HELP - Vista Guardian 2010 virus

[canspec]

HELP!!!
I have this virus called "Vista Guardian 2010" and it won't let me run Malwarebytes, my anti-virus program or anything else. A box pops up telling me about all these infections and to buy their program! I can't even get into "safe-mode(F8) to try to run Malwarebytes to get rid of it like an article on the net said to do. Is there any way to get into safe-mode other than F*? I can't get into system restore either! Thanks for any help with this!

 

[brady]

stop: av.exe
remove:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*

remove:

\%Documents and Settings%\[UserName]\Application Data\av.exe
%Documents and Settings%\[UserName]\Application Data\WRblt8464P

 

[Tews]

It is strongly recommended that your backup your registry before you proceeding with this method.

Kill the following process:

av.exe

Delete the following registries entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

Delete the following if you have Firefox installed:

*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode

Search and remove the following files:

av.exe

 

[canspec]

It is strongly recommended that your backup your registry before you proceeding with this method.

Kill the following process:

av.exe

Delete the following registries entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

Delete the following if you have Firefox installed:

*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode

Search and remove the following files:

av.exe

Wouldnt backing up my registry also include backing up the virus into the registry?...Sorry just new at all of this...Thanks for your help.

 

[brady]

technically yes, however if you ruin something, it's easier to recover with a virus filled registry then having nothing. /wink

 

[canspec]

Now it won't let me into the Registry to delete the keys u guys recommended. I don't have restore discs as well to restore the entire system

 

[Jacee]

What this does....
How to remove FakeRean (FakeRean Removal) | Malware Help. Org

If you are still unable to get rid of this rogue security software, please visit one of the recommended forums for malware help and post about your problem.

 

[brady]

Now it won't let me into the Registry to delete the keys u guys recommended. I don't have restore discs as well to restore the entire system

Did you get an error when trying to run "regedit"?

 

[Product FRED]

Try starting up in Safe Mode. Start up your computer and keep hitting F8 until the boot menu starts up. Hit Safe Mode. Unplug your internet cable so the virus doesn't try anything funny, and then try running Malwarebytes' and/or your Anti-Virus. Then, try running regedit.

 

[Jacee]

He can't get into safe mode, plus The scareware executes (av.exe) every time a .exe file is run.

Please read my post above

 

[Product FRED]

He can't get into safe mode, plus The scareware executes (av.exe) every time a .exe file is run.

Please read my post above

You can use these to edit the registry without booting into Windows: How To Edit Windows Registry Key Values without Booting in Windows Raymond.CC Blog

 

[canspec]

Now it won't let me into the Registry to delete the keys u guys recommended. I don't have restore discs as well to restore the entire system

Did you get an error when trying to run "regedit"?

yup...wont open.

 

[brady]

so no error? it simply just won't open?

Are you an admin on the machine?

 

[canspec]

Try starting up in Safe Mode. Start up your computer and keep hitting F8 until the boot menu starts up. Hit Safe Mode. Unplug your internet cable so the virus doesn't try anything funny, and then try running Malwarebytes' and/or your Anti-Virus. Then, try running regedit.

Wont allow me to go into safemode(F*)

 

[Product FRED]

If you're having an issue with permissions being edited and such, download SUPER Antispyware if you can. It can restore your permissions back to normal and allow you to regedit and other things.

 

[canspec]

When I try to import the reg script it says this:
"Cannot import C:\Users\bev\Desktop|trojan_fakerean_exe_fix.reg: The specified file is not a resistry script. You can only import binery registry files from within registry editor." Do I have the wrong spelling or something? Thanks again.

 

[brady]

I've noticed that with 7 a lot. Right click and "edit" the .reg file. then copy it out into notepad... Then from start menu, just type in "regedit" then manually click down to the registry string you need to modify.

 

[Frostmourne]

Run an antivirus boot disk that can scan before Windows boots and possibly clean the infection. Avira has one - its an iso.

 

[Product FRED]

Run an antivirus boot disk that can scan before Windows boots and possibly clean the infection. Avira has one - its an iso.

I use Avira as my AV, and I've used that disc as well. It's saved my ass once or twice. Here's a direct link for download: http://dl.antivir.de/down/vdf/rescuecd/rescuecd.exe

 

[canspec]

Thanks to everyone! Working now!