Vista Anti-Virus 2011 is a rogue antispyware program, clone of Vista Antimalware 2010. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to trick you into purchasing its full version. So, do not trust anything that this malware will display you and remove Vista Anti-Virus 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues, Vista Anti-Virus 2011 is installed via trojans without your permission and knowledge. Immediately after launch, it will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware applications.
Once running, Vista Anti-Virus 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!
While Vista Anti-Virus 2011 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Anti-Virus 2011 detected 35 critical system objects.
Last but not least, Vista Anti-Virus 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Vista Anti-Virus 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Vista Anti-Virus 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Anti-Virus 2011 and any associated malware from your computer for free.
Use the following instructions to remove Vista Anti-Virus 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Vista Anti-Virus 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Anti-Virus 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Anti-Virus 2011. MalwareBytes Anti-malware will now remove all of associated Vista Vista Anti-Virus 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Anti-Virus 2011 creates the following files and folders
%AppData%\hee.exe
Vista Anti-Virus 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Above are the best instructions I found for getting rid of so-called “Vista Anti-virus 2011.” Thanks! I used Step 1/Method 1 and Step 2. Worked like a charm. I noticed that the dangerous file that was ultimately removed was called dqe.exe. It’s description in the Task Manager was “steam.” Nasty thing.
Thanks for saving my mental health, this worked like a charm. If I had any money to give, I’d give it to whoever wrote this. Thanks again.
thank you very, very much. You saved my day, my computer and my study’s window! I was about to throw the computer out the window, when a friend called me and recommended your site (I couldn’t surf the net anymore thanks to the virus). Just followed the instructions and everything was fine. Thank you once again!
All three of you above are lucky about this one. Despite following step1/Method 1 and Step2, it’s still here. Once MBAM is downloaded onto the desktop, I can’t run it (with usual message: can’t run mbam-setup…exe as it is infected). Any other tips? Thanks!
Thanks for providing this information. It worked perfectly. I now have back the control of my daughter’s laptop that she uses at college. Again, THANK YOU!!!
Thanks a lot. I have tried the first method and I can’t see the exc file running in the task manager. I have McAfee so I scanned the PC with it and it couldn’t catch the virus.
I already have MBAM installed (used to remove Vista AntiMalware 2010). I now have this virus on my computer. Would I be able to create the fix.reg application on another computer (this one) and then put it on the desktop of my infected computer?
I’ll give this a try when I get home from work. It should be fine. Thanks.
Tried method 1 when I double-clicked on fix.reg i got a message “cannot import C:\users\..\Desktop\fix.reg: The file is not a registry script. You can only import binary registry files from within the registry editor.”
Thanks! Method One in Step 1 seemes to have worked for me. I could not access the internet on my infected PC. Luckily had another PC to read this website. I had to transcribe the text (instead of copy/paste) into notepad and then after the reboot, I could again access the internet on the infected PC to install MBAM.
Thank you thank you thank you
I chose method 1 and it worked first time up. Very sneaky virus that came through on email saying the parcel I ordered had arrived. I order books mostly so was surprised by the email. However when I opened it up the Vista Anti-virus 2011 software installed itself. Horrible little thing.
Regards
Shak, yes of course. You can create the fix.reg on another PC.
Thank you so much! I got hit TWICE by similar spyware this month! The first was the Vista Total Security, and then it was the Vista Anti-Virus 2011. I used method 1, Step 1 and worked fine for both instances. I noticed that I got the spyware when I did a search on google. When I clicked on one of the links, it would open up a different page from the actual URL to a page with “monster” in it. Shortly after that my PC was infected.
Thank you, worked perfectly. Step 1/Method 1/Step 2. However, it found only one infected file called ehw.exe.
Thanks again. Simone, April 1, 2011 (ps – this is NOT an April Fools comment).
Lawrence, check twice .reg script or try method 2.
Thank you very much for the person who wrote this page. It really save my life and time. I was thinking taking my computer to repair it. But with these simple steps, it really saved my computer. Thanks again hero!!!!
I used method 1, however several hours later the virus came back, is there a reason for this? what should I do to ensure it does not come back again?
I can’t get command to come up. Is there any other way to do this?
i still can’t open my explorer, so i won’t be able to download the programme… wt shoudl i do?
I just got “Vista Anti-Virus 2011” also by getting redirected to an ad on google. The process in task manager is “myj.exe” and it starts anytime i try to start any antivirus software, system restore, or opening command prompt or notepad. So, I cannot do step 1. Any ideas?
Nevermind! I ran SpyBot and its up and working now. The virus has been removed. The computer even seems more peaceful. No more annoying popups. Thank you!
jasleen, probably your PC is infected with a trojan that reinstalls the rogue. To remove this trojan, I suggest you to start a new topic in our Spyware removal forum.
Gille, try the following:
open C:\Windows\System 32 folder.
Click Organize, Folder and Search Options. Select View tab, uncheck “Hide extensions for known file types” and click Apply and OK. Locate cmd.exe file, right click to it and select Copy. Click Organize, Paste. Locate cmd – Copy.exe, right click to it and select Rename. In type field, remove all text and type cmd.com and press Enter. Press Yes to confirm it. Now run cmd.com and follow the steps above.
Leah, try to make and run cmd.com as i have posted in my previous comment.
AWESOME!!!! Thanks for these instructions! The best I could find.
I’m having the same issue as Melissa – can’t get explorer to open with the virus pop-up redirecting my searches. what to do?
Wow thanks. During the day I spent £60 on other programmes which promised to remove Vista Anti-Virus 2011 but failed. Method 1 one worked first time – and for free. You’re a star!
Thanks so much! You are a lifesaver.
thank you very very much sir i try method 2 it was charm you r a genius thanks again God bless you.
You guys rock…I use method 1 and it worked beautiful. I downloaded MBAM and the spyware was removed..thanks a million!!!
Thank you to Patrik for the advice on getting the command prompt to work – couldn’t have done it without you!