Vista Antispyware 2010 also known as Vista Antivirus 2010, Vista Guardian, Vista Antivirus Pro and Vista Internet Security 2010 is a rogue antispyware program that reports false infections and shows numerous fake security alerts as an attempt to trick you into buying the software. This program is installed through the use of trojans. When the trojan is started, it will download and install Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) onto your computer.
During installation, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will start a system scan and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) is scam, it is designed with one purpose to scare you into thinking that your computer in danger as a method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) from your computer for free.
Use the following instructions to remove Vista Antispyware 2010 (Vista Antivirus 2010, Vista Guardian, Vista Antivirus Pro or Vista Internet Security 2010)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian). MalwareBytes Anti-malware will now remove all of associated Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
I tried the fix.inf and fix.reg. Now, all my programs open in notepad and are basically hieroglyphics. I tried Malwarebytes and cant download it. I tried hijack this and when I try to install it, it opens in notepad. Im lost. Help!
Amy, follow the first step above.
thanks so much! i have got rid of the Vista anti spyware pop-ups. however, now i keep getting pop ups from different webpages. it allows me to connect to google but when i tyoe anything in, i get redirected to these popup wesites!! one of them that keeps coming up is advancewaurd.org and showhold.org. is there anything i can do to get rid of these?
amy, probably your computer is infected with a trojan. Ask for help in our Spyware removal forum.
Hi Patrik,
Hi,
I was hit by a virus and/or malware about 10 days ago. I used programs like Malwarebytes, Ad-Aware and Webroot to temporarily remove them, however, upon rebooting the same malicious programs would attempt to hijack my web browser and otherwise cause problems with my system.
I visited this site and you suggested Kapersky. I downloaded it and it identified 4 main problems:
1) Net-Worm.Win32.Nimda. It located this virus on a file:
F:\DocumentsandSettings\Allusers……
This occurred when I was using a backup disc from an old laptop, and since it referenced a file on the F Drive,
I think the virus was on that disc. The Kapersky program said it could not disinfect this virus. I don’t know
if the virus went into other parts of my system. I took out the disc I was using with the corrupted file on it.
2) Rootkit.win.32.TDSS.d
3) Rootkit.Win32.Tdss.ai
4) Mal/TDSSRT-A
A Kapersky pop-up warning came up warning about the 3rd item I mentioned: Rootkit.Win32.Tdss.ai and asked if I would like to neutralize the threat. I clicked “Yes, Perform Recommended Action” and at the end of the action it automatically reboots the computer, however, this time my computer would not reboot.
Instead, I now get a blue error message screen that says:
A problem has been detected and Windows has been shut down to prevent damage to your computer. If this is the first time you’ve seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK/F to check for hard drive corruption, and then restart your computer.
Technical information:
***STOP: 0x0000007B (0x80399BB0, 0xC0000034, 0x00000000, 0x00000000)
I cannot reboot in safe mode or any other mode without this error message stopping me.
I don’t know how to run CHKDSK/F if I cant reboot first. I have not attached any new hardware to this system (SONY VAIO) since I purchased it a year ago, but find this message interesting because it seems to reference the F Drive again. Can anyone please help me straighten this mess out??? Thanks!
This is amazing!!! IT works so well! Thank you sooo much for these tips!!! 🙂 Do you know anymore antivirus, anti malware programs like malwarebytes to prevent future trojans?
thank you,
chelsea
Dave, you have a Windows installation disk ? you can use it to back to a latest restore point.
Chelsea, you can try SpyBot and AdAware.
thank you! it works!:D
I have performed the first step, but does the second step require purchasing anything?
Rose, no, you can use Malwarebytes Anti-malware to remove any malware for free.
Thanks a lot. I followed Method 1 of Step 1 and Step2. It worked.
Thanks so much! Words can’t express! But one question. Is it ok to delete that notepad info I had to copy paste and save on my desktop?
Hi. I tried the 2nd method of step 1 and after rebooting, the programs seem to be working perfectly now – even windows defender and task manager. Is it necessary for me to complete step 2? Tahnk you ever so much!
Can`t thank you enough only had the virus for 11\2 hours but was really irritating.Got rid first attempt.I now keep getting a message from Windows script host telling me there is no file extension in C\windows\system32\180000. Could you please advise
mic, yes, scan your computer with Malwarebytes or another good spyware remover to remove any related malware files.
Phil, open a new topic in our Spyware removal forum. I will check your PC.
Once again, thank you so much for taking the time to help. Another question – can the fix.reg file be deleted now or do i still need to keep it?
I’m glad I found this website. On my computer doing the notepad step 1 and 2 couldn’t be done. All I could do was just open the notepad but then that was it. I didn’t know what to do with the instructions. The web wasn’t working on my comp b/c of the virus so I had to download the antispyware to a cd from another comp and install it on my laptop. However afther the program finished scanning and found the virus it was asking for me to buy the program in order to get rid of the virus. I didn’t buy it so I figured I’d just restart the comp to see what would happen. Thank God that when I reboot it that the virus wasn’t there anymore. However the web shortcut on the desktop wasn’t working so I use the one from the start menu and that one worked. Hope this will help someone and I hope that nasty virus don’t bother my comp no more.
Hi
Ran both method one and method 2. The second I try and run either IE or Firefox the stupid file comes up.
Any other suggestions. I will open a file in spyware removal as well.
Kind Regards
ShenLun
mic, of course you can remove fix.reg 🙂
Scott, repeat first step (before “reboot your PC”), then follow the steps below:
Click Start, Run, type regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
Reboot your PC.
Run Internet Explorer and download Malwarebytes.
This actually works!!!!! I had issues running notepad though. If you cant open it through run you have to go to C:WindowsSystem32 and look for notepad.exe (it has the notepad icon) if the computer doesnt know what program to use click browse and find notepad (use search bar for C: if needed). I also mispelt registry in the title line for step 1 “Windows Registry Editor Version 5.00” I spelt it registery (with an “e”). Don’t make the same mistake!!! When saving don’t forget to save under All files. Hope this helps
Completed both steps and everything working again so thanks for that but when I run Malaware (which I already had) no infections or problems are found. Any ideas why? and what can I do now to remove the virus?
Thank You, Thank You, Thank You! I deleted Vista Antispyware 2010 myself with a different virus scanner, but when I couldn’t open any of my programs I thought all hope was lost. Then, just as I was about to give up, I found this site!!! It solved the problem in under 5 minutes!!! So onece again Thank You to this site, it saved my computer!!!
Steve, you need update Malwarebytes before scanning.
please help!!!
i completed step 1 and 2 yesterday and it worked when i came back on today and went on the internet it had come back so i tried doing step 1 again and when i rebooted to do step 2 some programs have gone missing from the taskbar and when i try to run malwarebytes it says :[ this file does not have a program associated with it for performing this action. create an association in the set associations control panel]
so i thought maybe i had done the first step wrong , so when i tried to type command in the start run it says the same thing
please help me what should i do now
its me again i have managed to do step1 and 2
and it worked for now but is it going to keep following me when i surf the net is there a way to stop it from doing this as im to worried to go on the net now. i have avg free but this doesnt seem to be catching anything is there anything i can download to help me. thankyou for your help
This site is made of EPIC WIN. That was probably the most annoying rogue ever. Thank you so much for the instructions! *hands you a huge plate of cookies and brownies* 😀
dillinja,
1. install an antispyware program with autoprotection (SpyBot, AdAware are free).
2. Many of the exploits are directed to users of Internet Explorer, use only an alternate browser – Firefox or Opera.
3. Be careful when opening attachments and downloading files.