Vista Antispyware 2011 is a rogue antispyware program, clone of Vista Antispyware 2010. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to scare you into thinking your computer in danger. It hopes that you will next purchase its full version. So, do not trust anything that this malware will display you and remove Vista Antispyware 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues, Vista Antispyware 2011 is installed via trojans without your permission and knowledge. During installation, the program will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, Vista Antispyware 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!
While Vista Antispyware 2011 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Antispyware 2011 detected 29 critical system objects.
Last but not least, Vista Antispyware 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Vista Antispyware 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Vista Antispyware 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Antispyware 2011 and any associated malware from your computer for free.
More screen shoots of Vista Antispyware 2011
Use the following instructions to remove Vista Antispyware 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Vista Antispyware 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Antispyware 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Antispyware 2011. MalwareBytes Anti-malware will now remove all of associated Vista Antispyware 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Antispyware 2011 creates the following files and folders
%AppData%\pw.exe
Vista Antispyware 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Method 1- wouldn’t work due to an error.
Method 2- worked brilliantly first time!
Thanks a lot!
Thank you very much. This worked very well. I am really grateful that there are people like you makeing posts like these to help people. Thank you.
Neither method worked. Windows comes Up with a message for both when I try to run the app ”failed to open’. As for the comment for David telling him to run ‘regedit’ there are simply no results for this whatsoever… Thanks anyway guys 🙁
I never leave any comments but I really have to thank you. Everything worked just fine with method 1. Saved my laptop. Thanks again for taking time to help others.
click Start, Run, type in search field: regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\fda.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
Repeat the previous steps for Firefox, HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ FIREFOX.EXE
how to do this and wat does it mean can anyone explain
Thank you thank you
Method 1 did not work. Like Jess (March 18), I got error message that stated cannot import, is not a registry script. The advice from shuusos (April 10, 2011) worked like a charm though, and was so much easier. Thanks Shuusos!
K so I went with option 2, downloaded malwarebytes from wifes PC and did scan then deleted the threats and now my PC will NOT boot!!!! Please tell me this program didn’t just wipe out my boot file or my whole hhd??? seriously…. :*(
Method 1 appears to have done the job – so so grateful guys, thank you so much.
Thanks so much. This vista anti spyware caused a havoc to my system. Now its all set right. thanks again
Thank you a million, I can breath now, this is a nasty virus, I went to a store they asked me for $200 to remove the virus…yeah believe it. Thank you again
I did step 1 and downloaded Malwarebyte’s thing. It seemed to work. However it came back two days later. I did the same thing and hopefully it worked this time.
What really pisses me off is that Microsoft Security Essentials can’t seem to detect it.
Thank you so much saved me a lot of time and money.
Used method 2. Awesome.TY TY TY
THANK YOU SO MUCH. It is websites such as this one that restore my faith in the goodness of humanity. My version was calling itself “Win 7 Antispyware 2011”, and method 2 of step 1 worked for me.
Thank you so much for posting a solution to this virus! Your awesome, keep up the good work!
So I did the first method, and it worked! Thank you so much! It worked so good in fact that after I restarted my computer, Vista Anti-spyware 2011 didn’t pop up, so I don’t need to download the other program at all. Did this happen to anyone else?
Again, thank you for saving my computer!
This happened to my computer, I took it to pc world and they have cleared it of infections. I entered my credit card details to purchase the full version. what do i do?
This worked like a charm!!! Thank you!!!!!!!L
Just tried this and it looks like it worked. THANK YOU! THANK YOU! THANK YOU!
THANK YOU THANK YOU THANK YOU!!!!!! I needed to use google chrome for a project, but this malware thingy came up. I couldn’t do anything on my computer, and I thought that the thing was real at first!!
I used method one, and everything worked out fine for me.
Once again, THANKS FOR THE INFORMATION!!!
the vista antispyware wont let me get on internet so u do i get malware? please help, im very sad my laptop is breaking 🙁 thank you
Thanks for this info. Can I ask, should it still work if you just open Notepad from the desktop rather than doing so via the command prompt? This is what I did, and it doesn’t seem to have worked, but for some reason I can’t seem to open the command screen! Many thanks
Hi! A friend who had the vista antispyware 2012 virus too recomended me this. I tried to open command but the virus blocked it. So I went to my administrator on my computer, made the 2 files, putted them on stick, went back to my user profile, putted them on and the virus blocked it already again. Would it be better if I made them on another computer? Or should I do something else. I already had malwarebytes anti-malware on my computer and the program also won’t let me open it. Can you help me?
I saw on another webpage that I should download the rsit file. I did that. Should I upload it somewhere so that somebody can check or…?