After reading the posts and seeing that the application was listed as an 8 digit number under processes when using task manager I was able to delete it. If you open task manager right away and delete it as soon as it shows up you should be able to end the process before it locks up your computer then you can take your time to remove the virus properly.

Download MBAM. Install and updated. Reboot computer in safemode with networking. Do complete scan. Delete all files. Go to Kaspersky online scan and scan again.
source: http://www.im-infected.com/rogue/total-security.html

wow, so much trouble for 1 virus, you guys should try panda vaccine + bit defender 10 best combo

http://www.easy-share.com/1908015216/USBVaccine.exe

http://filehippo.com/download/file/c92f6187e59b2d2e1fc3788ba9e893f0f28e5dd29120276024cf51f81ed38332

This blog set up is to confusing. You can't tell who is replying
to whom. Which post is working and which is junk.
It should be just simply in order with the post showing who
you are replying too.

no its wrong u can format the computer. and immediately install kapersky 2010 internet security it is the best one. i had 50000 trojans and 30 malwares and it deleted it all i couldnt believe it.

ive removed this bug numerous times on XP.
this time is the kicker. i have tried EVERYTHING.
that is everything listed here, everything in every link here...nadda.
while anyone responding is being helpful, alot are not reading what people are saying
this virus does.

- Internet Security 2010 disables antivirus programs, including Malewarebytes.
(in most instances, it shuts down the system when one attempts to run an antivirus program)

- Internet Security 2010 disables all Administrative Functions, then disables all functions used to make changes
as well. the solutions given are moot by the fact that they require use of said shutdown functions.
any program that is used in the Run command fall under this, be that regedit.exe, gpedit.exe, ect...all
disabled. so using these programs to solve the problem is not an option.

i liked the option of going to the Application Directory and renaming the file/folder. the problem is
that folder is not visable. the Folder options tab is no longer present to make it visible. the navigation bar on explorer is not present to surf there manually. ( its almost as if the people who make this are reading these very blogs and posts and improving the virus against what is being suggested here).

seriously, im at a loss as to what to do with it now. if you have anything the help is appreciated.
and if you know where to register a complaint against these Internet Security people please link it.

This or Antivirus Live and windows alert. This is keeping you from launching Task manager, proc explorer, malwarebytes, combofix and basically any other tool you try to use? It will also make the computer blue screen upon entering safe mode? It is a very nasty infection, but it can be removed.

Perform a search for "sysguard.exe" and remove anything found. (enable show hidden folders for the next part)
Next go to the user folder %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\
You likely will not be able to delete but you can rename the folder.
Now log off, then log back in. The item should not load as it wont be able to locate the folder.

Now you can run Task manager or Proc Explorer, but you shouldn't need it at this point. I was now able to run Malwarebytes here. Before you can update Malwarebytes (you will get an error) you will need to fix the IE settings. Open Internet Explorer > Tools > Internet settings > Connections tab > Lan Settings button at the bottom > Now UNCHECK Proxy server settings and set to "Automatically detect settings".

Malwarebytes and internet browsing should now work. Update Malwarebytes and scan/remove. I like to followup a malwarebytes scan with another malwarebytes scan and Combofix. Combofix can be found here http://www.bleepingcomputer.com/forums/index.php?showtopic=273628&hl=combofix

I hope this helps you remove and I spent a very long time figuring this out for my clients soooo your welcome :)

Hi All,
I am an CompTIA A+ Certified IT Technician.
This is a very common problem on many systems, the task manager disabled is a very common virus/malware trick to stop you killing it. The solution for renaming the file is an interesting one, good call. If you want to 'regain' control of your computer, i.e task manager, the quickest way is to reset the registry key that the virus/malware has changed with a .reg file;

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

If you copy the above few lines into notepad and most virus or malware don't think anything of this so it is usually possible, then save it to desktop with and ext of .reg - in notepad you will have to save it as type 'all files', then type a 'name.reg' in the box. Once you have saved this file click on it, explorer will ask if you want to add it to the registry, click yes at the prompt and this will 'reset' this key and allow you to access task manager and kill the process(es) and then nuke it with a good anti virus/malware killer. As for preventing re-infection, I always have this reg file on my desktop and scattered around a few places in the computer just in case - And a great FREE anti virus/spyware/firewall/system monitoring software is COMODO Internet Security. Google for it, it is superior to many 'bought' solutions and you can't beat the price.
Hope this helps many people,
fearlessfred

nothing is working for me >< i cant find a 8digit forder or anything at all anything else i can try?

I have try everything and nothing seems to work i cant find anything cant download run or even open anything on my pc add/remove programs wont open, nothing seems to work but at the same time i dont see any weird folder anywhere ; ; if someone have any idea what i can do pls post it i been on this nightmare 19days :(

If a 67year old Illiterate Computer Dummie like myself can do it anyone can.
Just follow the instructions below:

Go into safe mode
Go to files and folders
find the Restore system folder.
Allow the 'restore system' to back date and restore your computer to a day before the virus entered.

I can't believe I did it.......just saved myself $240.00.

can't do anything

Reformat.

I cleared this rogue piece of shit. Download Malwarebytes (FREE and great). Google it.
Works great. Also, when virus is running, go to Control-Alt_Delete. That will bring up TASK MANAGER. Find "Vista Total Security" running on the list, and go to "processes tab". Left click and when you see a file with a lot of numbers THAT is the virus. Click on it to show you where the file resides. Then DELETE it, and delete it again in RECYCLE Bin. You may have to delete it many times for it to go. It might say "you don't have permission". Keep doing it, and it will go. I killed the F__ker. SpyHunter has a new Securiy suite that is great. I just updated my SpyHunter for free. Worth it. They have good support and help you.

Hi guys

[Update] I followed the other people's advice, and deleted the Temp files that were associated with when the problem started, and then...

Well I just finished battling with this thing, and my best bet is that if any of you can open Task manager, go to the processes tab.

For me, the virus was listed as ave.exe and if you right click it, a window comes up saying 'End Process Tree'

I've done that, and services have been resumed. However, when I need to open up a programme atm, I'm having to right click and 'Run as Administrator' first.

I'm currently in the process of installing AVG software, and hopefully if there is any of the virus remaining, it should track it down and eliminate it.

Will report back soonModified by mh90 on 2010/04/29 02:34 AM

i have encountered this security lock just recently nothing on this site would work for me i was just going to give up,

this is what worked for me hold ctrl, alt, del like you normally would but keep it pressed down this would give you about 25 taskmangers and a box should come up saying it is infected ask you to buy the software with the 2 boxes yes or no hit neither and it will stay on the task manager then it should let you use the internet i had mozilla firefox go to google download spybot its a very good free virus melware fighter download it install it and hit search and destroy once open do a full scan and it takes a bit but it finds everything right in your registry once completed hit fix problems and it might look like on your tab in the lower right hand corner its still there but its gone move your mouse over the symbol that is that security virus it should just disappear then hit that box i was talking about earlier with the yes or no answer and say no that should get your system back to normal it worked for me

Hi,
Not sure if this will help, I have this problem at the moment and none of the removal step-by-steps have the right file names, but I'm lucky enough to be able to get into regedit and task manager. If you can get in to talk manager maybe through safe mode, the process on mine ran as an eight digit random number, so have al ook for one of those, and at leats you can stop the constant barrage of pop ups.