Tuesday, April 26, 2011

Get rid of Vista Internet Security 2011 malware

Vista Internet Security 2011 is a popular cargo delivered by trojans. It is then offered for installation by the carrier or installed without request. Once installed, the software performs quite well-prepared showcase scaring users with scan windows and individual detection reports.
Get rid of Vista Internet Security 2011 as a misleading program-actor. It represents a popular trend in contemporary web-based scam. Its developers implant it for the purpose of blackmailing users into activating the so called trial version of the program. In the meantime, it convenes a range of side-events actually harming   computer system. The harm is real and is a part of the faking. It is done to prove that the infections have been detected by the scareware indeed.
Delivery by trojan of the adware is only one of its distribution methods. It is deemed to be the most popular though. Other methods have been observed in the wild, but seemed to be applied as secondary and supplementary malware distribution ways.
Click here to start free scan and perform Vista Internet Security 2011 removal completing it with other threats extermination.

Vista Internet Security 2011 snapshot:




Malware removal tool:

Manual removal information:
Delete infected files:
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
Delete infected registry entries:
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

No comments: