Friday, November 19, 2010

Remove Vista Antimalware 2011 as another guise for fake Windows update

Vista Antimalware 2011 (VistaAntimalware 2011) is another guise for adware virus that may block host system demanding registration. Experts has obtained a crack for the adware. Try entering the following code to unblock your system: 1145—1788-4799-7733. Then get rid of Vista Antimalware 2011 deleting its registry values and files.
Removal of Vista Antimalware 2011 is the same task in terms of system files and registry files as the deletion of any rogue antispyware known as fake Windows Security Update, for the name is just another designation for the program code that takes different names to correspond to Windows version and to avoid being detected by users. Once its installation is complete, it proclaims itself Windows Update. It makes it look as though it is Windows that makes such statement. The rogue executable of the adware is normally installed under system name pw.exe.
Its payload, in addition to fake scan reports and other misleading alerting, includes system corruption and legit software restriction.
In order to uninstall Vista Antimalware 2011 and delete other (true) parasites, unlike those detected by the fake antivirus, click here to activate free scanner.

Vista Antimalware 2011 screenshot:



Vista Antimalware 2011 removal tool:


Vista Antimalware 2011 manual removal guide:
Delete Vista Antimalware 2011 files:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe 
Delete Vista Antimalware 2011 registry entries:
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″ 

No comments: