Page 1 of 2

Anyone Know How To Remove Vista Security 2011?

PostPosted: Wed Apr 27, 2011 9:43 am
by OneSpirit
I have this friend that has this vista security 2011 on their computer and it is causing problems ... asking for money to fix things that don't exist it's not in the add remove so how does one get rid of it ... the OS is vista home edition.

Is a special tool required? Thanks.

Never mind ... problem solved

PostPosted: Wed Apr 27, 2011 12:35 pm
by OneSpirit
I used spybot to get rid of it. It would not allow me to install AVG free, but I was able to install spybot and that took care of the beast. What an insult that is. It will not allow you to go online through any of the browsers until you get the "registered" version of that rip off. There should be a law against dummies like that!

PostPosted: Wed Apr 27, 2011 12:52 pm
by bdub
you should prolly still do at least one or two other scans... malwarebytes and super anti-spware, and run them in safe mode. it would also be prudent to turn off all system restore points, reboot, then turn system restore back on.

Re: Never mind ... problem solved

PostPosted: Wed Apr 27, 2011 1:05 pm
by Roach412
OneSpirit wrote:I used spybot to get rid of it. It would not allow me to install AVG free, but I was able to install spybot and that took care of the beast. What an insult that is. It will not allow you to go online through any of the browsers until you get the "registered" version of that rip off. There should be a law against dummies like that!


considering that vista security 2011 is a virus/malware, it's trying to get you to provide banking/credit card information - it wouldn't provide you with any "registered" version...it's a ploy to get you to think you're being stopped by a valid security software, which it's not.

do like bdub said - get malwarebytes at the least and run it in safe mode. have your friend be more vigilant to the sites they frequent, and files they open. :oops:

-Roach

PostPosted: Wed Apr 27, 2011 1:35 pm
by fussnfeathers
There's a few of those making the rounds these days. The last one I ran into started with the machine, would allow you to open the browser, but not see anything, disabled firewall and AV, the works. All of them so far have required a complete drive wipe and reinstall.

Another problem ... dang it. :(

PostPosted: Wed Apr 27, 2011 8:38 pm
by OneSpirit
fussnfeathers wrote:There's a few of those making the rounds these days. The last one I ran into started with the machine, would allow you to open the browser, but not see anything, disabled firewall and AV, the works. All of them so far have required a complete drive wipe and reinstall.


Don't you hate it when that has to happen! The @holes that put out this crap should get some of their own medicine!

Ok I got something else that is related going down ...
I'm getting this error with window vista ... Windows Defender "Application failed to initialize: 0x80070006. The Handle is invalid" ... and I found this fix at this website.... at the bottom he has this fix, at least I think I did ... but I'm not sure how to implement it.

Fortunately, the error is pretty easy to figure out: Windows Defender cannot acquire a handle on the WinDefend service ... because this service does not exist!

Why on earth was the WinDefend service removed from my computer ? I guess I'll never know. But for the time being, it is enough to export the following registry key from another Vista computer, and to import it back again:

HKLM\SYSTEM\CurrentControlSet\Services\WinDefend

Case solved !


So can anyone tell me how to put this key into the registry? I don't see any HKLM in the registry at least in the registry edit.

PostPosted: Thu Apr 28, 2011 6:18 am
by bdub
do you have m$ security essentials installed, and is it running correctly?

hklm is for hkey local machine, do you see that in registry?

PostPosted: Thu Apr 28, 2011 6:48 am
by OneSpirit
I uninstalled M$ security because I installed avg free and zone alarm ... does it need it? Yes I do see that in the registry ...

Is this it?

PostPosted: Thu Apr 28, 2011 7:17 am
by OneSpirit
I think this is what is needed but I don't know how to put into the registry ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-3068"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
"Security"=hex:01,00,14,80,04,01,00,00,10,01,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,d4,00,07,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Enum]
"0"="Root\\LEGACY_WINDEFEND\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001




anyone know how?

PostPosted: Thu Apr 28, 2011 7:39 am
by bdub
put that code in a text file and rename the text file to have ".reg" at the end. then double click the reg file and it'll insert it. you should backup entire registry before you do this.

i was just wondering if bit defender was turned off because MSE turned it off, and i was also wondering if MSE was intact. MSE wouls be better to have on that system than not. i don't like AVG much, but i think it'd be ok to run the two together.