Last night I started getting messages from Vista Guardian 2010 telling me my computer was infected with a number of dangerous files. Messages popped up from the toolbar saying the machine was hijacked, that were security breaches, etc. I ran a thorough Avast scan twice and nothing came up as dangerous, and I checked another menu where you can adjust security for things like peer to peer, MSN, etc., and nothing in any of the sub menus had registered anything malicious.
My security is high as far as Avast is telling me, but Vista Guardian is saying otherwise. And of course, when this program asks if I want to protect the machine, it takes me to its website where I have to buy the full version. I need some help here, and if no can help then please at least provide me with a technical support number so that I can use it to reach a tech rep by phone.
Antivirus Vista 2010, Win 7 Antispyware 2010, and XP Internet Security 2010 are new rogues that are exactly the same program, but are shown with different names and interfaces depending on the version of Windows that it is run on. After I wrote this guide, I was told that this rogue goes under quite a few different names, which I have listed below:
•Antivirus Vista 2010
•Vista Antispyware 2010
•Vista Guardian
•Vista Antivirus Pro
•Vista Internet Security
•Vista Internet Security 2010
•XP Guardian
•XP Antivirus Pro
•XP AntiSpyware 2010
•XP Internet Security
•XP Internet Security 2010
•Antivirus XP 2010
•Antivirus Win 7 2010
•Win7 Guardian
•Win 7 Antivirus Pro
•Win 7 Antispyware 2010
•Win 7 Internet Security
•Win 7 Internet Security 2010
When installed, this rogue pretends to be an update for Windows installed via Automatic Updates. It will then install itself as a single executable called AV.exe that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches Antivirus Vista 2010, Win 7 Antispyware 2010, or XP Internet Security 2010. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last, but not least, when try to browse to a web site, it will hijack your browser and state that the site is a security risk and not allow you to visit it.
No program is perfect and 100% effective. Avast does catch a few of these.
The best program for fake av’s is malwarebytes antimalware (MBAM) and can be found at the link below. Download the free version (on-demand only), install it, update it, and run a quick scan. The quick scan is sufficient most of the time.
