Vista Antispyware 2011 is a rogue antispyware program, clone of Vista Antispyware 2010. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to scare you into thinking your computer in danger. It hopes that you will next purchase its full version. So, do not trust anything that this malware will display you and remove Vista Antispyware 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues, Vista Antispyware 2011 is installed via trojans without your permission and knowledge. During installation, the program will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, Vista Antispyware 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!
While Vista Antispyware 2011 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Antispyware 2011 detected 29 critical system objects.
Last but not least, Vista Antispyware 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Vista Antispyware 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Vista Antispyware 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Antispyware 2011 and any associated malware from your computer for free.
More screen shoots of Vista Antispyware 2011
Use the following instructions to remove Vista Antispyware 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Vista Antispyware 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Antispyware 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Antispyware 2011. MalwareBytes Anti-malware will now remove all of associated Vista Antispyware 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Antispyware 2011 creates the following files and folders
%AppData%\pw.exe
Vista Antispyware 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
I just want people to know that this works. I tried method 1 worked, so far at least. I’m just glad that this crap is finally off my laptop. Thank you so very very much.
Thanks fully “My Anti Spyware”, my laptop was shitted by email from “Mother Fucker Son Of The Bitch”. I have cleaned out spyware from my laptop. So easy to work on the step.
Thanks fully for you time and have a wonderful world.
Couldn’t use google to search a way to remove virus. Ran AVG, could use internet again some but not google. Went to yahoo. Found this site. followed directions for method 1, rebooted. and everything is working fine now!
Thanks so much! I’m glad I caught onto the fact it was a virus immediately, and very glad I found your site, thanks!
Amazing!!!! Thank you!!!!
I tried Method 2 and managed to get onto the internet to download Malwarebytes (I used to have it but my dad deleted it off my computer in favor of only MS Security Essentials, which, in my honest opinion, is a mistake). It worked and I now have access back to Security Essentials (the antivirus it blocked) and internet capabilities.
I’m currently running a full scan on my computer to make sure I’ve got every last bit of the malware out. This guide has been very helpful! Thank you so much for it! 😀
Life savers!!! Very clear and easy to understand and saved my computer. I was stressed for days but my friend found this and forwarded the instruction to me and now everything is all better. On behalf of everyone, I am sure, we really appreciate this!!!
AWESOME ,,,,,,i am really sooooo happy ,,i use method 1 ,,,,,,,and its great it removed all the shif offff,,,,thxxxxxxxxxxx alooot
Thanks for all the help and guidance .Step 1 worked and I could complete step 2 as well..the virus is out.Could not dw/l step 3 ..
Thanks for ur time and effort for these steps
I’m having big problems with this…
Tried fix#1….. Error
Tried fix#2….. seemed to work
Reboot computer and after initial loading I get a black screen… In normal and in safe mode!
Anyone else have this happen to them?
you guys rock! Many thanks!
Method 2 worked great! Thank you!!!
it seems that when I tried method 1, things even got worse. now,i can open any of my applications. each time I try to open my browser, i get a message box:
choose the program you want to use to open this file
file:iexplore
recommended programs”
Notepad
Microsoft Corporation
etc…
any help would be appreciated
thank you
sorry, I meant to say I can’t open any application
thank you very much
Thank you muchly. Method 1 worked like a charm. no more VAS2011 😀
Just wanted to say what a massive help this was. Will definitely be buying the mal-b software!
I advise anyone trying this out, to simply copy and paste the command lines into notepad ( transfer from a working computer if necessary) as I’m guessing a made a few mistakes when I tried to type it all in myself!
Thanks again!!!!
Thanks a lot for your help!! You saved me 🙂
Option2 worked, much appreciated, looks like malwarebytes has found a whole stack of other infections too. I’m kind of glad I got this infection to sort all the others out!
Cheers.
Method 1 would not work but method 2 worked perfect.
I learned a lot through this process and am really happy this has been removed. I am disputing the charge on my credit card and would encourage everyone else to do the same.
Tried Method 1 and 2 and neither worked. Got an error with Method 1 and when I clicked Method 2 it did nothing. The UAC is off and I still couldn’t get it to work. I am currently running Malwarebytes now. Had to download it on my computer and install it on the laptop that is infected via the network. It is hubby’s laptop and my computer knowledge is limited. I’m about to tear my hair out.
Just an update….ran the Malwarebytes and removed the infections and rebooted. Laptop works fine now. Should I try running Method 1 or 2 now to repair exe files since it didn’t work in the beginning?
Thanks for the help. I was really tearing my hair out and it isn’t even my computer! lol
That thing was annoying! I used method 1 and it worked like a charm! Thanks a ton!!
I wasn’t originally following methods here as someone from IT at work said to download malwarebytes from non infected computer and then run full scan as an administrator. I did this and the popups etc stopped but could no longer open any exe file. This was the only site on the entire web that I could find when searching for this particular subsequent problem (same issue as comment from Lucas on 31st march 2011 adn reply from Patrik on 1st April). I did as Patrik said (required a bit of fiddling). The fix.reg didn’t seem to work (according to on-screen message)but once rebooted it all seems OK now. YOU GUYS AND GIRLS ARE AN ABSOLUTE BLEEPING LIFESAVER!!!!!
Every one is making this way to hard
Go to ” system restore” restore it to the point before you first noticed it.
If you have gone back far enough the icon will be gone from the task bar
How I got mine was clicking on site that said my Java needed to be updated,
DAH to me because when it needs to be updated it appears on my taskbar not on a site.
on the vista antispyware 2011 page
On the VIEW section of the web browser–under SOURCE
(which I wish I had Copied) It even said Java Needed my confirmation
So just look at your source and you can see how you let it in
Good Luck to all
Lifesaver.
Am not a big computer person, but my computer suddenly started getting above messages. Method 1 worked like a charm. Malware then found 2 problems. THANK YOU!
My gf gets on my case cause I help people fix their cars for free. If it’s easy and I can help, then he’ll yeah I will help. It’s good to know there are other people out there with a similar philosophy. Thanks for helping me rid my laptop of that vista anti spy crap!
step 1- method 1 and step 2 both worked excellently! this virus infected my laptop during my exam period and i was very stressed over it but your solution was very clear to follow and worked straight away. i am so grateful, thank you!
this solution worked excellently! step 1- method 1 and step 2 were both very clear to follow and removed the virus effectively. the problem occurred in the middle of my exam period and i was very stressed but this solution fixed the problem within an hour. thank you so much, i am very grateful
THANK YOU!!!! I had to try Method #1 a few times before it worked, but it did. I found that just restarting the computer didn’t work, I actually had to shut down, wait 30 seconds, and then start it up again. But it worked 🙂 Thank you!