Vista Virus 2012 has my machine locked up

Lenovo thinkpad / T61
July 16, 2011 at 18:10:37
Specs: Windows Vista Business, Intel Duocore/4GB
I have Vista business installed on my laptop. I contracted the vista 2012 virus from a media website(my fault :-( . I used Roguekiller to stop the popups through the registry but I still can not get explorer to work at all. I have no way to get to the internet that I can manage, in order to download and install updated virus definitions that get rid of this menace. I have a second healthy laptop connected to the internet and have used a jumpdrive to transfer the roguekiller software. I have several reports saved to the desktop of the affected machine which the roguekiller has returned, if needed.

This virus has rendered my machine useless for over a month now, can anyone please help? The suggestions posted to date do not address the total failure of explorer and a way to get to the definitions that are needed to load on the affected machine.

Greatful for any help you can provide

Best Regards


See More: Vista Virus 2012 has my machine locked up

Report •

July 16, 2011 at 20:07:53
Have you tried these methods?

windows vista 2012 virus removal

Report •

July 16, 2011 at 20:11:01

You mention: "...cannot get explorer to work at all..."
Do you mean explorer.exe, and therefore cannot get to the Desktop, or, do you mean Internet Explorer?

Do post the RougeKiller reports to see what sort of entries they are identifying.

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 17, 2011 at 18:29:41

Thanks a million for that software!, I loaded it and it got rid of the virus files. Bad news is internet explorer is not connecting to the internet still. I did a system restore to a point just before I contracted the virus, but no good, it still wont work.

As a side point, my system is running at max CPU speed and most everyting is real slow to open and react. I am afraid I may have done some damage tot he registry when I imported some spybot files into it to try to disable the virus. Do you have any suggestions as to how I can repair internet explorer?

Best Regards,


Report •

Related Solutions

July 17, 2011 at 18:40:38

One more thing, my e-mail account never stopped working, I could send and receive e-mails even at the worst time with the virus present. My side bar utilities,i.e. stock market report, weather monitor also worked and updated... they still do. What has happened?

Best Regards,


Report •

July 17, 2011 at 19:08:25

Go to Tools, Internet Options, Connections, LAN settings

In the LAN settings prompt, make sure it is set to:
Automatically detect settings

If not, change it, and see if you can connect to the Internet.

Also check the Hosts file:
Click on the Start button
A search box appears just above the start button.
Type Notepad in the search box.
Notepad will now appears above, in the programs area.

Right click on Notepad and select Run as Administrator

Now, in Notepad, click on File > Open, and go to this location: C:\Windows\System32\drivers\etc.
On the bottom right, select type of files as: “All files”
Then, select: Hosts
Click on the Open button
The Hosts file is displayed in Notepad

Sample Hosts file:
# Copyright (c) 1993-2009 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# # source server
# # x client host

# localhost name resolution is handled within DNS itself.
# localhost

Check to see there are no entries added by malware.

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 18, 2011 at 15:49:13

First thank you very much for your reply, I am now just as out of commission as I was before the virus was removed.

Now for your instructions: I found the LAN settings tab and found that the box; automatically detect settings was not checked. I checked it and hit ok. I tried to open explorer and got this message everytime I attempt to open:

This file does not have a program associated with it for performing this action. Create an association in the set association control panel."

I did not try your second suggestion yet as this may be a good clue. What do you think?

Best Regards,
Gregory McCord

Report •

July 18, 2011 at 16:38:02

Try the following:

If you were struck by malware, let's replace the shell in Vista:

Download shell.reg:
Save to the Desktop
Double-click on shell.reg
When asked to be merge the data, please allow it.

Next, download exeHelper from one of these two places:

Save the file to the Desktop.

Vista or Windows 7 users, right click the downloaded file and select “Run as Administrator"

A black window should pop up
Press any key to close, once the fix is completed.

Can you open explorer.exe now?

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 18, 2011 at 20:10:40
Another angle:

Can you open Regedit?
Press Start > ’R’ and in the Open box type: regedit

If not, press Start > ’R’ and in the Open box type: cmd
Press: OK
At the command prompt type (or copy/paste) the following commands, one at a time, and press ‘Enter’ after each:

cd c:\windows
copy regedit.exe

You should now be in the registry editor.
On the menu bar click ‘File’ and select: Export
Save the Registry as registry.bak.

If Registry Editor opened successfully, navigate to the following key:
Double-click the (Default) value in the right hand pane
Delete the current value data, and then type the following, exactly as shown, including the quotes and asterisk:
"%1" %*

Next, navigate to HKEY_CLASSES_ROOT\.exe
In the right-hand pane, Double-click the (Default) value in the right hand pane
Change the value to: exefile

Exit the Registry Editor.

Now, can you open explorer?

And, if not, one last option:

Use a clean computer and download FixNCR.reg:
(NCR = Name Changing Rouge)

Save the .reg file to a removable USB flash drive, external drive, or CD/DVD.

Insert the removable device into the infected computer

Open the drive letter associated with the removable device.

You should now see the FixNCR.reg file that you had downloaded.

Double-click on the FixNCR.reg file to fix the Registry on your infected computer.

Agree to the Registry changes, if prompted.

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 19, 2011 at 16:25:53

Thank you for your reply, I did as you suggested using a good machine and copied the download for shell.reg to a flash drive, I installed it on the desktop and double clicked the icon. In a very short time notepad came up and had this on it:

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

I tried to open explorer again,the same message came up about no association. I then tried all the other suggestions you made then the ones that were in your second reply.

Now frustrated I tried to install Mozilla Firefox. It installed and I made it my default browser. It tried to connect to the internet, no good. I then tried to open explorer again but this time from a different icon on my start menu. It opened and tried to connect to my default homepage. Still no connection to the internet.

I read in the doccumentation for the FTP protocol that several different ports are allocated for the internet connections. Is it possible that this Vista Virus 2012 destroyed the connection to the correct port? Is that possible and does anyone know how to repair that.

The issue of my CPU useage has not abated yet at all. The CPU is at 100% all the time and won't back off. What is going on here?

Any further help would be greatly appreciated, you folks have gone the extra mile so far and I am grateful.

Best Regards

Report •

July 19, 2011 at 19:35:15
Let's reset the TCP/IP Internet Protocol stack:

Click on Start globe
Type cmd in the Start Search box.

Now, press Ctrl Shift Enter (all three keys) to run the Command Prompt as Administrator in Vista.

Allow the elevation request.
At the command prompt, type the following, and press Enter: netsh int ip reset

When done, type: exit
Press: Enter

Restart the computer.

Can you connect now?

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 19, 2011 at 20:58:53
Just a thought...

Do you happen to have Norton installed??

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 20, 2011 at 05:28:47

No I do not have Norton, I have been using System Mechanic... past tense...
I will try to re-set the stack tonight and update you on the results. Thanks again for your help

Best Regards,

Report •

July 30, 2011 at 16:35:56
Well sorry for hte long absence... I tried to re-set the stack, no good. I felt that this thing was quite damaged so I contacted a computer repair service. The company was well reviewed and spent over 20 hours repairing my system. Wow what a major mess this system was. The virus damaged the registry, infected many hidden files and kept changing file names as virus software tried to detect it. Overall they used over 9 different anti-virus programs to scrup the system clean. It really amazed me how so many anti-virus programs missed different parts of the virus. My system is bether than new condition and I am only out 80 bucks. Those folks really did a good job and all by remote after they discovered why explorer was disabled.

Thanks to all who helped me!

Best Regards


Report •

July 30, 2011 at 19:13:02

Thank you for the update!! It helps us help others.

"Overall they used over 9 different anti-virus programs to scrup the system clean. It really amazed me how so many anti-virus programs missed different parts of the virus."

AntiVirus programs each use different virus definitions, and there is no 'one' perfect program that catches all.

"...after they discovered why explorer was disabled..."

Did they give you any indication of what they did to get explorer going?

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 31, 2011 at 06:58:42

What I know about the explorer issue is that this virus centers its attack on expplorer and any attempt to remove it causes more damage at each attempt. I can only say that the entire (explorer) file system had to be rebuilt. Explorer was actually replaced momentarily and then when internet access was established, it was rebuilt.

The initial process was time intensive and I was using a good computer to take programs and load to this one (infected) which took about 4 hours to complete. Then the ardious task of removing Vista Virus 2012 began.

The best advice I can give anyone that contracts this virus is do not follow self removal instructions that are posted on a lot of the help websites which tell you to add or remove anything from your computer's registry files. The virus is waiting for that; as was explained to me by

Best Regards,

Report •

July 31, 2011 at 08:48:38

Thanks for the info.

Have removed Vista AntiVirus 2012 quite a few times, as well as some of its 'associates', which are several. They are a pain.

We did not get far enough into the process, though, but the frustration that a virus of this nature can create is understandable.

Glad you got your computer working.

Good luck!!

Retired - Doin' Dis, Dat, and slapping malware.

Report •

August 1, 2011 at 06:19:42

Can you tell us the name of the computer repair service you used? We are having the same issue with our PC. Thanks so much


Report •

August 1, 2011 at 07:31:11
You'll need to repair the file associations in HKCR\. You can repair this manually, but it takes time and an in-depth knowledge of semantic file extensions, however, I would suggest locating a machine of the same OS flavour and, preferably, SP level, export the entire HKCR hive and import this using CLI reg add.

Once you've got your associations restored, you can attack the network connectivity issues (the correct fix is mentioned above).

Malware like this is frustrating, but incredibly simple to remove from the CLI, you just need to look up common malware load points:
A comprehensive list can be found elsewhere.

Report •

Ask Question