05-08-2011, 12:56 PM
(This post was last modified: 05-08-2011, 01:10 PM by Brandenx781.)
This is just a short tutorial of removing Vista Security 2011, without having to go take a risk of changing your registry settings. I don't know if this works with other rogue anti-viruses.
Yes you can use scanners like MalwareBytes', SUPERantispyware, ESET Online Scanner, etc. However, what if the virus doesn't allow you to access the internet?
I am going to use my friend's situation as an example:
![[Image: unledwe.jpg]](http://img59.imageshack.us/img59/1130/unledwe.jpg)
There are a lot of processes, but one of these processes is the rogue anti-virus. Do you see it? You can easily identify the rogue anti-virus program in your Windows Task Manager.
In the above picture, the "Vista Security 2011" is none other than itn.exe. How do I know this? Well, the antivirus disguised itself as a process, to be a 3 letter word .exe file. So in this case it would be itn.exe. The process should be 15,000 K or below. Also, look at the description.
File Name: itn.exe
Description: itn
This makes it suspicious doesn't it?
The anti-virus is gone because it is not running anymore, however it will keep coming back when you restart your system. So we have to delete this file permanently.
Now go back to the folder. That is where Vista Security hides itself. You can't see the exe file right? That is because it is hidden.
Now, in this "Local" folder, you're going to have to change your settings a little.
By doing this, you will now see all of the files that are hidden.
In my case, I'm looking for itn.exe and I found it:
![[Image: vvvld.jpg]](http://img269.imageshack.us/img269/3554/vvvld.jpg)
Now that is the application that has been on your computer. This is to run Vista Security. Next steps:
By hitting the Shift+Delete button, you are able to permanently delete the file instead of having to send it to the Recycle Bin.
"Vista Security 2011" should now be deleted from your computer. You can do a scan just to make sure. You should now be able to access the internet.
Remember to rehide your files again.
Yes you can use scanners like MalwareBytes', SUPERantispyware, ESET Online Scanner, etc. However, what if the virus doesn't allow you to access the internet?
I am going to use my friend's situation as an example:
![[Image: unledwe.jpg]](http://imageshack.us/photo/my-images/59/unledwe.jpg/)
There are a lot of processes, but one of these processes is the rogue anti-virus. Do you see it? You can easily identify the rogue anti-virus program in your Windows Task Manager.
In the above picture, the "Vista Security 2011" is none other than itn.exe. How do I know this? Well, the antivirus disguised itself as a process, to be a 3 letter word .exe file. So in this case it would be itn.exe. The process should be 15,000 K or below. Also, look at the description.
File Name: itn.exe
Description: itn
This makes it suspicious doesn't it?
- Now right-click on the process and click "Open File-Location". A folder will come up, and you should be in the AppData\Local folder. If not, then navigate to:
C:\Users\USER(Well, your name if you renamed it)\AppData\Local\.
- Now go back to your task manager, and end the process.
The anti-virus is gone because it is not running anymore, however it will keep coming back when you restart your system. So we have to delete this file permanently.
Now go back to the folder. That is where Vista Security hides itself. You can't see the exe file right? That is because it is hidden.
Now, in this "Local" folder, you're going to have to change your settings a little.
- Click on Organize
- And then click on "Folder and Search Options"
- Then go to the "View" tab.
- 1. Choose "Show Hidden Files, Folders, and Drives"
- 2. Uncheck "Hide protected operating system files"
- 3. Uncheck "Hide extensions for known file types"
- Then press OK.
By doing this, you will now see all of the files that are hidden.
In my case, I'm looking for itn.exe and I found it:
![[Image: vvvld.jpg]](http://imageshack.us/photo/my-images/269/vvvld.jpg/)
Now that is the application that has been on your computer. This is to run Vista Security. Next steps:
- Click on the file ONCE so that you are able to highlight the file.
- On your keyboard, hit the Shift+Delete button.
By hitting the Shift+Delete button, you are able to permanently delete the file instead of having to send it to the Recycle Bin.
"Vista Security 2011" should now be deleted from your computer. You can do a scan just to make sure. You should now be able to access the internet.
Remember to rehide your files again.
- As you're in the "Local" folder, click on Organize
- And then click on "Folder and Search Options"
- Then go to the "View" tab.
- 1. Unchoose "Show Hidden Files, Folders, and Drives"
- 2. Check "Hide protected operating system files"
- 3. Check "Hide extensions for known file types"
- Then press OK.
HJT Team. Deltron <3 RDCA <3 Quintus <3
![[Image: t5BWm.png]](http://i.imgur.com/t5BWm.png)
