Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Anti Spyware 2011


  • Please log in to reply
4 replies to this topic

#1 goldcoastyap

goldcoastyap

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 03 May 2011 - 02:44 AM

I am running Windows Vista and have the Vista Anti Spyware 2011 infection

Boot into safe mode and "try" to run rKill

No matter which variant I download and run they refuse to run and I get Vista Anti Spyware pop up windows

When I bring up task manager, the file which is running this program appears to be dlc.exe (once I close this it is gone, until i attempt to run rkill or something else)

BC AdBot (Login to Remove)

 


#2 booterbotter

booterbotter

  • Members
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pearl of the Orient
  • Local time:01:16 PM

Posted 03 May 2011 - 02:50 AM

Are you certain its dlc.exe? If you are, you may look for it manually and use the windows cacls command to disable it.
Most rogue software resides at the following location:

Associated XP Internet Security, Vista Antimalware 2011, and Win 7 Antispyware 2011 Files:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe

File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.

File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.
Resource:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011



To use the cacls command you must run the command prompt as an administrator.
Once you are in the location where the dlc.exe is type in:

cacls dlc.exe /t /c /p everyone:n

This should get rid of it, then you may run rkill then scan with mbam.
If your getting an option open with, you can download the .exe fix from:

http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html



***edited for additional information.

Edited by booterbotter , 03 May 2011 - 02:54 AM.

Patience is a true virtue. Never give up, never surrender.
BleepingComputer.com Message Board Rules


#3 goldcoastyap

goldcoastyap
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 03 May 2011 - 02:56 AM

When I end it as a process, then the antispyware 2011 shuts down

If I right click on it in the task manager and open location, it takes me to %UserProfile%\AppData\Local\

But there is no trace of the file


The first thing I did before I posted here was visit the removal page and look for the files mentioned % registry entries, but they weren't there

#4 booterbotter

booterbotter

  • Members
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pearl of the Orient
  • Local time:01:16 PM

Posted 03 May 2011 - 02:59 AM

You need to show the hidden file and system files from your folder options. (Just uncheck them)

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows-vista/

note:
Please read again my first post as I added some instructions there.

Edited by booterbotter , 03 May 2011 - 03:00 AM.

Patience is a true virtue. Never give up, never surrender.
BleepingComputer.com Message Board Rules


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:16 AM

Posted 04 May 2011 - 01:01 AM

Hello,

I have deleted your duplicate topic in the log forum.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users