Thursday, April 29, 2010

Vista Security Tool 2010 Removal GuideVista Security Tool 2010 Removal Guide

Vista Security Tool 2010 Removal Guide
Vista Security Tool 2010 is a rogue antispyware program designed to cheat money from computer users. Vista Security Tool 2010 gets into your computer after malicious Trojans open a backdoor to grant the rogue entry to the compromised system. It may also gain entry via video codecs or corrupt updates downloaded on your PC. Symptoms of a Vista Security Tool 2010 infection include the home page of your PC changing; a system scan running on your machine everytime you boot up Windows. Vista Security Tool 2010 will also urge you to purchase the full version of the rogueware.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
ave.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vista Security Tool 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Vista Security Tool 2010
HKEY_CURRENT_USER\Software\Vista Security Tool 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\Classes.exe
HKEY_CURRENT_USER\Software\Classes.exe\shell
HKEY_CURRENT_USER\Software\Classes.exe\shell\open
HKEY_CURRENT_USER\Software\Classes.exe\shell\opencommand
HKEY_CURRENT_USER\Software\Classes.exe\shell\start
HKEY_CURRENT_USER\Software\Classes.exe\shell\startcommand
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes.exe\shell\open\command | @ = “”%AppData%ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\ave.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P

No comments:

Post a Comment