Vista Defender Pro is a rogue antispyware program, new one clone of Vista Antispyware 2010, which is rogue too. The program have labeled as rogue antispyware because it simulates scanning of computer, and reports a lot of false infections. Vista Defender Pro usually installed itself onto your computer without your permission and knowledge through trojans and browser security holes. Once started, the trojan will download and install the rogue and after that, will register Vista Defender Pro in the Windows registry, to run automatically when you run any Windows application that have “.exe” extension.
When Vista Defender Pro is installed, it starts the process of scanning your computer whose result is the discovery of the set of trojans, viruses and other malicious programs. Do not rely on these results, as they are, and besides, the scanning process – it is a fake. Purpose they have one, to force you to believe that your computer is infected. So you can freely ignore all that this fake antispyware will show you.
While Vista Defender Pro is running you will be shown a lot of popups, nag screens and fake security alerts from Windows task bar. Of course, all of these warnings and alerts are fake and like false scan results supposed to scare you into purchasing so-called full version of the program. So you can safely ignore all that Vista Defender Pro gives you.
As you can see, Vista Defender Pro is scam and designed only for one – to trick you into buying the software. If you find that your computer is infected with this malware, then be quick and take effort to uninstall it immediately. Use the removal guide below to remove Vista Defender Pro from your computer for free.
Use the following instructions to remove Vista Defender Pro
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Vista Defender Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Defender Pro infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Defender Pro. MalwareBytes Anti-malware will now remove all of associated Vista Defender Pro files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Defender Pro creates the following files and folders
%AppData%\ave.exe
Vista Defender Pro creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
I am running Vista operating system. I know I need a life and a new os. This is the second version of the malware I have been infected with. Just a plain big pain. But you guys are the best geeks in all of Geekdom!!!!! Thanks so much for helping. Method 1 did not work. Method 2 did first shot.
thank you so so so much … you saved my PC…
You Are Very Awesome… 🙂 Peace My Good Friend
I tried to follow the steps for both methods but it won’t let me open with command or notepad. I can still run Mozilla firefox but no other programs will open. What should I try now ?
I’ve done Method 1 out of Step 1, and downloaded MBAM and scanned laptop – it seems fine but is there any way it could still be there and copy my passwords etc although there are no more pop ups? Is there anything else I need to do to be totally sure? I’ve searched the registry for ave.exe and the results that came up seem unrelated.
I think the other registry keys mentioned on this site are gone now 🙂
Many thanks!
Method one worked temporarily on the pop ups but I can’t get on the internet to download the malware. I’m using vista…clicked start then typed in command then enter. In the black screen I typed in ipconfig /flushdns and entered. It says “the requested operation requires elevation”. I still can’t get on the internet and now the pop ups are back.
I did update Malwarebytes, actually it updated automatically after finish installing. The scanning result said that there’s no Malware detected. The next day I update it and scan again, the same result came out. And my computer is working normally these few days, there’s nothing weird popping up. Does that mean it had been removed sucessfully? I’m worried because according to your instruction there should be a list of infected item after scanning.
Mandy, open a new topic in our Spyware removal forum. I will check your PC.
jodee, repeat th first step, then Click Start, Run, type regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
Reboot your computer, run Internet Explorer and try download Malwarebytes.
Sunny, try run malwarebytes and perform a full scan. Also you can search “ave.exe” file through Windows search and remove it, if it has found.
Thank you so much, method 1 worked a charm.
Hi thx for gr8 topic. method 1 works for me and i got rid of that thing.
TY SO MUCH IVE BEEN HAVING PROBLEMS FOR SO LONG METHOD 2 FAILED AS SEEN ON OTHER SITES BUT METHOD 1 WORKED SO QUICK I <3 for the help. My vista does have run and method 1 seemed risky but it worked 😀
Thank you,Thank you so much
Hi,
I tried both the methods and restarted my laptop each time but still upon startup, I get the Windows Security Centre & the Vista Defender- Unregistered Version and the scanning begins. I cannot open the Internet Explorer to download Malwarebytes as it says Vista Defender has blocked a program from accessing the internet and also ‘Internet Explorer alert. Visiting this site may pose a security threat to your system’ appears.
I really need some help. Thanking you in advance.
Shirly
Did Method One. Not sure if it worked, scanning now, updated Malwarebytes last night. If it does not work I’ll try Running Method 1 as an admin, reboot and try Malwarebytes again, if that doesn’t work I will try Method 2. Thank you for this guide, the world needs such a balance.
I have performed both methods and have made sure it was up to date. Malwarebytes finds -no- infections, and yet ‘Spyware Doctor’ found numerous infections.
Thank you very much, Method 1 worked like a charm :3
Shirly, repeat first step. Once finished, don`t reboot your PC.
Click Start, Run, type regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
Run Internet Explorer and try download Malwarebytes.
Thanks so much, all of this worked. Unfortunately, I did this AFTER having believed it, and paying around 40 dollars for it. What does this mean? Will they just take that amount of money or more from my account??? Help!!
Thanks a lot.I followed the method1 by copying the commands into a pen drive from a different laptop and executed them in the infected laptop and reboted the laptop.Malware is no more…I am so happy and relieved now..You are Awesome..Thanks again
Dani, contact your credit card company and tell them what has happened (make a chargeback).
The first didnot work… but the second one worked awesomely.
Thank You so much bro.
I m glad there is people like you helping up idiots like us!
Thankyou so much for this, it worked perfectly! I went on my computer this morning to find nothing but pop ups and notices from vista defender and i couldn’t even get on the internet my computer was so infected, i had to look this up on my dads! was really uncovinced this would actually work as the problem seemed so bad and i know NOTHING about computers! but the method 1 instructions were even simple enough for me to follow and after restarting the pop-ups have stopped and i can get on the internet again, yay! just running the malware thing now, thanks again xxxx
Method 1 did the trick, thanks I am running a scan now should clean it up nicely, this site was very helpful, this website ROCKS!!!!!!!
Thank you ever so much for this wonderful web page. . I seemed to have caught this malware virus watching live footy streams last week and ever since then i’ve had nothing but hassle similiar to previous comments.
Now im a bit of a dummy on computer, however i easily followed stepo number 1 method 1 then went on safe mode to download spyware app.
two small problems i had was i didnt include the title of the version in method 1. however quickly changed it when it didnt work.
the other was i had to right click on the setup of the spyware app but once i installed the software it worked a dream and now im on this website from my computer now instead of reading it off my 3g phone 🙂 Happy Days !!
Much thanks again, , and as a previous post said if yer near glasgow i owe u a right good drink up !!
Martin Glasgow Scotland 23rd Apr 10
Thank you very much for this fix. Method 1 worked great. You saved me from throwing my PC through the window in a blind rage!!!!!
Awsome work man thanks for the help. Method 1 worked for me! The only regret i have is that I fell for the virus and payed for it. Is there any way i could get my money back?
Thanks guys, method 1 worked great and was pretty speedy – I have three more finals to write starting tomorrow, all my notes are on this computer… you saved my butt.
Thanks. I ran step one and it seems to have got rid of Defender. However, any internet related program now does not work at all. Also regedit comes up blank and won’t open and I get “Windows cannot open this file: File: regedit.exe”.
So, no IE, Firefox, or any way of getting online.
Aaaargghhhh.
Method 1 didn’t work so we gave method 2 a go… Worked like a charm. Thank you so much.