1 2 Previous Next 13 Replies Latest reply on Jun 16, 2011 10:00 AM by Arrlington

    Vista Total Security 2011

      While I was browing internet suddenly got a massage saying my laptop is infected. It says it is Vista Total security 2011. Now I cant open internet at all. How do I get rid of this virus? I use Mcafee anti virus. But I guess Mc afee didnt pick it up and I am very disappointed.

        • 1. Re: Vista Total Security 2011
          Peter M

          It's a fake antimalware application and as such none of the antivirus products on the market will be much good against it.   You have to be really careful these days what you click on and what you download.


          The following can be done all in 'Safe Mode with Networking' which hopefully will allow internet access whilst in Safe Mode.


          Tap F8 repeatedly while booting up and on the ensuing menu it is usually choice number two.


          The 1st easy way would be to start System Restore to go back to before all this happened.


          You don't state your operating system and service pack and I would need that information to help you further.


          System Restore is usually found under Start/All Programs/Accessories/System Tools/


          If that is successful temporarily disable System Restore to clean the infected restore point.


          Also update your system and McAfee afterwards.


          If that is not succesful or if you don't have System Restore turned on, the following can all be done in Safe Mode with Networking.


          Download the FREE version on THIS tool.  Update it immediately and run a full scan.  Let it remove anything it finds.


          Reboot if asked to.   That should fix things.   If not, post back with more information as requested previously.

          • 2. Re: Vista Total Security 2011
            Peter M

            I forgot to mention.  BleepingComputer Forums usually have excellent guides on removing these sorts of things and sure enough, a Google search found this:  http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-201 1


            Read down the page as the first links you see are all advertising which helps pay for their excellent work.

            • 3. Re: Vista Total Security 2011

              thanks for your reply. But I had already called Mcafee team and got the virus removed. But ever since I got another problem. Some websites' text get overwritten and some images dont show up. I have tried changing font size, resetting browser setting etc. But the still the issue remains.

              • 4. Re: Vista Total Security 2011

                Can you take a screenshot of this next time it happens, and include it in a post so that we can see what's happening? It's difficult to know what to recommend until we understand the problem.

                • 5. Re: Vista Total Security 2011

                  When I try to insert image here, an error occurs which says internet explorer is closing. I cant insert the image.

                  • 6. Re: Vista Total Security 2011
                    Peter M

                    There's an ongoing issue between this board and IE.  They are working on it.


                    Do you have another browser installed such as Firefox 4 or Chrome?

                    • 7. Re: Vista Total Security 2011

                      no i dont have.

                      But this happend only after I got the virus. Before that it was working perfectly.

                      • 8. Re: Vista Total Security 2011

                        Hey i had this problem also. I used a program called a Spybot Search and Destroy. I had to run it one time to kill the head so that it did not boot then i booted into safe mode and ran spy bot again and it got rid of it.

                        • 9. Re: Vista Total Security 2011

                          The distribution of "Vista Total Security 2011" has apparently become much more sophisticated. After having one of my computer clients call me up just before midnight last week after being hit by this virus, I have become much more vigilant. I ran some experiments yesterday and today and confirmed that an infection can be triggered by merely visiting an "enticing" website. My client was using Firefox with Windows 7. I use Internet Explorer 8 with Windows Vista. I keep my Microsoft Windows software updates current.


                          The user does not have to click anything.


                          I believe that a Java vulnerability is being exploited. What I observed what that the webpage displays for about one second, some text appears which replaces the image for about another second, and the browser instance is closed by the virus. A new icon immediately appears on the taskbar that appears to be a genuine Microsoft icon. Warnings begin to be issued, some with sounds. I believe that some of the screens are screen captures of valid Microsoft warning screens. I close the screens by using the exit at the top right. You may need to use an Alt-F4 exit from the taskbar to close the fake warning. If the warning screen refuses to close, I found that I could use the handle and move it to where it did not block the center of the screen.


                          I have learned to avoid rebooting, because according to other user reports, the virus becomes much more embedded on rebooting.


                          My advance preparation is that I have downloaded and updated Malwarebytes Anti-Malware AND Spybot Search & Destroy from a known trusted website such as CNet or MajorGeeks. As soon as I observe this virus, I also turn off the switch on the front of my computer that controls the wireless connection to the internet, as this infection can download additional programs from overseas servers.


                          On 02 June 2011, I observed that Malwarebytes Anti-Malware was blocked from starting by this virus. However, Spybot Search & Destroy started and identified the following:


                          Fraud.DesktopSecurity2010      1 entry      Malware

                          Fraud.InternetSecurity2011      14 entries      MalwareC

                          Right Media                               1 entry      Browser.


                          I removed all of these infections with Spybot Search and Destroy and clicked the checkbox on the dialogue box to start Spybot Search and Destroy just after rebooting. Even though this second scan takes about an hour on my machine, I think that it is prudent to run, even though nothing was found during the three times that I ran the tests.


                          I then ran Malwarebytes Anti-Malware. The first time I ran a complete scan (which takes several hours) it also found Backdoor.Cycbot.Gen inside the c:\Users\UserName\AppData\LocalLow\Sun\Java subfolder (where UserName is your user name.) which I deleted. I think that my prompt internet disconnection prevented it from being downloaded on the second and third tests.


                          Since this infection exploits both Firefox and Internet Explorer 8.0 browsers, I hope that a browser patch becomes available soon.

                          1 of 1 people found this helpful
                          1 2 Previous Next