Vista Anti-Virus 2011 is a rogue antispyware program, clone of Vista Antimalware 2010. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to trick you into purchasing its full version. So, do not trust anything that this malware will display you and remove Vista Anti-Virus 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues, Vista Anti-Virus 2011 is installed via trojans without your permission and knowledge. Immediately after launch, it will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware applications.
Once running, Vista Anti-Virus 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!
While Vista Anti-Virus 2011 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Anti-Virus 2011 detected 35 critical system objects.
Last but not least, Vista Anti-Virus 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Vista Anti-Virus 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Vista Anti-Virus 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Anti-Virus 2011 and any associated malware from your computer for free.
Use the following instructions to remove Vista Anti-Virus 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Vista Anti-Virus 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Anti-Virus 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Anti-Virus 2011. MalwareBytes Anti-malware will now remove all of associated Vista Vista Anti-Virus 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Anti-Virus 2011 creates the following files and folders
%AppData%\hee.exe
Vista Anti-Virus 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Worked to the letter – a huge thank you for this information.
I dont quite understand how this can be working because it disables all my programs (including I.E) and i cant transfer any programs over from another pc with a flashstick because it wont let me open that either.
thankyou 1st way worked
Thank you!!!! Very much appreciate your instructions.
Thanks, worked like a charm.
Thanks for this, it seems to have worked – however, since running the fix.reg in method one I now get an error message on boot, it’s Windows Defender telling me a handle failed to initialize or something??? A remnant of the virus, a symptom of the cure, or something else entirely?
thank you! this worked great. I had to create the fix.reg file on a different pc and transfer it on a usb key. scanning right now…
Awesome, had to manually type into notepad as I couldn’t access internet but it still worked perfectly. Thanks very much for putting the time in to help others with this nasty little thing, much appreciated mate!
Thank you looks like it worked great. Any ideas what file this thing piggy backed its way on to my system with?
it looks like it only blocks opening programs regularly, if you’re having trouble, look for the application in your start menu then right click -> run as administrator.
Thanks guys! This virus ruined my Saturday evening and would ruin my Sunday morning too. I used method 1 and my programs are running again. I had already scanned the system with the demo version of another virus program which quarantines the Vista antivirus 2011 but does not eliminate it. So, when I used Malwarebytes it detected some other Trojans. Still, I will keep Malwarebytes running on my system until all traces of the threat are gone. I’ll post an update if, hopefully, all is well.
Thanks so much, this has been so much help I can’t tell you! Nasty viruses!
Thanks so much for this information. This little one had me on a bit of a run, but thanks to your help, it is solved!
Hey, ive gotten scareware a lot on my current computer. they have all been relatively the same to remove and were actually removable by me up until now. Now i have recently received, ‘vista antivirus 2011’ i had to do a process that actually involved me doing specific work rather than running malware in safemode. so i went to task manager and ended the tree ‘cxu.exe’ because it was the only tree that was made at that time. finally all the popups stopped and i was able to run malware. malware finds 10 infected objects and removes them. all good right? no, maybe for an hour or so, but then my computer starts acting up again. spy sweeper kept popping up and eventually my computer turns off. i try to restart it, and a blue screen comes up without allowing me to read the problem, since it restarts right away. now im stuck. i can get into safe mode and run .exes by right clicking and pressing ‘run as adminastrato’ but i cant do anything else. i finally was able to redownload the ‘mbam setup’ file but it always says acces denied right at the last second of installing, i can not run a system resotre either, it keeps saying to be more specific with the drive, but im not sure what that means, im not exactly the computer-savy guy.
Please help! this thing is getting really annoying.
Thank you so much! I used Step1/Method 2, then Step 2. It worked!! It turned out I not only have this Vista Anti-virus 2011 but some other nasty stuff! They got removed all together!
Thanks guys, I got rid of it in method 1 which seemed to do the trick but then installed malwarebytes aswell which got rid of other stuff too. Very pleased with result, everything is working again. I am glad its gone and these are definately the best removal instructions yet. A+++
Is it possible to remove Vista Anti-Virus 2011 associated malware without installing MBAM? After step one, I ran a scan using Microsoft Security Essentials but no infected items came up.
10 minutes and my computer went from useless to running great again. although my brother would have been able to fix it for me, I’m always embarrassed to go running to his house for this shit.
hi u are a life saver
was studying for my finals lastnight and everything just went downhill frm there….kept trying to fix things but this blog saved my ass…. nothing worked except for ur posts! I love u lol i don know u but i genuinely do… and i want to have ur baby :p
thanks tho seriously
xxxo
THANKYOU! THANKYOU! THANKYOU! Very nervous at first, but followed Step 1 Method 1, then Step 2. It worked a treat!! MBAM detected 54 infected files. All removed and computer is working like a dream. You deserve a medal!
Got preety much same thing as Ozo. So after i got virus a program said i should reboot, but when i did just got blue screen were computer automaticaly turns off, so i can only go into Safe mode.
Then i followed your instructions and malware found some files(like trojan but also the vista antivirus thing) so i thought, well, I got it. But now i still can’t get in normal mode, only on safe mode.
Any ideas?
Another grateful user! Method 1 worked perfectly and I followed up with a system scan with mbam
THANK YOU VERY MUCH IT WORKED! FUCK YOU WHOEVER MADE THIS VIRUS!
Hi, I tried methods one and two. But cannot get the internet to work now. Tried manually typing (rather than copy and paste) into notepad method one, then also version two. Internet still doesnt work. Ran a registry clean up. Still doesnt work. Unsure what to do now. What can I do to get the internet working again? Please can you advise. Much apprecaite your help.
Hi, I tried method 1 and 2… but now cannot get the internet to work. Don’t know what to do. I re-typed for both methods 1 and 2 (rather than copy and paste) but made no difference. Tried a registry clean-up – again no difference. How can I get the internet to work again? Any help much apperciated as I am at a loss. Many thanks
Thanks a million!!! It worked. Your method is as easy as ABC!!! Keep up the great work!!!
Scott, have you completed the step 2 ? Try also reset browser`s proxy settings.
Thanks a bunch for writing such clear and understandable instructions – Method 1 worked like a charm.
Hi Patrik, Thanks for helping. Yes I ran a malware scan and removed the found trojans. Reset internet settings but made no difference, still cannot get internet to work. Can you suggest anything else?
Method 1 didn’t work with me, but Method 2 seems to have done the trick! Thank you very much for the detailed instructions!