Last night my computer got attacked by the Vista anti-virus rogue spy-ware program. This nasty sonovabitch prevented me from going on the internet or doing much of anything else. Even worse, Spy Sweeper (which has been excellent in the past) didn’t catch it and couldn’t find it when I swept. WTF?
I had to go online using my lap top and hacking off a neighbors WIFI. With help from THIS cite I got the attack to stop.
The problem is, the Vista Icon is still on the lower toolbar of IE. My wife said it popped up a couple times this morning and asked it she wanted to scan the computer for infections.
How do I get this mofo completely off my computer?
I would back up the data you want to keep to another system or to DVD, and reinstall Vista.
Sometimes the damage done by a virus and the subsequent virus cleanup leaves you with a computer that is never quite right and it’s soooo much better just to reinstall.
I’d start with malwarebytes from malwarebytes.org.
Download it, install it, update it, run it, delete anything it finds.
Run it again, delete anything it finds.
Boot to safe mode (if you weren’t already there)
Run it again, delete anything it finds.
Go back to regular more
Run it one more time and delete anything it finds.
No advice on the actual mechancs of getting rid of that thing from me, but when I had a really nasty infection on my computer I went to bleepingcomputer.com. It is free and composed of computer types who love doing this kind of stuff on the side. If you are so inclined they do accept donations via paypal but it is not required. It takes a few days for a pro to get around to your post and probably a few days of back-and-forth before your problem is resovled but, if you don’t have any luck with DIY give it a shot.
Oh, I should mention that I have nothing to do with the site. I found it while seeking help with my own computer issue and it was a lifesaver (or at least a computer saver!)
If Malwarebytes finds the same spyware on two consecutive scans, there is probably a rootkit installed that is hiding the real source of the infection.
Try the Kaspersky TDSSKiller, which targets rootkits, especially the TDL3 &TDL4 rootkits, which are the most common ones in the wild right now. The download link is at the bottom of that page. You may have to download it from a clean computer onto a flash drive to run it on the infected computer.
Running anti-malware/antivirus tools from safe mode is good, running them from a cd-rom boot disk is even better. Search for antivirus boot cd. I know AVG & Kapersky have them available. I suspect most mainstream vendors offer them.
If possible, do the download & burn from a known clean system.
I don’t think you’ll have to do the backup/wipe/reinstall dance with what you’ve got, but if you do go that route be aware you may be backing up the source of infection too.
A forgotten tool: if you know when you got infected, use System Restore to go back before you got the infection. Most malware has stopped defending against this.
Here are some much more comprehensive removal instructions for the infection you have. It is capable of changing names through about a dozen different Vista permutations, including Vista Anti-Virus 2011.