So just now on my main pc running vista 32 bit just got the "vista home security 2011" virus. I tried looking up removal for it and everything I have found so far tells me to go to safe mode and download malwarebytes. My only problem is that this virus is effecting my safe mode with networking the same it effects my normal start up, i cannot browse. Need help!
Do you have another system ?? -- If so download MalwareBytes to a USB thumbdrive and use it on the infected system from safe mode. (If it still will not run try renaming the file after copying it to the thumbdrive - some virii have a database of files they will not run and renaming the file can sometimes help)
You have installed a relatively tough to uninstall rogue anti-malware. Here is my weird solution: System Restore via a boot disk or recovery method, then install MalwareBytes, and remove any remains. Remember to remove all your existing System Restores since they could be infected, and create a new one immediately. This method worked well for me when I helped a friend remove Vista Home Security 2011 when no other way was possible. And no, System Restore via boot up or safe mode will not work.
1. Open Windows Task Manager by clicking CTRL+SHIFT+ESC
2. Find a 3 letter word .exe file, with a Process ~11,000 K and a Description of the same 3 letter word.
*In my case, the virus is called "bwr.exe", and the Description is "bwr"
3. Right-click on this and click "Open File Location"
*You will be directed to a folder that looks like AppData > Local. But surprisingly, you can't find the .exe file right?
4. So in this folder, you need to change the "Folder and search Options" through the menu "Organize" (or "Tools" when you're in safe mode.)
5. In this Folder and search Options, go to the "View" tab
6. Under the View tab, do these:
a. Choose "Show hidden files, folders, and drives"
b. UNCHECK "Hide protected operating system files (Recommended)
c. UNCHECK "Hide extensions for known file types"
Then press OK
7. Now, you can see in the folder the .exe file virus, right? Click on this .exe file, then press SHIFT+Delete (Shift+Del is different from the simple Delete because this lets us delete the selected file permanently and not just be stored in the Recycle Bin)
8. Now, the virus is removed!
9. Open Windows Task Manager by clicking CTRL+SHIFT+ESC again, then just select the .exe file and "End Process"
10. congratulations, your computer is back to normal again!
Enjoy guys! You can run any anti-spyware and anti-virus softwares after so as to be sure there are no other shitty worms in your pc
Once you've deleted the virus, you can also undo the steps you did at #6.
my friend has the 2012 version of this, none of the processes are showing up in taskmanager and none are showing up in msconfig. anyone have any ideas how to stop these? i have even used processexplorer to try and find/kill and with no luck. his antivirus program (the legit one) is still running and cant be shut down but it wont find or remove the infection. i have ran through the basic regedit process and removed what i could from there but it still runs and i also cant find in any of the folders anything that even resembles the program. i have typed %alluserprofile% but nothing is there.. there is NO trace of this virus on the computer except the insaine popups and fake security alerts and the complete inability to use the internet at all.. firefox IE and chrome are all comprimised and the "fix" to get them back to working doesnt work as the settings have not been changed. anyone have any ideas how to force "hidden" task man apps into view?
I too have tried all those steps with no app virus file showing in processes...some random come up in system 32 whereby i did correct the path of the host file which was corrupt. that aside, i have installed ESET NOD 32 antivirus which is currently running a scan - however not sure if it will pick it up.
...To winja - have you found a solution as yet - if so can you please divulge your findings
....to Area51 - thankyou - that was a very concise process, and can see how that would work - but 2012 must have a few more tricks up it's virus-infested sleeve! any more advice without having to go into all sorts of steps in safemode. (I am far from an IT professional!)