "could not find" garbage messages pop up at startup. I went into MSCONFIG, found the start up items associated with the error messages, and disabled them from startup.
My machine is back in action.
Thanks!
This malware prevents regedit and other .exe files from executing from USB sticks etc. When running such files is attempted the window for chosing "which program do you want to use to open this type of file" opens. In folder options the tab for selecting which type of file to use has been removed, whether booing normally or in safe mode. Therefore running anti-spyware from a USB is not an option.
I do not yet know if the computer will boot from a CD to enable regedit or other antispyware to run.
Your advice requires updating, as does the file extension that will allow it to run. there is no point in purchasing a product that cannot be launched, either as a detector or as a removal tool.
and another point, since .exe files cannot be directly executed the task manager doesn't work either.
THE VIRUS IS UNDER A NEW NAME NOW KHM