Vista Antispyware 2010 also known as Vista Antivirus 2010, Vista Guardian, Vista Antivirus Pro and Vista Internet Security 2010 is a rogue antispyware program that reports false infections and shows numerous fake security alerts as an attempt to trick you into buying the software. This program is installed through the use of trojans. When the trojan is started, it will download and install Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) onto your computer.
During installation, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will start a system scan and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) is scam, it is designed with one purpose to scare you into thinking that your computer in danger as a method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) from your computer for free.
Use the following instructions to remove Vista Antispyware 2010 (Vista Antivirus 2010, Vista Guardian, Vista Antivirus Pro or Vista Internet Security 2010)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian). MalwareBytes Anti-malware will now remove all of associated Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thank you sooooo much! This has saved me (and my laptop)! 🙂 4ever gr8ful!
This worked great! You are awesome!
FYI – I tried another program and could not remove this trojan. Followed your method here along with the software and it worked!
This the best program ever!! Everybody can do it and get rid of the stupid Vista guardian crap program!!
recommended by 100%
Thx for your help!!
Thank You! Thank You! Thank You….a million Thanks Yous! You just saved me $130. I’ve been on the phone with Norton for what seems hours. They wanted to charge me way too much money to remove this nasty virus. Did I mention how thankful I am?
tnx very much!!!! this is the best.
100% guaranteed, i recommend every one to get rid of the stupid vista guardian program!!!
Thank YOU…..WORKED PERFECT
oh my god is working …
i goggle every single word to look for an answer and you the only one ho is rely helpfully
thanks man and i love
Success!!!
IT WORKS! YIPPEE!! I’m SOOOO relieved. Especially the tip how to get the exe files running again was just what I needed. THANKS SOOO MUCH!!!
i tried malwarebytes but no succes;even tried on normal and safe mode. did try spyware doctor still no joy. please help
Bryan, then ask for help in our Spyware removal forum.
THANK YOU! IT WORKED! TY SO MUCH!!
Very nice, this works wonders.
Thanks! worked just fine!
im on a friends laptop here, i just got this vista guardian crap popping up on my laptop and it wont let me even access the internet. is there anything that can be done for me? obviousli i’d try this method but cant download on my laptop as i cant acess a web page.
please let me know – would be very appreciative
sara, go to step 1. Once done, try download MBAM, if it is blocked, then download it to another PC, then move the file to infected computer using flash disk or cd disk.
Are these registry entries safe to delete? Or do I need a tool to properly handle them? (btw, thank you very much for the recourse! All other entries I’ve found for this virus seem oudated with references to other executables and registry values)
Remove these keys:
[HKEY_CURRENT_USER\Software\Classes\.exe]
[HKEY_CURRENT_USER\Software\Classes\secfile]
[HKEY_CLASSES_ROOT\secfile]
[HKEY_CLASSES_ROOT\.exe\shell\open\command]
And restore to defaults:
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
Hmmm, I was only able to locate the first two registry keys, and I removed them. This appears to have fixed the problem though!
[HKEY_CLASSES_ROOT\secfile]
and
[HKEY_CLASSES_ROOT\.exe\shell\open\command]
did not appear to exist on my machine, and
[HKEY_CLASSES_ROOT\.exe] was still set to the default.
This strain has been a pain, but it looks like it’s taken care of now. Thanks for the help! I had a hell of a time located anything that would help me sort this thing out, you guys are awesome!
Words cannot describe how much I love you for the help these instructions gave me!
@Sara;
Do you have a flash drive? If you do, why not just do step 1 *just don’t open it* on your friends computer and put it on the flash drive? or burn it to a CD for that matter. Save MBAM and put it on it as well.
Didn’t help at all, I’v still got the same problem.
sooooooooo awesome thank u sooooo much it worked perfect
I ran what you stated here and the results after the first time, the malware popped back up again. Ran the step a second time and documented what was going on. Again it was confirmed that the files checked were deleted. Here is the info:
Error: C:\Users\Owner\AppData\Roaming\Malwarebytes’\Anti-Malware\Logs\mbam-log-2010-02-06 (15-38-23).txt is not a valid Win32 application.
Vendor Category Items
Malware.Packer.Gen Memory Process C:\User\Owner\AppData\Local\av.exe
Malware.Packer.Gen File C:\User\Owner\AppData\Local\av.exe
Spyware.OnlineGames File C:\Windows\Setup\SCRIPTS\START.EXE
Trojan.Fakealert Registry Key HKEY_CLASSES_ROOT\secfile
Hijacked.exeFile Registry Data HKEY_CLASSES_ROOT\.exe\(default)
After I receive Error and Click OK, Confirmation box appears and states that all checked items were successfully deleted.
Widows box appears stating that Malwarebytes had stopped working.
Hit Close Program.
Restart Computer.
Ok desktop is now back up and the malware seems to be gone. My explorer seem to have moved, but I was able to access the internet and to my home page.
My suggestion for those who tried the first time to go back and repeat the steps again. Because I had confirmation of the malware that was deleted the first time and ran the steps again a second time and it seems to be working now.
P.S. Someone should notify Microsoft of their own malware and the profit their making off of their own product and SUE their butt’s off.
I have Norton Anti-virus 2009 and I used Webroot Spy Sweeper both claimed that my notebook was secure. Norton found cookie tracker and deleted it but did not remove the malware. Spy Sweeper found nothing. The security setting on my notebook also stated that I was secure.
Try repeating the steps again. It worked for me.
I owe you a big pint!!!!
Deleting av.exe kept explorer.exe from functioning properly but your reg file sorted it and allowed me to delete av.exe and then carry on with mbam.
Thank you 😉
Why does this not automatically delete future attacks on my notebook from the same malware?
What I mean is that when I went back to surf the net the stupid malware leeched onto a different site I was going too and were back to square one again.
Is there a program that will stop this malware before I go to any other site?
I tried to do step 1. Repair running of .exe files and it won’t let me open up notepad…can’t copy text into…what next. My other computer is an old window and doesn’t know vista for flashdrive transfer. Help..I am not the brightest in computers.
ELLE, you should have:
good antivirus
an antispyware (SpyBot is free and good, or full version of Malwarebytes, …)
alternate browser (Firefox, Opera)
firewall (Zone Alarm, Comodo, …)
be careful when opening attachments and downloading files
Jo, go to c:\windows\system32, look for notepad.exe and rename it to notepad.com. Run it and follow the steps above.
Note: you need uncheck the “Hide file extensions for known types” option before doing it.