As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

"Vista Smart Security"

JamesKeenanJamesKeenan Registered User regular
edited April 2010 in Help / Advice Forum
Ok, I've had this same malware a few times, and I've even learned the trigger. I get it everytime, and only when I visit The Pirate Bay. Karmatic, I'd call it.

It's always a different name, "Vista Smart Security," "Vista Security 2010," "Vista Antivirus 2010."

But it's always the same thing. You can google it yourself it you want. I haven't been able to find decent information on it. The only sites that talk about it are obscure forums practically just trying to sell me Spyware Doctor or Malwarebytes. It's basically malware that resets settings on my computer, and is constantly alerting me that I have new, other viruses all over my harddrive.

Now I'm simply intellectually bothered and curious. It can't be the site that's infected, or I'd have heard about it online. Someone else would have said something. So what else could it be?

I've used system restore the last few times I got it because malware programs weren't picking it up.

Is it likely it's stored on my computer still, and only triggered when I visit that site? I just don't know.

Does anyone know anything really helpful on getting rid of this thing, and why might be causing it to only active when I visit one specific site?

JamesKeenan on

Posts

  • Options
    MetalbourneMetalbourne Inside a cluster b personalityRegistered User regular
    edited April 2010
    These type of malware are usually downloaded from ads.

    Installing Adblock will help.

    Metalbourne on
  • Options
    mystic_knightmystic_knight Registered User regular
    edited April 2010
    Download malwarebytes and save it to your desktop.

    now, open up notepad and copy/paste this into it

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\Software\Classes\.exe]
    [-HKEY_CURRENT_USER\Software\Classes\secfile]
    [-HKEY_CLASSES_ROOT\secfile]
    [-HKEY_CLASSES_ROOT\.exe\shell\open\command]

    [HKEY_CLASSES_ROOT\.exe]
    @="exefile"
    "Content Type"="application/x-msdownload"

    save it as fix.reg on your desktop.

    Now double click the file you just made.

    Then install malwarebytes and run it.

    After the regedit or install there's a restart (I forget which part), but that should fix it. The main problem with that virus is it edits your registry and prevents you from installing software that would remove it or even editing it out of the registry, but that fix file should work around it.

    mystic_knight on
  • Options
    SkyCaptainSkyCaptain IndianaRegistered User regular
    edited April 2010
    Use Firefox and use the AdBlock+ and NoScript addons. No more malware.

    SkyCaptain on
    The RPG Bestiary - Dangerous foes and legendary monsters for D&D 4th Edition
  • Options
    travathiantravathian Registered User regular
    edited April 2010
    Plus Flashblock. Between all of that nothing will load on the page but the torrent info.

    edit: but really, if you're gonna engage in risky internet behavior at least be smart enough to do it with a spare PC so you don't jack up anything important. I use an old Dell that is locked down tight, uses a huge hosts file, block the browser from doing almost anything, and that PC is on its own subnet and firewalled from the rest of my network so if it gets jacked I just restore from a known good backup.

    travathian on
Sign In or Register to comment.