Vista Antispyware 2010 also known as Vista Antivirus 2010, Vista Guardian, Vista Antivirus Pro and Vista Internet Security 2010 is a rogue antispyware program that reports false infections and shows numerous fake security alerts as an attempt to trick you into buying the software. This program is installed through the use of trojans. When the trojan is started, it will download and install Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) onto your computer.
During installation, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will start a system scan and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) is scam, it is designed with one purpose to scare you into thinking that your computer in danger as a method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) from your computer for free.
Use the following instructions to remove Vista Antispyware 2010 (Vista Antivirus 2010, Vista Guardian, Vista Antivirus Pro or Vista Internet Security 2010)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian). MalwareBytes Anti-malware will now remove all of associated Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
Vista Antispyware 2010 (Vista Antivirus 2010 or Vista Guardian) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
drig, if you can`t create fix.inf or fix.reg, then download fix1.zip from here, unzip it. This archive contains both fxes.
hi, 2 days ago I scanned my infected pc with avira antivirus and erased all the threats it found. now i can’t connect to the network. how can I fix if?
please help me
Talie, what shows your browser when you trying open any site ?
Absolutely perfect !!! thanks a lot !
I’ve tried steps 1 & 2. But the Virus is still there. I can’t finish run the malwarebytes because the virus shuts it down after 15 minutes.
My computer cannot boot in safe mode either. I get the blue screen of death when I try.
Liz, start a new topic in our Spyware removal forum. I will help you.
hi, the file on my computer is pw.exe, not av.exe
do i have a more recent version of this virus? (if i cancel this process the pop ups stop, that is untilli i re-open firefox or do something similliar…)
so will this method still work for me?
paul, pw.exe is a new version of the rogue, but the instructions above will help you to remove it (just checked).
thank you so much it worked
Method 1 worked like a charm for me. Thank you so much! I was getting so annoyed by those alerts!
alright.. another victim here of this FREAK’N spyware!!
I already have “MALWAREBYTES ANTI-MALWARE” however everytime I click to run it.. it WON’T OPEN!! Why didnt MALWAREBYTES CATCH THIS SHIT???
btw.. I was able to open MALWAREBYTES as administrator. I ran the update and did a FULL SCAN! Hopefulley it will remove and quarantine this crap!!
Why didn’t it catch this so called “Vista Antispyware?”
btw.. I was able to open MALWAREBYTES as administrator. I ran the update and did a FULL SCAN! Hopefulley it will remove and quarantine this crap!!
my 14 year old daughter got this nasty virus on her laptop 2 days ago. I followed the instructions on this website, and everything is running fine.
Many thanks for your help.xx
Hey! Awesome Info! Vista Antispyware scam thing got into my computer somehow and would let me access the Malewarebytes’ AntiMalware I had installed a few months ago. By trying what you said it got it to work again. Thanks!! Should I delete the notepad you had us save? Please send me an email answering my question 😀
E-Mail: soulpro17 AT aol.com
(made the email years ago.. didn’t know what i was thinking about the name LOL)
Thank you so much!
So easy to use
Hung, yes remove the notepad file.
This worked like a charm. Thank you so much!
Awesome!!! I was so worried I could not do a thing. I updated my java which i thought was automatic O.o. Then I was able to get on firefox and luckily found this site. Step 1 worked for me so in abt the time of a restart it was gone!!!! Thanks guys yo are truly awesome!!!
It worked! I am surpised, most of these sites give bad or wacky info, this one actually worked. It was Method 2 that worked for me.
this worked really well. thank you so much for this information, a great service to counter these parasites!
You guys are fabulous!!!!! It worked just as you said!!!!!!! THANK YOU THANK YOU THANK YOU!!!!!!!! You will forever be saved to my favorites page!
THANK YOUUUUUUUUUUUUUUUUUUUUU!!!! THANK YOU THANK YOU!!! You are AWESOME!!! It worked! So easy so simple! THANKS ONCE AGAIN!
You are wonderful! I used method 1 because this crapware wouldn’t let me open any .exe files. I was able to open IE and download MALWAREBYTES because I had created a shortcut to a specific website, on my desktop, but couldn’t install it til I fixed the registry. It would ask me \what program do you want to use to open this program\ and give me a list. Why doesn’t someone bring these people to justice since the purpose is to extort money from the public. Just follow the money trail and see who’s receiving all this money.
It works..guy if you follow these instructions the right way you shouldn’t run into problems, remember go in the order of steps..use METHOD 1 only..the only reason for method 2 is for if another problem comes up..now the scan took me like a hour so Id say get the scan going and leave it to run for a while..when it’s done you quarentine.restart.then come back to the program and delete all of the infected files. Do it right and there should be no problems with your other .exe programs. I know we’ve all come to hate this trojan/spyware/virus thing..and I hope you all have luck working it all out. 🙂
Thanks a lot, removal went well… Kinda worried that it blasted right through my Firefox + ESET Antivirus + Windows Defender without blinking…
Virus removed but now executable files don’t have association. How can I modify the registry to get the system back to normal, ie recognizing executable files?
The 1st reg fix got me to the point where I could run the malwarebytes (which I tried to load in safe mode but the virus caught it there too). I am running a scan as I type and I just wanted to say thank you. It is nice to know there are people who out there writing code to help us stave off the malicious code writers who prey on people. Kudos to you
Ron, you need to repeat the step 1 above.
I REALLY DON’T UNDERSTAND STEP ONE AT ALL. PLEASE I HAVE AN ESSAY DUE TOMORROW AND I NEED TO FIX THIS.