Vista Total Security 2011 is a rogue antispyware program, clone of Vista Antimalware 2010. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to trick you into purchasing its full version. So, do not trust anything that this malware will display you and remove Vista Total Security 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues, Vista Total Security 2011 is installed via trojans without your permission and knowledge. Immediately after launch, it will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware applications.
Once running, Vista Total Security 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!
While Vista Total Security 2011 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Total Security 2011 detected 35 critical system objects.
Last but not least, Vista Total Security 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Vista Total Security 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Vista Total Security 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Total Security 2011 and any associated malware from your computer for free.
Use the following instructions to remove Vista Total Security 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Vista Total Security 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Total Security 2011 associated malware. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Total Security 2011. MalwareBytes Anti-malware will now remove all of associated Vista Total Security 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Total Security 2011 creates the following files and folders
%AppData%\{RANDOM}.exe
Vista Total Security 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\hee.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
These instructions can be applied also for Vista Antivirus 2011 ? Yesterday suddenly popped up this rogue antivirus
My daughter’s laptop has picked this stupid thing up. I have tried kaspersky, malwarebytes, ccleaner and a whole host of other software. Most of what I have seen for directions involves turning off system restore. That option doesn’t even seem to be available. every time I try any exe file this pops up. I am no computer genius but it has come to the point where if I can’t get rid of it I am going to run format the hard drive. WOuldnt’ be that bad if there weren’t a gazillion pics and music files with no idea of where this nasty little thing is residing.
wolfman, yes of course.
Instead of Malwarebytes, can I use Avast? I cannot install Malwarebytes after doing the notepad stuff.
do you do these steps in normal mode or safe mode??
and would this also work on xp?
the command prompt wont open anything :S
I picked this spyware up Saturday. My current anti-virus/spyware would not recognize or remove it. It hijacked my IE and I could not even go online where I wanted. I used my wifes computer and found these instructions and used them. It seems to have worked. I have a couple of questions. I only followed Step 1 as it seemed to fix it. Do I need to do Step 2 to completely remove it? When I ran Mal-ware this a.m it found 2 broken shortcuts ( I’m pretty sure came from that spyware). Does that mean the spyware is still lurking around my computer and not totally gone? What else if anything should I do?
mikki, use Normal mode.
I just followed the steps….dont know how i was to copy and paste the registry notepad stuff so i just typed it from my phone seeing as how this virus hijacks your net…i think i got it right as the icon on my desktop has a blue cubish thing…my question to you is….after i did this and rebooted my computer…it seemed like the virus went into hiding or removed itself completely…is this at all possible? Like it doesn’t sshow up even when i try to web browse now. Please tell me if thats at all possible.
Thank u Thank u so much. Ur information was not only good, thorough, but truly free as well. Before I found ur website, I den into other websites that claim they can help u, and when everything was all said and done, I was ask to buy a product. Boo! Ur really does Di what u said if would do. I’m now going through the Malwarebytes’ Anti- Aware, and waiting on it to finish. Yea! It seems like I am now able to have my computer back after a few days of being out of commission.
Is there any other free downloads that u would suggest that could be very helpful to protect my computer?
Before finding this page, I found another that told me to donwload the programn – but web access was blocked. I found I could download malwarebytes installation program on another, uninfected laptop, and then sent it as a file via skype to the infected computer (could not read a USB memory anymore!). Could then run it from skype or from the folder (“run as administrator” rather than open!)
The removal instructions worked perfectly at removing the virus however, it appears the changes to my windows registry files have rendered the computer quite useless. Unless I have missed a step or someone has a registry fix (I have always heard this to be a nightmare?) then I don’t recommend using the instructions above.
My daughter’s LT also infected as per previous commentator.
Method 1+Step2 worked exactly as instructed -WELL DONE YOU! I was really stuck & these instructions have saved alot of tears. MANY THANKS!
I was a bit concerned whether the instructions were appropriate for Vista but no problems.
1 Question though: do these RegFix.notes simply suspend the start-up of a virus thereby enabling MWB to do it’s stuff in which case can the same RegFix.notes be used again to solve similar Hi-Jack problem with a different virus?
Thanks & Regards, ROB.
The steps worked great to wipe the virus from my computer however, I am now left with issues related to my Root Registry files. I can’t get any .exe files to work…in other words, no programs will open from the link. Any ideas?
If I back up files before removing Vista Total Security, will it attach itself to any of these files?
Thanks for contributing this solution! What a nasty peice of malware.
i have got the solution. I didnt have a restorepoint either cos it was shut of. ok here is what u do. You go to the site (on a different computer ofcourse cos u cant get on the internet cos of the damn virus :)).
bleepingcomputer.com/download/anti-virus/combofix at the blue link combofix download (its free).
restart ur computer in the safe mode. i know the virus is still working in the safe mode but that doesnt matter. then start combofix, and let combofix do the work. u dont see much, but it works i garantee. good luck
I have the same thing going on as Russell.. I followed step 1, rebooted my computer, and now the virus seems to have gone into hiding. I ran a full scan on both McAfee and the software you suggested, after the “quick scan” on the one program found nothing. Apparently my computer is totally fine, according to them. Could it be hiding?
Just a new development on the Vista Security Virus. I had this virus stop me from accessing this and any other website. Be careful. It might do the same for you and you might need another computer to access the information to get rid of it. Like I said, it happened to me and I’m offering a fair warning.
We did method 2 on this page and now it seems that most of our files will not run…MS Office, Real Player, etc. Any help?
I have McAfee Total Protection 2011 and this just walked right on past my fire wall… thank you so much for the help!
Hi,
Thks very much, it worked for me; only question is whether the virus has been completely removed by running fix.reg?
Thankyou so much, worked perfectly.
Followed Step 1- methods 1 & 2 and then rebooted. Great, everything seems to be back working fine!!
Thanks a million for this removal guide, I was starting to panic when I stumbled across this. So far it has been very effective!!
hey thank u so much…it worked…..finally after all i got rid of that shit…
for me Step 2 was effective….
once again thanks……. 🙂
Thank you. Thank you. Thank you. Method #2 worked but #1 didn’t (said it wouldn’t accept it except as a binary???). I ran Malwarebytes, which has always been one of my favourites. It would have worked had my son been running it on his computer regularly!
Vista Total Security is a nasty virus and takes over everything. This removal program was a godsend and really was simple for a simple 52 year old mom!! My 23 years old son thinks I’m a genuis!
Hi, I picked this up last night. It hijacked my browsers so I had to research on iphone instead. I’m glad I found this … I did Method 1 and it worked instantly. Even better, the information was freely given. Thanks to the person who put this up … he or she is a real lifesaver.
I became infected with the nasty annoyance and lost almost total control of my computer, I can well understand how a less computer literate person could be fooled by the genuine looking interface.
I followed the instructions as shown (except for missing out the unnecessary and confusing ‘Click Start. Type in Search field command and so on * * * notepad’ can’t see the point of that, just open notepad and copy the text in as shown, save to desktop and away you go.
It worked for me so all I can say is thank you ‘My Anti Spyware’ and I hope the authorities i.e. the police track down the morons who create these scams
Wow, this worked very well. I believe I am up and running again. My Gateway desktop running Vista Home Premium somehow managed to pickup this little monster yesterday (May 21). I disconnected my infected computer from the network, then found this web-site using my Laptop. I started with step 1 method 1, since some of the comments are mentioning program problems with method 2. I was able to use a USB memory stick to transfer the file I had created AND the MalwareBytes installation program (Renamed, of course). After re-booting and running MalwareBytes Anti-Malware (which found two other infections) everything seems to be fine. Thanks!! I will be visiting this site in the future.