Wayne tries to get rid of a rogue security program

By | September 10, 2011
Print Friendly, PDF & Email

Wayne needs to get rid of a rogue security program
How can I remove a rogue program that has invaded my computer. It calls itself Vista Home Security 2012 and it has somehow infiltrated my windows security center with it’s own firewall and antispyware that is giving me one large headache with all kinds of pop ups with warnings of virus attacks security breaches which I know are not true. It wants me to buy the full registered program before it will remove all infections it tells me that I have. I am using Avast Antivirus at this time with SUPERAntiSpyware lifetime user and Registry Mechanic. I have scanted my computer with all these programs and they did not find any problems. They are also all up to date. I have tried using the search program as well as Revo Uninstaller and windows uninstaller but could not find the rogue program anywhere. I am totally frustrated. Could you please help.

Our answer
The reason the rogue is on your system is because you were tricked into clicking on one of those Windows warning screens that says something like “your computer is infected with blah, blah, blah Trojan”. These warnings do look very realistic and they do trick millions into installing rogues every day. These windows appear at random while browsing the Web. Once you click on the link “to scan your computer”- you’re infected. And rogues escape detection by antispyware and antivirus programs because they are neither spyware or viruses – they are Windows programs. But they’re very pernicious; they install themselves in many places on your computer. They disable your current antispyware and antivirus and take over Windows Security Center and then hold your computer hostage until you pay for license. These rogues don’t protect your computer even after you pay for them – it’s theft by deception which anywhere else but the Web would be punishable by imprisonment.

But all that is neither here nor there as far as you’re concerned. Your computer is infected and you need to clean out the infection. Now that you’re already infected there are two possible solutions:

1. Use System Restore to go back to a time before you were infected. Unless you’ve deleted restore points, you should have restore points going back 10-14 days. Go back to the oldest restore point you can find and restore your computer back to that point. The only thing you’ll lose will be any programs you have installed during that time; hopefully the rogue was installed during that time. If you restore back to a point before the rogue was installed, it will be just like it never even happened.


2. If you don’t have restore points that go back to a time before you installed the rogue, you can try using Malwarebytes to remove the rogue. It is the only program that can remove most rogue security programs even after they’ve been installed. The freeware version will work to remove the rogue. Remember that the freeware version does not include “real-time” protection, so if you use the freeware version, keep in mind that Malwarebytes will remove the rogue but will protect you from being infected again. The Pro version has real-time protection, the freeware version does not. Here are the links to Malwarebytes Free and Pro:

Malwarebytes (free version) – no real-time protection – but very useful anyway.

Malwarebytes (Pro version) – includes real-time protection – lifetime license.

You can protect yourself from being tricked again by never clicking on warning dialogs that appear in your browser while you are browsing the Web which warn you that your computer is infected. If that happens again, don’t fool around, shut your browser down immediately by using Task Manager, going to the browser’s process and Ending the Process of your browser. Or shut your computer down immediately at the switch – it’s better than becoming infected. Keep in mind that if you try to close your browser normally during a rogue attack you will (in most cases) not be able to and your computer end up being infected.

You can’t uninstall the rogue by using Control Panel even if you see an uninstall entry in the Control Panel for it – it’s just a ruse. The above two methods are the quickest and easiest ways to get rid of rogue security software. You will find long and complicated ways to remove the rogue manually, but these are often difficult to implement and not always effective.

6 thoughts on “Wayne tries to get rid of a rogue security program

  1. Beverly

    My granddaughter had one of the rogue programs on her notebook and could not do anything. I was able to get rid of it by going into safemode and installing the Revo Unistaller program. I then downloaded Microsoft Essentials and ran that program plus Malwarebytes. Her computer is working great now.

  2. Karen Guida

    I wish I had this info sooner. I had this happen to me recently while switching computers, what a nightmare! Thankfully when re-intstalling Windows XP, it got rid of it.
    Thank you Cloudeight for all of your useful info, I share a lot of it with those on my contact list that do not use your site. Hopefully they will start using it themselves and reap the benefits like the rest of us!
    Thanks again.

  3. grayeagle

    Following expands on the above sound advice from Cloudeight. We had a malware downloader take over after doing a picture search and clicking a “loaded” pic from a google results list (the fake “infection” popup showed at the same time as the Avira popup warning & in panic we clicked the wrong one!!) Task Manager seemed disabled so crash the system it was to stop the download. But with our machine plugged into a UPS (uninterruptible power supply), the normal on-off button on the computer front panel failed to crash our Vista system. More panic! I remembered the computer power supply rocker switch on the back of the machine and quick flipped it off. Worked like a champ and I didn’t have to spend time crawling under the desk pulling all the plugs to find the right one! Next did SAS, MBAM and Avira scans after the startup and turned out we dodged the bullet.
    Take home is to know where your machine power supply on-off switch is -I’ve always seen them on the back- and don’t be shy about using it right away. You don’t have more than a few seconds to abort the download. (PS: Just don’t forget to switch it back on before booting up normally again using the front panel switch.) Lot to be said for knowing that drill before it happens cause its gonna happen 🙂

  4. Jaci

    I discovered this useful forum by Malwarebytes yesterday. They have a forum named ‘Malware Removal Guides and Self Help Guides’. I looked up Wayne’s problem with Vista Home Security 2012 and the forum provides complete details on how to get rid of it. Wayne should check it out and also install Malwarebytes to remove it. Wayne you can view the article here:


    1. infoave Post author

      The only problem is — with some of these rogues you cannot access anything in Windows – the popup covers the entire screen. This leads me to believe whoever posted that has never seen a rogue that prohibits you from clicking anything but “Buy Now”. So that’s why you have to be careful because if you tried to follow the instructions posted there you’d be lost since you can’t do anything but click Buy Now. That’s why the only solution is to boot into Safe Mode with command prompt – which does not load the Windows Explorer graphical user interface – and therefore does not load the rogue either. Also you have no internet connection in safe mode with command prompt – but you do in safe mode. The rogue would load in normal safe mode just as it would if you booted Windows normally. It’s not so simple. There are dozens – maybe hundreds of variations of rogue software and the instructions we provide works with them all since none of them load in Windows Safe Mode with Command Prompt. But you can access “System Restore” from this mode although it does take longer to load since the Windows GUI is not pre-loaded.


Leave a Reply

Your email address will not be published. Required fields are marked *