Hopefully no-one will need to worry about this but I thought it best to inform people of a fix ahead of time because when you have it its to late to do anything about it, especially if you only have 1 pc in the home its essential your prepared.

Theres a threat out there and I got stung by it today. Its not exactly new but has got a new round of updates, a Rogue Anti-Spyware called (insert your OS here) internet security.

Im not sure how I manage to get it, was on facebook earlier today closed Firefox, walked away for awhile and got it popping up sometime while afk.

This looks like a totally legit looking like the windows security centre and could easily fool a casual observer, normally this kinda thing you can find a simple way of removing it but this will cripple your system every progam you attempt to run will launch this.

The only way around it is to create a registry fix on a second PC, the problem with this is the filenames also change system to system there is a fix out there and your best bet is to be prepared and make a copy of the registry fix now. You wont be able to run regedit on an infected machine (or anything else for that matter).

http://www.2-viruses.com/remove-vista-i ... urity-2011

You generally just need the registry fix stated there to remove its control of programs. While I didnt have the exact named exe's but this appears to have worked.

You will also need to delete the file that was running manually, you will need to bring up task manager while infected and try to identify the file in question.

It will be a user run file (ie in the username column mine says "wildride") mine was vcm.exe, you can test it by shutting down the process and seeing if Vista Internet Security closes (It will load itself up again as soon as you try to run anything)

To actually see the file in the folder you need to be able to see system and hidden files.
This is enabled by going into explorer and in the drop down menu for "organize" select Folder and Search Options. Go to the view tab and select to show hidden files and folders, as well as deselecting "hide protected operating system files."

Simply delete the file after that.

I would not bother with spyware doctor, it didnt pick up much of anything and you need to pay for it to remove any threat. MalwareBytes is something you should get and use afterwards. Not looked at the Hitman pro thing they mentioned.

Either way Malwarebytes only saw the invalid registry entry for Vcm.exe which it deleted.

Note after running the registry fix, I had to run things as administrator until I reset the PC.

ooooo ouchie

Thx for the heads up wilde.

Only have 1 pc in the house myself so could not apply the fix if i was unlucky enough to get infected

So spose the only thing is a full format and reinstall for those of us not lucky enough to have 2 pc's in the house

If you didnt have the regfix already there ready to go.. the second PC was more to create a CD to put it onto and use on the infected computer. Registry modification isnt done via exe's which is what the bugger focus's on.

It was just I could see someone in your position having a reformat otherwise as even in safe mode running any application made the darn thing run and not the application you wanted to run.

So for you just download the registry fix and keep somewhere on the HD/Desktop in case your ever affected by it. If you ever are then you can just run the registry fix and it should remove the entries causing it to over-ride your control over launching programs.

There's a reason we have banned Facebook at work!

We used to get a lot of drive-by infections; it's not Facebook itself, but the advertising servers (or other support servers for various items on Facebook). With Facebook blocked, infections have dwindled to minimal. Usual response? "But it's just Facebook!"

I've always done it manually (either using HijackThis, or a bootable XP memory stick and deleting the files), but they're always named randomly so there isn't really a tried and true method of removal.

Glad you managed to kill it.