Vista Defender Pro is a rogue antispyware program, new one clone of Vista Antispyware 2010, which is rogue too. The program have labeled as rogue antispyware because it simulates scanning of computer, and reports a lot of false infections. Vista Defender Pro usually installed itself onto your computer without your permission and knowledge through trojans and browser security holes. Once started, the trojan will download and install the rogue and after that, will register Vista Defender Pro in the Windows registry, to run automatically when you run any Windows application that have “.exe” extension.
When Vista Defender Pro is installed, it starts the process of scanning your computer whose result is the discovery of the set of trojans, viruses and other malicious programs. Do not rely on these results, as they are, and besides, the scanning process – it is a fake. Purpose they have one, to force you to believe that your computer is infected. So you can freely ignore all that this fake antispyware will show you.
While Vista Defender Pro is running you will be shown a lot of popups, nag screens and fake security alerts from Windows task bar. Of course, all of these warnings and alerts are fake and like false scan results supposed to scare you into purchasing so-called full version of the program. So you can safely ignore all that Vista Defender Pro gives you.
As you can see, Vista Defender Pro is scam and designed only for one – to trick you into buying the software. If you find that your computer is infected with this malware, then be quick and take effort to uninstall it immediately. Use the removal guide below to remove Vista Defender Pro from your computer for free.
Use the following instructions to remove Vista Defender Pro
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Vista Defender Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Defender Pro infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Defender Pro. MalwareBytes Anti-malware will now remove all of associated Vista Defender Pro files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Defender Pro creates the following files and folders
%AppData%\ave.exe
Vista Defender Pro creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
methord one worked great thanks
HELP! I tried method #1 but it won’t let. When I double click on fix.reg and after the pop-up window comes up, and after I press “Yes”, I get an alert pop up telling me “Cannot import C:\Users\Owners\Desktop\Fix.reg: Error accessing the registry”
Also, before I tried this, I attempted to download Malwarebytes to remove this virus and it will not even let me download it!
Lost and need help. Also, this is my first time trying to use the commands in method #1 and am new at all this. Please help.
John, try method 2.
Wow……
I was able to get rid of the virus successfully….
Thanks BOB!!
Yeh that works, the malwarebytes thing got rid of it with a smart scan. Cheers dude.
Malwarebytes removed this virus but now it keeps coming back, over and over. What can I do?
John, are you running your computer in safe mode when you try to run fix.reg? I had the same error then when I restarted and tried again it worked like a charm, scanning with MBAM now. Anyone know of some good preventative programs for BS like this?
im scared 🙁
John, open a new topic in our Spyware removal forum. I will check your PC.
Worked perfect using method 1. Thanks v. much for your clear instructions and for taking the time out to post the info!!
it must feel VERY good to save computers (and their owners) with this excellent how-to. I’ve been battling with this thing all day, but it keeps coming back, even after repeatedly running method 1. there’s a gap, then, hello again! how does this thing get in, for heaven’s sake? anyone have ANY idea?
Lisa, probably your computer is infected with a trojan that reinstalls the rogue. Please open a new topic in our Spyware removal forum. I will check your PC.
Many thanks for your invaluable guide – you saved my life (and my laptop)!!
I think someone else has posed this question – how does this thing manage to install itself even if I have Norton protection?
the 2nd fix you provided for Windows Defender Pro worked perfectly. Thanks
You are my hero! Really, thanks so much. 🙂
Martin, the rogue installs itself with the help of trojans that penetrate your computer through the use an exploit in the programs already installed on to your PC (Internet Explorer, Adobe Acrobar Reader, Adobe Flash player). Update all of them.
Hi there
im desperately trying to get rid of this virus!
Tried following method 1 but i only get as far as selecting run, then typing in notepad before all the pop ups start! It wont even let me open notepad as apparently its infected and i dont have privilages?? really dont understand i am the only one who uses the laptop so there is no administrator is there?
Any help greatly appreciated.
Jess
thank you so much, method 1 worked 😀
seemed to do the trick (method one) thanks
Jess, your need run a notepad from command (command console).
Manually fixed the registry (instead of running notepad I ran regedit … careful if you directly edit the registry). I also found the ave.exe file (hidden and set as system file) in users/yourusername/appdata/local. Used attrib -s -h to expose it and remove it. With task manager killed it to temporary stop the pop-ups. Reboot … then could access the internet. Downloaded and now scanning with Malwarebytes. Great suggestions in this page to remove this pesky malware … KUDOS!!!!
Thank you very much!!!! Both steps worked perfectly for me =)
I’m just hoping the virus doesn’t come back like it has for a few other people >.<
Oh! sorry, forgot to ask, is it fine to delete the fix.reg file from our desktop after the virus has been removed? or do we need to keep it there?
thanks
Method 1 worked perfectly. Thanks :D!
I followed method 1 and rebooted my computer. After rebooting my computer, the vista defender didn’t pop up anymore. Then I downloaded MalwareBytes to perform a quick scan. The result said no malware was found. Does that mean the vista defender in my computer has been completely removed?
Method 1 worked straight away for me. Have updated Malwarebytes, now and am running a scan to make sure everything is gone.
Jenn, of course you can remove fix.reg.
Sunny, run Malwarebytes and update it, then perform a scan.
Thanks so much – method one was very straightforward and worked at once. Thank heavens for helpful geeks!
Thank you, Ive spent the last 2 evenings fighting with this thing, out of the many the websites Ive looked up yours is the one that solved it, method 1 is easy and quick, much appreciated, if youre ever my way I will certainly buy you a beer!!!
Thanks again,
Steve, UK