Let's start this off by saying that I know about computers to a certain degree. That degree being that I can usually make a computer do what I want it to do, without spending a lot of time doing so, and can generally understand instructions from others regarding the maintenance of said computer without having to look words up. Now, that does not mean I have an in-depth grasp. Indeed, on some level, the computer is still 'Magic Box of Funtimes'.

So, last night at about 1 AM, I suddenly got a pop-up saying that I needed the newest version of 'windows vista antivirus 2012'. I thought nothing of it until I started finding all of the web pages I opened redirecting to the same 'this site is infected/dangerous, buy antivirus now!' page. I still thought it might be a real thing and thought windows was doing some sort of aggressive marketing thing, holding my internet hostage until I shelled out more cash for them. I was playing WoW at the time, and complained of this to trade chat. Thankfully, they swiftly informed me it was actually malware. With a bit of guidance from those more knowledgable, I managed to start a second user profile and download malwarebytes before the entity infected that profile too. I ran the program, and it said it had to reboot my computer. I did, and when it returned, joy of joys, the thing was gone! But there was a new problem afoot. When I returned to my usual user profile, I found that whenever I clicked an .exe file, a window would pop up asking me what program I wanted to run it with. Now, I don't think WoW functions quite the same if you run it through windows media player. Thankfully the secondary profile runs fine, so this will do for now, but I still need to reclaim my true profile. So, I turn to you playground, in the hopes that your wisdom will help me to defeat this vile, formless foe.

TL;DR: Recently infected with the 'Vista antivirus 2012' malware. Malwarebytes took care of that, but now when I try to run .exe programs on my main profile, it produces a 'what program would you like to run this with' window. All programs work normally on the other user profile. I need the playground's help to fix this.

The short answer is look this up on the internet, you can find out what is wrong and fix it. Its a very common, and very invasive virus, it takes quite a bit to get a system back to normal after its gone.

The longer version is that when the virus attacks the computer it tells windows to open all .exe files through it, just like how other file extension open a specific program. It does this so when you try to open a browser to look up the virus you can't, and you can't run things like regedit, or anti-virus programs that aren't already running because they won't open. When malwarebytes clears the virus it simply gets rid of all references to it, it doesn't know what the virus changed before. So the reference in the registry telling the computer what to do with .exe files is no longer there so it doesn't know what to do with them.
I've fixed this all before, but its been long enough that I don't remember any of the specifics.

A site that talks about clearing out the virus should also contain the default values that are there before the virus changed them and tell you how to go through and change them back.

Good grief I hate killing those. There sadly isn't one easy solution for this. Like the above post said you're going have do some searching for tools in order to get the computer back up and running as it should. I'd offer my usual solutions but they aren't readily available.

One tool that might help if you can find it is Dr. Web.

TL;DR: Recently infected with the 'Vista antivirus 2012' malware. Malwarebytes took care of that, but now when I try to run .exe programs on my main profile, it produces a 'what program would you like to run this with' window. All programs work normally on the other user profile. I need the playground's help to fix this.

It sounds like you're going to have to do some registry editing using regedit32. The program must have rewritten your registry entries , redirecting the execution of .exe files from standard to something else.

Google 'vista antivirus 2012 registry' or something like. I caution to proceed very carefully when changing the registry. If possible, double-check with a tech-savvy friend before making any changes, as a registry mistake is a good way to permanently break the computer.

Respectfully,

Brian P.

as a registry mistake is a good way to permanently break the computer.
Making a mistake in the registry is a good way of forcing you to reinstall Windows. Which is completely different from permanently breaking the computer.
That being said, its also not actually that easy to take the computer down by messing in the registry if you have some amount of common sense. If you just go and delete stuff at random, sure, but normally you'll be ok. Especially with any sort of recovery guide.


Also, if you have a backup you can use that to fix most, if not all, of the problems. Depending how thorough and recent your backups are. Windows generally does a small level backup before each update, so as long as you haven't disabled the auto-backup and have the computer updating regularly, you should have a backup made from no more then a couple weeks ago that should get everything up and running again.
Which I had forgot about earlier when I posted.

And of course you can use this as a good lesson in backing up your system without having to actually loose anything.

If you don't know what you are doing in the registry, then don't do it! Messing with your registry is a good way to make sure your computer doesn't work

Approaches you should try is to do a system restore to an earlier date and see if the virus is still there and do a sweep again with malware bytes to make sure.

See if that works. If not, then I would just suggest putting everything you want onto an external hard drive and just reinstall factory settings or reinstall windows. Sure it takes longer and might be as long (though not as difficult) as trying to change the registry stuff, but think of it this way.

Your computer will be brand spanking new as the day you bought it. :smallbiggrin::smalltongue:

My wife's computer recently got this, and I cannot figure out how to fix it. I'm fairly certain I need a new anti-virus, but when I tried to install symantec (which my school offers to students for free), that didn't work. She currently uses avast!. Any suggestions? I don't have any ready cash, so something free would be nice.

My wife's computer recently got this, and I cannot figure out how to fix it. I'm fairly certain I need a new anti-virus, but when I tried to install symantec (which my school offers to students for free), that didn't work. She currently uses avast!. Any suggestions? I don't have any ready cash, so something free would be nice.

I don't quite remember what I used to get rid of it, as I have several different AVs and don't remember what I used at any given time. I know some of the AVs didn't get it all.
I think in the end I found the .exe (might have shown up in msconfig startup menu but forget at the moment) then deleted it manually then went through the registry manually and removed every reference to it. After it was booting clean I then backed up to an older back-up point. The one good thing about the virus is once it gets a hold of the system it makes itself known instantly, so any recovery point that wasn't made after you got it will be clear of the virus. Its not one that sits dormant.

I had something similar happen to me recently, and here's what I found:
For a (very) temporary solution, right-click=>run as administrator still worked normally.
For a permanent solution, this kind of registry hack is one of the things Spybot Search and Destroy (http://www.safer-networking.org/en/home/) can detect and fix with nothing more complicated than clicking a few buttons and waiting.

I had something similar happen to me recently, and here's what I found:
For a (very) temporary solution, right-click=>run as administrator still worked normally.
For a permanent solution, this kind of registry hack is one of the things Spybot Search and Destroy (http://www.safer-networking.org/en/home/) can detect and fix with nothing more complicated than clicking a few buttons and waiting.

Let me just add that I want to have spybots babies. This thing has saved my butt more times than I want to think about. Ive gotten that malware fake antivirus stuff several times, first time I didnt realize what it was and started clicking on all sorts of options. It was in there so bad I had to wipe everything and start over from scratch. The last couple of times it has snuck in I was able to slap it down before it could take over my computer so the damage was minimal. But yeah, spybot search and destroy is my favorite. It does a great job of removing crap that gets past the antivirus programs and fixing any damage that it might have done.

Unfortunatly your computer is now in a state where you can't trust it anymore. Even if you somehow manage to remove this virus (or what you see of it) you have no way to tell if there are other malicious things working in the background and you can't know if what you computer is showing you or showing some anti virus or anti malware programm really is the truth.

The only way to get you PC back to a state where you can trust that there isn't someone else controlling it or spying on you is to get someone who can help you with backing up your important data (it would even be better if you allready have a backup of your data), wipe you harddrives clean (format it) and reinstall a fresh windows.

The following link goes a bit more into detail why you can't trust it anymore:
http://technet.microsoft.com/en-us/library/cc512587.aspx

Editting the registry is bad juju. You could do some serious damage (not that there isn't already serious damage). How backed up are you? You're best bet is probably to buy an exernal HD (assuming you don't already have one), back up anything that can't be reinstalled from a disk or teh intarwebs (including stupid stuff like your FF favorites), and nuke the whole shabang from orbit. A reformat is the only way to TRUELY be sure. It'll put all of your system files and reg keys back in their right and proper form.

I'd do this if a system restore don't work. It takes a little time, but its much less time than poking at the problem with a sharp stick will take.

Funny you should post this. Two days ago I also got the "Vista Antivirus 2012" virus. My real anti-virus didn't pick it up, and the virus wouldn't let me access the internet, run Spybot or do a system restore.

Since I'd been planning on reformatting my computer anyways, I just did that and am now currently reinstalling the drivers for all my hardware. It's a pretty nasty virus though, and I'm still trying to figure out where I could have gotten it from.

We must all be going to the same website. Same problem on my laptop, two days ago. Actually, I had this same virus on my lappy earlier this year and managed to nix it with fixexe (http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fdownload.bleepingcomputer.com%2Fr eg%2Fantivirus-vista-2010%2FFixExe.reg&rct=j&q=fixexe&ei=1hrPTZqCMILEsAP__NzDCw&usg=AFQjCNERQxfVAhq_ClbVI8t6n-KKLLAU3A&cad=rja) then ran malwarebytes in safe mode.