Vista Antivirus 2012 is a rogue antispyware program, clone of Vista Home Security 2011. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to trick you into purchasing its full version. So, do not trust anything that this malware will display you and remove Vista Antivirus 2012 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.
Like other rogues from same family of malware, Vista Antivirus 2012 is installed via trojans without your permission and knowledge. Immediately after launch, it will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware applications.
When installed and started, the rogue will imitate a system scan and report a large amount of infections. Next, Vista Antivirus 2012 will prompt you to purchase its full version to fix supposedly found infections. Remember, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that the rogue gives you.
While Vista Antivirus 2012 is running, it will display numerous fake security alerts. Some of the alerts are:
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Computer security is at risk! Your PC is still under
malware attack. Dangerous programs were found to be
running in the background. System crash and identify
theft are likely.
Privacy threat!
Spyware intrusion detected. Your system is infected.
System integrity is at risk. Private data can be stolen by
third parties including credit card details and passwords.
Click here to perform a security repair.
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Antivirus 2012 detected 26 critical system objects.
Vista Antivirus 2012 Firewall Alert
Vista Antivirus 2012 has blocked a program from accessing
the internet
Firefox is infected with Trojan-BNK.Win32.Keylogger.gen
Moreover, Vista Antivirus 2012 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:
Vista Antivirus 2012 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, Vista Antivirus 2012 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Antivirus 2012 and any associated malware from your computer for free.
Automated Removal Instructions for Vista Antivirus 2012
Step 1. Repair “running of .exe files”.
Method 1
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Windows returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.
Step 2. Remove Vista Antivirus 2012 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Home Security 2012 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Antivirus 2012. MalwareBytes Anti-malware will now remove all of associated Vista Antivirus 2012 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Vista Antivirus 2012 creates the following files and folders
%UserProfile%\AppData\Local\{RANDOM}.exe
Vista Antivirus 2012 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%UserProfile%\AppData\Local\{RANDOM}.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%UserProfile%\AppData\Local\{RANDOM}.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
It wont even let me open wordpad. My desktop wont even show up. I have to go through task manager to find or start anything that is if it will.
This was FANTASTIC!!! Thank you – worked perfectly – the virus was driving me absolutely BARMY! didn’t need too much brain to simply follow instructions…. I would suggest NOT rebooting after step 1, and doing it after the malwarebytes has finished its quick scan… thank u thank u thank u!!!
greg, you need to follow the instructions above, step by step.
I want to thank you so much for your effective and comprehensive steps to remove this viscous virus (vista security 2012). I’ve used this site before to remove the 2011 version of the same thing and it worked lie a charm then. When I saw this 2012 version, I knew to come right back to this bookmarked site. Thank you so much! You are a genius!
Thank you so much guys, it worked just fine ! This shit was driving me crazy, i was quiet sure it was a virus tough.
Thank you guys so much! My girlfriend was freaking out about completing her final papers after getting this virus on her computer. The first method worked like a charm, thank you so very much!
The Trojan will not allow me to run the command prompt. When I press ‘continue unprotected’ it just kicks me out. Very easy directions to follow, they worked the last time, but not this time. Please help!
Ok I made a shortcut of the command prompt to the desktop, right clicked it an ran it “as administrator” then it allowed me in. Yay! Rebooting now…
I guys I have done everything you said to do when I restart I get the blue screen what do I do please help
Method 1 worked right off the bat. THANK YOU to whoever wrote this. The fake antispyware was such an annoyance, but this resolution is an easy and convenient fix. Now, I can get back to work! THANK YOU!!!!!!!!!!
Thanks so much, this worked like a charm. Great job 😀
This INDEED WORKED!! Thanks a ton!!
I can’t get anything to work because I can’t type, my keypad will not work, numlock is on and I can’t get it to turn off! Any ideas??
was able to download malware bytes to a thumb drive on another computer and then install on the infected computer. (it took over IE and had no way to download direct)
to take these jerks out and shoot them would be too good for them!
It made an impact on it.. Not completely gone as yet(maybe because I only did step 2). It helped a lot though. Thanks
THanks
I am not even able to open notepad or cmd window. Please help!!! What to do? Also, let me knoww if I can go to the explorer to delete these files and if so which folders.
After doing the first step I come to a registory error saying “cannot import c:\users\Rachael\desktop\fix.reg: not all data was successfully written to the registry. Some keys are open by the system or other processes. So how should I procced after this?