How to remove Vista Security 2011
Thursday, November 11th, 2010 at 2:10 amHome » Rogue Antispyware » Vista Security 2011
Vista Security 2011 description
Vista Security 2011 presents itself as a perfect protection program for Windows Vista OS, but the tool is actually fraudulent.
VistaSecurity 2011 won’t secure a computer. It looks like it’s a legitimate program but it’s just an imitation of a real thing. Vista Security 2011 generates large amounts of pop-ups trying to appear a functional tool. It usually brings system scan reports and infection warnings. Do not trust alerts loade by Vista Security 2011! It fabricates the notifications in order to gain a purchase.
Get rid of Vista Security 2011
Vista Security 2011 is a Rogue Antispyware software
How to manually remove Vista Security 2011
To remove Vista Security 2011 spyware you must block Vista Security 2011 sites, stop and remove processes, unregister DLL files, search and delete all other Vista Security 2011 files and registry utility. Follow the Vista Security 2011 detection and removal instructions below.
The most typical software removal method is to remove Vista Security 2011 by using "Add or Remove Programs" service. However there may be hidden Vista Security 2011 files, running processes and registries in your computer, so Vista Security 2011 may recreate all other files after reboot.
Vista Security 2011 manual removal instructions
Stop and remove Vista Security 2011 processes:
pw.exe
MSASCui.exe
Read more how to kill Vista Security 2011 processes
Locate and delete Vista Security 2011 registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
Read more how to delete Vista Security 2011 registry entries
Download RegistryBooster 2010 to scan errors caused by Vista Security 2011
Detect and delete other Vista Security 2011 files:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe
We strongly recommend you to use spyware remover to track Vista Security 2011 and automaticaly remove Vista Security 2011 processes, registries and files as well as other spyware threats.
Vista Security 2011
Leave a Reply
Subscribe
Search
Categories
- Adware
- Backdoor
- Browser Helper Object
- Browser Hijacker
- Fake warning messages
- Keylogger
- Malicious domains
- Remote Administration Tool (RAT)
- Rogue Antispyware
- Tracking Cookie
- Trojan
- Worm
Latest spyware threats
- Windows Private Shield
- Windows Pro Safety Release
- Windows Safeguard Upgrade
- Windows ProSecure Scanner
- Windows Be-on-Guard Edition
- Windows Secure Surfer
- Windows Abnormality Checker
- Best Antivirus Software
- Windows Pro Solutions
- Windows Sleek Performance
- Windows ProSecurity Scanner
- Windows Internet Booster
- Total Anti Malware Protection
- Windows Advanced User Patch
- Windows Pro Web Helper
Recently commented
- Windows Pro Solutions
- Fake Microsoft Security Essentials Alert
- PremierOpinion
- The Shield Deluxe 2010
- PC Cleaner Pro 2012
- Windows Antibreaking System
- MyWebSearch
- Windows Efficiency Reservoir
- Cryptor
- Myfreeze.com
- Internet Security
Malicious domains
- iCityFind
- Antivirsword.com
- Webantispy.com
- Antivirmore.com
- Antivirglass.com
- Oksave9.co.cc
- Smartsecadv.com
- AV-look.com
- Profantivir.com
- Customwebblacklist.com
Fake warning messages
- Kaspersky Internet Security 2011 Enhanced Protection Mode
- Comodo Enhanced Protection Mode
- Microsoft Security Essentials Enhanced Protection Mode
- McAfee Enhanced Protection Mode
- Norton Antivirus Enhanced Protection Mode
- ESET Smart Security Enhanced Protection Mode
- Microsoft Defender Enhanced Protection Mode
- Avast Enhanced Protection Mode
- Fake “Windows – No Disk” alert
- “Low Disk Space” counterfeit warning
Tutorials
- Contact Us
- How to block malicious websites using HOSTS file?
- How to delete registry entries?
- How to download and install Spyware Doctor
- How to kill malicious processes?
- How to recognize a rogue security program?
- How to recognize a rogue website?
- How to unregister DLL files?
- Signs of browser hijacker infection
Archive
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
Tags
Security News- Windows Private Shield removal steps
- How to remove Windows Pro Safety fraud?
- Windows Pro Safety Release removal guide
- Spam: "Tumblr Dating Game"
- Danger! Facebook private messages and Instant Messengers are infected by worm
- Delete Windows Safeguard Upgrade malware
- Wikipedia warns: Ads on Wikipedia page informs about malware within your PC
April 6th, 2011 at 2:01 pm
FINALLY, I FOUND A SOLUTION FOR THIS HEADACHE!
You don’t need to follow any of the following steps stated above.
So just follow my easy steps and you’re 100% good to go!
1. Open Windows Task Manager by clicking CTRL+SHIFT+ESC
2. Find a 3 letter word .exe file, with a Process ~11,000 K and a Description of the same 3 letter word.
*In my case, the virus is called “bwr.exe”, and the Description is “bwr”
3. Right-click on this and click “Open File Location”
*You will be directed to a folder that looks like AppData > Local. But surprisingly, you can’t find the .exe file right?
4. So in this folder, you need to change the “Folder and search Options” through the menu “Organize” (or “Tools” when you’re in safe mode.)
5. In this Folder and search Options, go to the “View” tab
6. Under the View tab, do these:
a. Choose “Show hidden files, folders, and drives”
b. UNCHECK “Hide protected operating system files (Recommended)
c. UNCHECK “Hide extensions for known file types”
Then press OK
7. Now, you can see in the folder the .exe file virus, right? Click on this .exe file, then press SHIFT+Delete (Shift+Del is different from the simple Delete because this lets us delete the selected file permanently and not just be stored in the Recycle Bin)
8. Now, the virus is removed!
9. Open Windows Task Manager by clicking CTRL+SHIFT+ESC again, then just select the .exe file and “End Process”
10. congratulations, your computer is back to normal again!
Enjoy guys! You can run any anti-spyware and anti-virus softwares after so as to be sure there are no other shitty worms in your pc
Once you’ve deleted the virus, you can also undo the steps you did at #6.
Reply
May 22nd, 2011 at 9:21 am
i effing love you lol thx a million
Reply
May 23rd, 2011 at 7:42 pm
THANK YOU, this worked better than anything else I found, and super easy!
Reply
May 27th, 2011 at 4:50 pm
I followed the directions up until the point where I tried to delete the file with SHIFT + DELETE but it wouldn’t let me. It kept saying something about the file being a system file that was open in another application and I needed to close it before deleting but no matter what I tried it refused to be deleted. I’m pretty sure it was the correct virus – it was described as “Remote Desktop” and it was created 19 hours ago – exactly the moment that my problems began. Any advice? Thanks.
Reply
May 27th, 2011 at 6:24 pm
Thank, Thanks Thanks for this instant savior.
and Thanks for nothing to the internet billionaires who keep letting this nonsense occur. I’m mean seriously Firefox and Windows, seriously!
Reply
May 30th, 2011 at 9:29 pm
I can’t find what you are talking about…help11
Reply
Luciana Reply:
June 1st, 2011 at 1:51 am
The file names may be different on each system. If you can’t find any of the entries mentioned here, I recommend rather running an antimalware than deleting random files.
Reply
June 6th, 2011 at 12:36 pm
Thanks so much! I actually followed ‘Jenna Yaps’ instructions by locating the 3 letter .exe file and in my case is was oqe.exe but the description was Microsoft (R) Windows Script Host. At first glance, I thought this was a legit file but after I tried to locate where the file was located, it started to look more and more suspicious. I had approx 50 processes running and I was able to locate those files except the oqe.exe. So I deleted it and bam! My pc works just fine now! I am not technical at all and I was very concerned that I was going to crash my pc but it didnt. I also made sure my real script host was still on my pc and it was its actually under wscript/csscript.
Reply