I am unsure how my PC got infected with Vista Antivirus 2010 but since doing so yesterday all attempts to remove it have failed.

I am using Avast [free version] and it was up to date when this Trojan decided to come aboard… Tried to get Avast to get a boot scan but the Trojan stops it dead in its tracks.

Likewise cannot get Malwarebytes to run as it gets taken over immediately also.

Any malware removal executable program placed on the desktop seems to be affected the same way.

After checking through the internet, most advice assumes that the user can get malwarebytes and other programs to run - unfortunately this is not the case.

Tried booting from a recovery disc. Got into the Command prompt and thought I might be able to install malwarebyes this way - regrettably, it fails at the last hurdle because it cannot find msvbvm60.dll. It’s present on the PC but not the recovery disc so I figure this is why it cannot find it.

Similarly, I had hoped to kickstart Avast from the command prompt but that too is not working.

Any ideas guys?

Try this step by step removal guide

How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

This one can be very difficult to remove. However, there is a removal guide here http://www.geekstogo.com/forum/How-to-remove-Internet-Security-t267355.html which works in 90% of the cases. At the moment the malware does not recognise the tool used

Thanks Pondus and essexboy for your input.

I am working through Pondus’ suggestion and have at least managed to start a Malwarebytes’ scan. Given the number of files and drives I have this will take a while.

I shall keep you posted of progress.

I shall keep you posted of progress.

Thats good - as I am working on one now where the BC fix did not work so I am having to try different methods

Bleepingcomputer.com tells you to use another PC and downlaod fixexe.reg file. However, if you don’t have another PC you can create fixexe.reg file on the infected PC too.

1. Go to Start->Run or press WinKey+R. Type in “command” and press Enter key.
2. In the command prompt window type “notepad”. Notepad will come up.
3. Copy all the text in bold below and paste into Notepad.

Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT.exe\shell\open\command]
[HKEY_CLASSES_ROOT.exe]
@=“exefile”
“Content Type”=“application/x-msdownload”
[-HKEY_CLASSES_ROOT\secfile]

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)
5. Double-click on fix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK.

Source: http://deletemalware.blogspot.com/2010/01/how-to-remove-vista-antispyware-2010.html

Unfortunately on my one I can’t even get her to run notepad, it is getting stopped in its tracks

Scan just completed with 1 infection and that was in a txt file that I created? Rather strange. The Vendor is Malware.Trace with a reference # 92398 if this means anything to you guys.

The PC has rebooted with the Avast program back and the icon showing that states that some startup programs have been blocked. When I hover the mouse over ‘Run blocked program’ it displays Malwarebytes’ Anti-Malware but with the Vista shield icon rather than the MBAM icon. :-\ This is how the Trojan was displaying itself hence my reluctance to be joyous.

Furthermore, if I look at Software Explorer to display Startup Programs it shows MBAM as Permitted rather than blocked. ???

I’m reluctant at this stage to transfer the log file to my lappy so that I can share the limited data with you as I’m unconvinced that the threat really has gone. How scary is that!

I think I’ll go for a belts and braces approach and get Avast to do a boot scan as well. This will take a while. Shall report back when that’s finished.

Thanks guys.

Avast did find something in a KeyGen folder in the depths of a Roxio download [I think as part of an upgrade but could be wrong] but totally froze at that point and would not let me delete it or continue. Every option would not respond - or the keyboard had gone into sleep mode. This was in one of my secondary drives, drive G:. Drive C: [my boot drive], D:, E: and F: were all clear. I resorted to closing down manually by depressing the power switch and deleted the offending file manually when the system returned. I am now running a bootscan once more.

Should have said the infection was win32:Spyware-gen [spy]

Im surprised you have not tried what Essexboy suggested. Running Erunt and OTL should take a matter of minutes.

Well I ran Avast through several times and MBAM and all was clear despite several shut downs and restarts.

Switched on this morning and it’s back before all the startup items have even started. So well peeved off.

So, I’ll go backto essexboys’ link and see what that offers and probably be back later.

Another thought has crossed my mind … what is the likelihood of the trojan attaching itself to my memory sticks that I used to transfer my downloads from my laptop to the infected PC? Yesterday I used 2 USB sticks to do this. If I now place one in my lappy am I likely to transfer the damn thing?

I am so cheesed with this that I’m thinking of reinstalling Vista and starting from scratch.

If I now place one in my lappy am I likely to transfer the damn thing?

Put this on your laptop
http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/
http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

i am convinced that Essexboy can remove this for you if you follow this guide and post the logs here so he can see what`s in there
http://forum.avast.com/index.php?topic=53253.msg451454#msg451454

I am so cheesed with this that I'm thinking of reinstalling Vista and starting from scratch.

I was going to suggest the F-Secure rescue CD but I saw you managed to deal with the problem.

I’m not sure if it is possible for it to get transferred to the USB stick, but you might want to scan it just in case.

Looking through the file this creates, I don’t think it would. Hopefully Essexboys method will see you right.
I have just been reading about this malware on MBAM forum. Apparently renaming the set up file and the main exe file to com has had some success.Also as this is new MBAM would need to be recently updated.
http://forums.malwarebytes.org/index.php?s=61e6a3c671ab6b34e097b479f698224b&showtopic=38047&view=findpost&p=190712

Don`t know if this will have any effect on this bug, but there will be a new MBAM 1.45 release soon
http://forums.malwarebytes.org/index.php?showtopic=38860

Hi, just tried renaming as MBAM forum but no joy. Darn Trojan starts up each time. Tried renaming it because it was a quick go. Will try essexboys system later but need a new memory stick to transfer. Still have a reluctance to use those that I aleady have.

Thanks for your help.

The new version of MBAM looks good. Hope it’s released sooner rather than later.

Have you tried MBAM in safe mode ?

I hadn’t but will now.

Thanks