• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Malware removal › Rogue Anti Spyware › How to remove Vista Antispyware 2011 virus/malware

How to remove Vista Antispyware 2011 virus/malware

Myantispyware team November 17, 2010     114 Comments    

Vista Antispyware 2011 is a rogue antispyware program, clone of Vista Antispyware 2010. The program reports false infections, displays numerous fake security alerts and blocks legitimate Windows applications from running in order to scare you into thinking your computer in danger. It hopes that you will next purchase its full version. So, do not trust anything that this malware will display you and remove Vista Antispyware 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove the rogue from your computer for free.

Like other rogues, Vista Antispyware 2011 is installed via trojans without your permission and knowledge. During installation, the program will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.

Once running, Vista Antispyware 2011 will perform a system scan and detect a lot of infections. Then it will ask you to pay for a full version of the program to remove these infections. Of course, all of these infections are a fake. This malware want to scare you into thinking that your computer is infected with malicious software. Thus do not trust the scan results, simply ignore them!

While Vista Antispyware 2011 is running, it will display numerous fake security alerts. Some of the alerts are:

System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.

Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Antispyware 2011 detected 29 critical system objects.

Last but not least, Vista Antispyware 2011 will hijack Internet Explorer and Firefox, so it will display a fake warning page instead a site that you want to visit. The fake warning is:

Vista Antispyware 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system

Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!

As you can see, Vista Antispyware 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove Vista Antispyware 2011 and any associated malware from your computer for free.

More screen shoots of Vista Antispyware 2011




Use the following instructions to remove Vista Antispyware 2011 (Uninstall instructions)

Step 1. Repair “running of .exe files”.

Method 1

Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.

Method 2

Click Start. Type in Search field command and press Enter. It will open the command prompt. Type into it notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.

[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com

[DefaultInstall]
DelReg=regsec
AddReg=regsec1

[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command

[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Note: if Vista returns error message “Installation failed”, then you need disable UAC control. Click Start, Control Panel, User accounting, Click “Turn User Account Control on or off”. Uncheck “Use User Account Control (UAC)” and click OK. Now try install fix.inf once again.

Step 2. Remove Vista Antispyware 2011 associated malware.

Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.

MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.

As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Vista Antispyware 2011 infection. This procedure can take some time, so please be patient.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.


Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Vista Antispyware 2011. MalwareBytes Anti-malware will now remove all of associated Vista Antispyware 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Vista Antispyware 2011 creates the following files and folders

%AppData%\pw.exe

Vista Antispyware 2011 creates the following registry keys and values

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Malware removal Rogue Anti Spyware

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

114 Comments

  1. Zeke
    ― March 29, 2011 - 8:32 pm  Reply

    Thanks worked a treat and mbam found a hole heap of others that trend micro wasn’t picking up

  2. Anon
    ― March 30, 2011 - 1:24 am  Reply

    Excellent tutorial (method 1). I previously had found and deleted the actual programs myself but was unsure what registry keys it mucked with. It seems that it took out the system restore points too.

    Thanks a ton!

  3. ken
    ― March 30, 2011 - 6:41 pm  Reply

    you’re a genius!! thanks so much! i used method 2 and it worked great

  4. Lucas
    ― March 31, 2011 - 12:31 am  Reply

    it got rid of the virus (or at least it doesnt pop up now) but now I cannot open any .exe files. (one the one user name that was infected) whenever I try my computer just asks me which program I want to use to open whatever exe I’m attempting to open.

  5. brittanie
    ― March 31, 2011 - 9:27 am  Reply

    thanks method one worked great i was kinda worried when all that stuff started popping up this was a great help

  6. Benny
    ― March 31, 2011 - 8:14 pm  Reply

    Omg… I couldnt go on the internet at ALL. So i used safe mode and typed the whole method 1. it worked. thanks alot!. Will let ppl know about this in the future!

  7. Donna
    ― April 1, 2011 - 5:54 am  Reply

    This worked amazingly. WOW ! Thank you sooo much for saving me the time, the money and most importantly my sanity. And the computer has been spared too from a potential physical assault. I did method 1 and it worked a treat. Pop ups have stopped. Now scanning my computer with malwarebytes. After this experience, I’m going to ditch McAfee Total Protection which could not pick up the virus, and who’s support people wanted to charge me $130 AU to fix the problem even though their software failed to protect my computer from an old virus ! Go figure. Thanks guys – you are great !

  8. James
    ― April 1, 2011 - 6:14 am  Reply

    I’m currently trying to destroy this rather nasty piece of malware. Just a point to note, thed version I have the *.exe is called uty.ext, not pw.exe as mentioned above. Hope this helps.

  9. Donna
    ― April 1, 2011 - 6:31 am  Reply

    Thanks. Worked a treat ! You guys are fantastic!

  10. Patrik (Myantispyware admin)
    ― April 1, 2011 - 8:17 am  Reply

    Lucas, you need to repeat the step 1 above.

  11. doobuy
    ― April 2, 2011 - 5:14 pm  Reply

    those scammers should be shot they prey on vulnerable people who dont know how to use computers scumbags thanks for the help

  12. Jeff
    ― April 2, 2011 - 10:39 pm  Reply

    Computer will not allow me to bring up command prompt. Any suggestions??

  13. Michael
    ― April 3, 2011 - 3:07 am  Reply

    My search field is also disabled,along with internet access,installing or running anti-virus programs?HELP!

  14. Alan Islas
    ― April 3, 2011 - 1:06 pm  Reply

    This works, thanks!

    Other methods, for example using Rkill are stopped by the malware from the register. Of course, tring to fix the registers manually won’t happen since not even regedit runs.

    I was about to format my hard drive but this (and Malwarebytes) saved me!

  15. danale
    ― April 3, 2011 - 4:04 pm  Reply

    I want to thank you guys.
    I followed your method and it worked!
    I usually don’t trust these things but I had no choise.

    Thanks!

  16. kim
    ― April 4, 2011 - 12:17 am  Reply

    Thanks, #1 worked great! But I was reading something on another website to get help with the fake antivirus thing, and it said something about the rootkit still being there. Since I’ve done the steps in number one and the whole Antivirus 2011 Vista thing seems to be gone, is the rootkit gone too?

  17. Patrik (Myantispyware admin)
    ― April 4, 2011 - 8:35 am  Reply

    Jeff, you need to use another computer to make fix.reg or fix.inf scripts. Once complete, copy both files to infected computer through usb/flash drive or CD disk.

  18. Patrik (Myantispyware admin)
    ― April 4, 2011 - 8:48 am  Reply

    Michael, open C:\Windows\System 32 folder.
    Click Organize, Folder and Search Options. Select View tab, uncheck “Hide extensions for known file types” and click Apply and OK. Locate cmd.exe file, right click to it and select Copy. Click Organize, Paste. Locate cmd – Copy.exe, right click to it and select Rename. In type field, remove all text and type cmd.com and press Enter. Press Yes to confirm it. Now run cmd.com and follow the steps above.

  19. Angela
    ― April 4, 2011 - 8:39 pm  Reply

    Hey, none of my programs or applications will open to try any of these tuturials. Help?

  20. Marx
    ― April 5, 2011 - 8:49 am  Reply

    used other laptop so i could find this.
    cross checked with google or this site wasn’t the following up scam to get an other virus on it.
    (happy to say it wasn’t)

    Used a flash drive for not having to type al those lines because i know i would have messed up.
    tryed option 1 failed, error message
    tryed option 2 worked. reboot
    reboot failed… pc crashed.
    boot up in safe mode… installed malware
    no internet connection in safe mode so no update.
    perform scan but it didnt found the virus.

    reboot normal windows.
    updated malware
    scan again and found 1 virus. I guessed there
    would be more.
    reboot

    no more popups
    can go on internet again.

    now performing a full scan 2 be sure.

    typing what i have done here to show my thx for the creators of this post/site.
    thx alot!!!!!

  21. Gac
    ― April 5, 2011 - 3:38 pm  Reply

    thank you very much, “method 1” worked perfectly

  22. Dave
    ― April 5, 2011 - 8:52 pm  Reply

    Thanks for this it was fantastic worked wonderful do appreciate your time and effort

  23. Slater Smith
    ― April 8, 2011 - 4:34 pm  Reply

    Saved my life! Used Trend Micro to remove the infestation but my registry was a mess and the simple tool fixed it. THANK YOU! Downloading an purchasing – it’s the least we can do!!

  24. Ronnie
    ― April 9, 2011 - 1:26 pm  Reply

    Cant thank you enough… option 2 worked for me and looks like ive managed to get rid of it.

  25. shuusos
    ― April 10, 2011 - 9:44 pm  Reply

    okay i found a much easier way to fix this
    hope this will helpe u guys

    1 start task manager, find the ‘3-word’.exe (can be nlk , xtp or whatever)that has around 11000k under memory

    2 end task

    3 go to the search bar and type system restore

    4 right click it and select run as administrator
    (must do this or the XXX.exe will run again)

    5 pick a time that your pc was not infected

    6 wait for system restore and you pc should be good again

    7 run some online anti-virus scan just in case

  26. Misty
    ― April 12, 2011 - 11:13 pm  Reply

    OMG!You have just made my day. I thought I was doomed for sure. Tried method 1,it worked perfectly. I get a little scared playing in the black screen, but instructions were right on the money and easy to follow. Wish I would have had this when I was trying to fix my father-in-law’s computer. This was so easy. Thank you so much!

  27. Karen
    ― April 13, 2011 - 10:19 pm  Reply

    Help – I’ve tried everything
    Ran both methods 1 and 2
    Installed Malware and removed virus
    rebooted
    Virus gone but internet won’t work
    re did steps 1 and 2 (and yes I disabled UCA control)
    checked for more viruses – none
    internet still won’t work
    Tried advice given to David and Jon, still no internet! Help

  28. inge
    ― April 14, 2011 - 10:37 pm  Reply

    hey!
    I have that stupid virus on my laptop, but I can’t go on the internet because of that (i’m now on a other computer)
    But you have to download that program, but how can I do it if I can’t go on the internet ?:(
    I called a computer service but they say to take a virus off the computer will take 3/4 hours… 🙁 please can you help me ?
    THANK YOU 🙂

  29. ana
    ― April 17, 2011 - 2:52 pm  Reply

    Tried both methods and they didnt work. the 2nd method when i turned the computer back on the antyspyware was still there.

  30. loserkids
    ― April 18, 2011 - 6:46 am  Reply

    finally finished…this is used…thanks alot…..

« Previous 1 2 3 4 Next »

Leave a Reply to Nick Sr. Cancel reply




New Guides

Look Who Died Scam Facebook Message
Look Who Died in an Accident Scam On Facebook Messenger and TikTok
Yourcoolwords.com Click Allow Scam
Yourcoolwords.com Virus Removal Guide
Adventureorganic.com Click Allow Scam
Adventureorganic.com Virus Removal Guide
retellrule.com website
Retellrule.com Review: A Scam or Legit Online Store?
Search-Alpha.com
Search-Alpha.com redirect (Virus removal guide)

Follow Us

Search

Useful Guides

ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
This setting is enforced by your administrator (Removal guide)
Malwarebytes won’t install, run or update – How to fix it
How to reset Google Chrome settings to default
adwcleaner
AdwCleaner – Review, How to use, Comments

Recent Posts

How to remove ScanDisk and Scan Disk (Uninstall instructions)
How to remove Ultra Defragger (Uninstall instructions)
How to remove XP Antimalware 2011
How to remove XP Guard virus
How to remove XP Antispyware 2011 virus

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.