Vista Antispyware 2011 is a rogue antispyware program, clone of Vista Antispyware 2010. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to scare you into thinking your computer in danger. It hopes that you will next purchase its full version. So, do not trust anything that this malware will display you and remove Vista Antispyware 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues, Vista Antispyware 2011 is installed via trojans without your permission and knowledge. During installation, the program will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, Vista Antispyware 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!
While Vista Antispyware 2011 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Antispyware 2011 detected 29 critical system objects.
Last but not least, Vista Antispyware 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Vista Antispyware 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Vista Antispyware 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Antispyware 2011 and any associated malware from your computer for free.
More screen shoots of Vista Antispyware 2011
Use the following instructions to remove Vista Antispyware 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Vista Antispyware 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Antispyware 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Antispyware 2011. MalwareBytes Anti-malware will now remove all of associated Vista Antispyware 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Antispyware 2011 creates the following files and folders
%AppData%\pw.exe
Vista Antispyware 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thanks worked a treat and mbam found a hole heap of others that trend micro wasn’t picking up
Excellent tutorial (method 1). I previously had found and deleted the actual programs myself but was unsure what registry keys it mucked with. It seems that it took out the system restore points too.
Thanks a ton!
you’re a genius!! thanks so much! i used method 2 and it worked great
it got rid of the virus (or at least it doesnt pop up now) but now I cannot open any .exe files. (one the one user name that was infected) whenever I try my computer just asks me which program I want to use to open whatever exe I’m attempting to open.
thanks method one worked great i was kinda worried when all that stuff started popping up this was a great help
Omg… I couldnt go on the internet at ALL. So i used safe mode and typed the whole method 1. it worked. thanks alot!. Will let ppl know about this in the future!
This worked amazingly. WOW ! Thank you sooo much for saving me the time, the money and most importantly my sanity. And the computer has been spared too from a potential physical assault. I did method 1 and it worked a treat. Pop ups have stopped. Now scanning my computer with malwarebytes. After this experience, I’m going to ditch McAfee Total Protection which could not pick up the virus, and who’s support people wanted to charge me $130 AU to fix the problem even though their software failed to protect my computer from an old virus ! Go figure. Thanks guys – you are great !
I’m currently trying to destroy this rather nasty piece of malware. Just a point to note, thed version I have the *.exe is called uty.ext, not pw.exe as mentioned above. Hope this helps.
Thanks. Worked a treat ! You guys are fantastic!
Lucas, you need to repeat the step 1 above.
those scammers should be shot they prey on vulnerable people who dont know how to use computers scumbags thanks for the help
Computer will not allow me to bring up command prompt. Any suggestions??
My search field is also disabled,along with internet access,installing or running anti-virus programs?HELP!
This works, thanks!
Other methods, for example using Rkill are stopped by the malware from the register. Of course, tring to fix the registers manually won’t happen since not even regedit runs.
I was about to format my hard drive but this (and Malwarebytes) saved me!
I want to thank you guys.
I followed your method and it worked!
I usually don’t trust these things but I had no choise.
Thanks!
Thanks, #1 worked great! But I was reading something on another website to get help with the fake antivirus thing, and it said something about the rootkit still being there. Since I’ve done the steps in number one and the whole Antivirus 2011 Vista thing seems to be gone, is the rootkit gone too?
Jeff, you need to use another computer to make fix.reg or fix.inf scripts. Once complete, copy both files to infected computer through usb/flash drive or CD disk.
Michael, open C:\Windows\System 32 folder.
Click Organize, Folder and Search Options. Select View tab, uncheck “Hide extensions for known file types” and click Apply and OK. Locate cmd.exe file, right click to it and select Copy. Click Organize, Paste. Locate cmd – Copy.exe, right click to it and select Rename. In type field, remove all text and type cmd.com and press Enter. Press Yes to confirm it. Now run cmd.com and follow the steps above.
Hey, none of my programs or applications will open to try any of these tuturials. Help?
used other laptop so i could find this.
cross checked with google or this site wasn’t the following up scam to get an other virus on it.
(happy to say it wasn’t)
Used a flash drive for not having to type al those lines because i know i would have messed up.
tryed option 1 failed, error message
tryed option 2 worked. reboot
reboot failed… pc crashed.
boot up in safe mode… installed malware
no internet connection in safe mode so no update.
perform scan but it didnt found the virus.
reboot normal windows.
updated malware
scan again and found 1 virus. I guessed there
would be more.
reboot
no more popups
can go on internet again.
now performing a full scan 2 be sure.
typing what i have done here to show my thx for the creators of this post/site.
thx alot!!!!!
thank you very much, “method 1” worked perfectly
Thanks for this it was fantastic worked wonderful do appreciate your time and effort
Saved my life! Used Trend Micro to remove the infestation but my registry was a mess and the simple tool fixed it. THANK YOU! Downloading an purchasing – it’s the least we can do!!
Cant thank you enough… option 2 worked for me and looks like ive managed to get rid of it.
okay i found a much easier way to fix this
hope this will helpe u guys
1 start task manager, find the ‘3-word’.exe (can be nlk , xtp or whatever)that has around 11000k under memory
2 end task
3 go to the search bar and type system restore
4 right click it and select run as administrator
(must do this or the XXX.exe will run again)
5 pick a time that your pc was not infected
6 wait for system restore and you pc should be good again
7 run some online anti-virus scan just in case
OMG!You have just made my day. I thought I was doomed for sure. Tried method 1,it worked perfectly. I get a little scared playing in the black screen, but instructions were right on the money and easy to follow. Wish I would have had this when I was trying to fix my father-in-law’s computer. This was so easy. Thank you so much!
Help – I’ve tried everything
Ran both methods 1 and 2
Installed Malware and removed virus
rebooted
Virus gone but internet won’t work
re did steps 1 and 2 (and yes I disabled UCA control)
checked for more viruses – none
internet still won’t work
Tried advice given to David and Jon, still no internet! Help
hey!
I have that stupid virus on my laptop, but I can’t go on the internet because of that (i’m now on a other computer)
But you have to download that program, but how can I do it if I can’t go on the internet ?:(
I called a computer service but they say to take a virus off the computer will take 3/4 hours… 🙁 please can you help me ?
THANK YOU 🙂
Tried both methods and they didnt work. the 2nd method when i turned the computer back on the antyspyware was still there.
finally finished…this is used…thanks alot…..