Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Sunday, January 31, 2010

How to remove Vista Antispyware 2010 (Uninstall guide)

Tell your friends:
Vista Antispyware 2010 is fake security software that reports false or exaggerated computer threats and displays fake security warnings in order to scare you and make you think that your computer is infected when it's not. This virus uses several different names. For some of you it will show up as VistaAntispyware2010, but it can also appear as:
  • Antivirus Vista
  • Antivirus Vista 2010
  • Vista Antivirus 2010
  • Vista Guardian
  • Vista Antivirus Pro
  • Vista Internet Security
  • Vista Internet Security 2010
  • Windows Vista 2010
  • Total Vista Security
  • AntiSpyware Vista
  • Vista Security Tool
  • Vista Security Tool 2010
  • Vista Smart Security
  • Vista AntiMalware
  • Vista AntiMalware 2010
  • Vista AntiSpyware
  • Vista AntiSpyware 2010
  • Vista Defender
  • Vista Defender Pro
  • Vista Security
The graphical user interface remains the same as shown in the image below.



This rogue program is usually distributed through the use of fake online anti-malware scanners, bogus websites and misleading online ads. Once installed, it will be automatically configured to run immediately when Windows starts. When running, it will simulate a system scan and display a variety of infections or threats. However, Vista Antispyware 2010 won't let you remove the infections unless you first purchase the program. Well, that wouldn't be so bad if the threats were real. As we already know, the scan results are false, so why should you pay for it? That's right, you shouldn’t.

When active, Vista Antispyware 2010 will display many fake pop ups and warnings claiming that your computer is compromised. One of the fake alerts reads:

Tracking software found!
Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing security scan.

Just ignore such fake warnings. However, the biggest problem is that this scareware blocks legitimate anti-virus and anti-spyware software. And that's not all. It also blocks certain Windows tools and functions in order to protect itself. Last, but not least, it will hijack Internet Explorer. You will be taken to various misleading websites full of false information. What is more, this bogus software will detect perfectly legitimate websites and security threats. Please ignore such information too. Just read the removal guide below and remove Vista Antispyware 2010 from your computer as soon as possible.


Vista Antispyware 2010 removal instructions:

Method #1
1. Go to Start->Run or press WinKey+R. Type in "command" and press Enter key.


2. In the command prompt window type "notepad". Notepad will come up.


3. Copy all the text in blue color below and paste into Notepad.

Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download one of the following anti-malware applications:
7. Install the selected application, update it an run a system scan.
8. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Method #2
1. Use another computer and download one of the anti-malware applications listed above (Method #1, step 6),
2. Create fix.reg file as said in Method #1 (steps 1-4). Copy an anti-malware application and fix.reg file to USB flash drive or any other removable device and transfer those files to the infected computer.
3. First of all run the fix.reg file. Then install the anti-malware application, update it and run a full system scan.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


NOTE: after virus removal, if you get an error message saying you need to create an association, then download exefix_vista.reg file and run it. Click "Yes" when prompted. This should fix .exe files association. 

Manual removal:

Associated Vista Antispyware 2010 files:

  • C:\ProgramData\QJyrk5wvCU1
  • C:\Users\All Users\QJyrk5wvCU1
  • %UserProfile%\AppData\Local\av.exe
  • %UserProfile%\AppData\Local\ave.exe
  • %UserProfile%\AppData\Local\QJyrk5wvCU1
  • %UserProfile%\AppData\Local\WRblt8464P
  • %UserProfile%\AppData\Local\Temp\QJyrk5wvCU1
  • %UserProfile%\AppData\Roaming\Microsoft\Windows\Templates\QJyrk5wvCU1
  • C:\WINDOWS\Prefetch\AV.EXE-[random].pf
Associated Vista Antispyware 2010 registry values:
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
  • HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
  • HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
  • HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
  • HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"


Share this information with other people:

171 comments:

MMXM said...

I AM INFECTED BY THE SAME VIRUS :( THANKS FOR POSTING ON HOW TO REMOVE IT, IM TRYING TO REMOVE IT RIGHT NOW BY YOUR INSTRUCTIONS, THANK YOU :)

JASON said...

hey can you help me :( i think i got the virus removed but now i cant get on the internet when i click on the internet explorer thing it says application not found

Elizabeth said...

Same here, got the virus removed but could not open any programs or internet afterwards. It gives an error saying you need to create an association...I restored the system, now I can open programs, but the virus is back. HELP??

Anonymous said...

after the scan whats next. can i delete the fix.reg. im using method 2. ive been tryin for 3 days to get this off my computer. thanks

Anonymous said...

Jason, uninstall the anti-spyware you installed and check. I had the same problem and when I uninstalled the anti-spyware my computer was fine agian.

Admin said...

Elizabeth, I've aupdated fix.reg file. Create another fix.reg but this time copy and paste this text:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Admin said...

"after the scan whats next. can i delete the fix.reg. im using method 2. ive been tryin for 3 days to get this off my computer. thanks"

Yes, you can delete fix.reg file.

Anonymous said...

Deleting temporary files in AppData/local/temp seemed to remove this fake software.

Graham said...

hey can u help me, ive tried method 1 and have installed both SUPERAntispyware and MalwareBytes Anti-malware. I used them to scan my computer and get rid of any malware/spyware but this vista antispyware keeps popping up. Can you help?

Admin said...

Graham, did they remove the rogue program files? Maybe you forgot to update SUPERAntispyware and MalwareBytes before scanning. You should update both programs first. Also try to restore your computer to an earlier date when your PC was not infected.

Graham said...

I may sound stupid but how do i know if they removed the rogue program files? and how do i do this/restore my computer to an earlier date?

Admin said...

OK Graham, first of all, download a free version of Spyware Doctor with Antivirus from Google.

Download link: http://pack.google.com/intl/en/pack_installer.html

Install it, UPDATE and run a quick scan. Remove all detected threats or infected files.

If that won't help, then try to restore you PC. Read here how to do that:

http://www.howtogeek.com/howto/windows-vista/using-windows-vista-system-restore/

Good luck!

Anonymous said...

Worked AMAZING!!! Thanks so much.

raz said...

i managed to get rif of the anti-spyware for a while but now its back! i have done a full scan and there are no threats. the pop up are still there but i can get on the internet now. how do i get rid of the pop ups?

Abi said...

I can't do it. Whenever I try and run fix.reg the pop ups are coming up and I can't get rid of them without getting rid of the box that comes up with fix.reg! Please help! I've tried both methods but the pop-ups aren't letting me do anything!!!!! Please!

Admin said...

Abi,

Reboot your computer in Safe Mode with Networking and try the first method again.

How to reboot Windows Vista in Safe Mode:

http://windows.microsoft.com/en-US/windows-vista/Start-your-computer-in-safe-mode

Remember! Choose "Safe Mode with Networking" not just "Safe Mode" from the menu.

am-bm said...

Hi, can I use this function on a different used on the same PC. I tried to restore my Vaio laptop and the restore failed. Now when I boot up the Vista security is the only thing that comes up on the screen. I cannot even get windows to load.
If I switch users then the laptop works fine, but not sure if it would detect the malware/ virus?

Admin said...

am-bm, yes you can scan your PC using different (account) user. By the way, that's one of the methods how to overcome such rogue programs.

Anonymous said...

Hello,

I used method 2 with SpybotSD but it didn't find anything. Any advice.

Thanks

Daniel

Admin said...

Daniel,

Just use another program from the list. Don't rely Spybot only. You can also use MalwareBytes or SUPERAntispyware. Good luck!

Anonymous said...

I tried the Regedit method mentione, but the registry editor was disabled, by the malware I guess.

I then used my install disk and used the repair option and did a restore that went back a few days.

It looks OK now.

Anonymous said...

Its driving me nuts, worst part my computer wont even find the command when i enter it on the run bar thing

Anonymous said...

Hello - I have attempted SpyBot, SuperSpyBot and Malwarebytes all to no avail. Each time I have tried to load them on my laptop, they fail to launch. I have even tried loading them on my zip drive and then running them on my laptop. When I do that, I get the message that the program has stopped working and the problem event name is APPCRASH. Help!

P.S. I have also tried all of this in SafeMode.

Admin said...

Ok, then when in safe mode try to restore your PC to an earlier date when it was not infected. This might work. Good luck!

Anonymous said...

Nope. That didn't work either....It keeps giving me an error message that the disk OS (C:) has errors and that Windows has detected file system corruption on OS (C:). You must check the disk for errors before it can be restored. I then click on "Check disk for errors, check both boxes, click start and the little screen disappears and nothing happens. Going directly to chkdsk either in normal or SafeMode also does not work...Help!

Anonymous said...

i tried to do this, only one problem-the virus won't allow me to go to the internet. any help?

Admin said...

Use another PC if you can. Download one of the anti-malware programs and save it to usb stick, flash drive or etc. Install anti-malware from selected external drive and scan your PC. Also you can try to restore your computer to an earlier date when it was not infected. Good luck!

Anonymous said...

Whoever wrote this, THANK YOU SO MUCH! I used method 1 and it worked perfectly. This virus had me very worried (and it was pretty annoying too).

Thank you!!

Anonymous said...

The malwarebytes won't let me update it before scanning....it says an error code of 732 (12007, 0)

Anonymous said...

i already got the virus out but now i cant open any files such as microsoft word, aim, etc. please help !

Charlie said...

In process of trying method #2. By the way, from what I can tell, in either safe mode or standard, the malware will prevent you from getting to and or starting the process of creating a restoration point... Question to the Admin: Does this just run right on by or through Norton IS 2009? Not a whimper as this started to load. Typical.

Anonymous said...

Thank you! This particularly nasty piece of software installed itself through on 2 computers in my house, apparently through unscrupulous Flash ads containing exploits. It installed itself on Vista with UAC enabled, no prompts or warnings of any kind, somehow managed to bypass any form of computer security. Hopefully it's gone now, thanks for the info.

The adverts in question were running on thepiratebay.org, I recommend you stay clear of that site unless you have an ad blocker!

Anonymous said...

THANK YOU SO MUCH MAN ! I uninstalled it... ii was getting worried about my computer.. thank youu again :)

Anonymous said...

Please HELP!! I've managed to remove this virus (at least I think I have), but now I can't open anything on my computer. I somehow found a roundabout way to open Internet Explorer. It keeps saying "This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel"??? What does this mean and how do I fix it? I'm pulling my hair out because of this stupid virus!!

Admin said...

For those of you who can't run programs normally and get "This file does not have a program associated with it for performing this action" error please read the note in red below removal method#2. Or download Vista exe files association fix directly form here:

http://bit.ly/a5GOEe

Anonymous said...

if you guys just take a second to read the other posts, you will probably find the answers to your questions. thats what i did. also, learn how to use your computers.

thank you
that one guy who reads

Diana said...

I tried method one, but when I double click fix.reg I get this message:
Adding information can unintentionally change or delete values and cause components to stop working correctly. If you do not trust the source of the information in C:\Users\Diana Elizabeth\Desktop\fix.reg, do not add it to the registry. Are you sure you want to continue?

If I click Yes, it says:
The keys and values contained in C:\Users\Diana Elizabeth\Desktop\fix.reg have been successfully added to the registry.

I don't have another computer I can use so Method 1 is my only option. I don't know what to do!

Elle said...

I used SuperAntiSpyware to get rid of this thing but I didn't do it in Safe Mode :( Now when I try to open anything on my computer I receive the "Choose the program you want to open this file" page every time! Any suggestions?

Anonymous said...

Thank you SO much for this, before I could only find and delete one file which kept replicating itself under different names. Definitely appreciate this guide!

KerBear said...

It won't let me paste into the note pad.
When I ctrl + V it just shows a ^v on the pad..

Admin said...

KerBear, that's strange. Then I think you will have to write every line yourself.

KerBear said...

Ah, never mind.
I wasn't reading directions right.. Haha.
Now lets see if I can work this...

Anonymous said...

i cant control my laptop im on my mums now so i could try but it wont let me go on google or the site this is on is only says INTERNET EXPLORER alert.visiting this site may pose a security threat to your sistem so my lapton if broke now... can any1 help please.

Dante said...

The vista internet security screwed up my malwarebyte and it won't load when i click on it i tried uninstalling and installing it again and it still won't work. Any other programs you would like to suggest?

Anonymous said...

THANK YOU!

I downloaded the fix.exe from http://bit.ly/a5GOEe in safemode and ran SPYDOCTOR and finally got rid of it.

Anonymous said...

This worked great - thanks so much!

(p.s. - it does help to read EVERYTHING before posting questions with answers already on here!)

Anonymous said...

Hello,

Thankyou for your helpful comments. I followed step one and was now wondering how do I know its really gone. Also what do I do with the notepad file that was created during the process?

Cheers

Anonymous said...

It worked.. THANKS A LOT!!

:)

Anonymous said...

malwarebytes doesnt detect anything for me. what should i do?

Anonymous said...

THANK YOU THANK YOU THANK YOU!!!

Admin said...

Q: "Also what do I do with the notepad file that was created during the process?"

A: Delete it.

Anonymous said...

THANK YOU.... I actually have no other word to describe this... THANK YOU!!!!!

Anonymous said...

I had tried many different scenarios on the internet to fix this and this process did the trick! Thank you so much!!!

Anonymous said...

thank you!!! worked like a charm!!

Anonymous said...

thanks dude... you don't even know how much i appreciate it, although i had it mostly dealt with. this helped me finish the job. lol i was getting soo stressed out because of it i think i was about to go bald! hahaha

Anonymous said...

It won't work, every time I type "command" in it says it can't find it. I don't know what to do...

Anonymous said...

It was working well until I tried to click yes for the registry editor. It says the file is not a registry script and that i can only import binary registry files from within the registry editor.

What do I do?

Admin said...

Q: "It was working well until I tried to click yes for the registry editor. It says the file is not a registry script and that i can only import binary registry files from within the registry editor."

A: You did something incorrectly. Copy this text exactly as it is and safe as exefix.rig. File type: all files.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Admin said...

Q: "It won't work, every time I type "command" in it says it can't find it. I don't know what to do..."

A: Make sure to type command without quotes.

San said...

I am using Microsoft Essental Security Anti Virus software. It cleaned the av.exe but I was not able to open anyone of the system utilities like msconfig, command and even IE also. I followed the step 1 and ran fix.reg file, as a second step I have installed Super Anti Spyware ,downloaded the latest updates and ran scanning..It did not detect av.exe since av.exe has been removed by Microsoft Essential Security anti virus s/w already and but it detected Adware Cookies and removed completely, and rebooted system, It worked , I am able to open all utilities and IE.. Thank you so much Admin... I really appreicate your effort.. But how can I find out av.exe has been completely removed from my system, is it by checking registry entries ?

Anonymous said...

THANK YOU MAN!

Anonymous said...

Q: "It was working well until I tried to click yes for the registry editor. It says the file is not a registry script and that i can only import binary registry files from within the registry editor."

A: You did something incorrectly. Copy this text exactly as it is and safe as exefix.rig. File type: all files.

i get the same error. im not computer stupid, this virus isnt even on my computer, but I cant get the .reg files to open. what am i supposed to do?

San said...

Hi Admin, Is it safe to keep Super Anti Spyware in PC ? , Is it reliable software ?

Anonymous said...

Thanks for making all this info available. I just helped out a neighbor with a Vista Antispyware 2010 infection.

I downloaded fix.reg, MalwareBytes and exefix_vista.reg to my machine and transfered it via USB to hers. I killed the av.exe process to get started, and subsequently, my observations are that a)once fix.reg was run, the pest was under control. I then ran MalwareBytes, but I suspect that the fix.reg register changes allowed her McAfee (comcast) to wake up and eliminate the pest, since MalwareBytes found no evidence of it, and the McAfee log shows the removal of such a pest at that point in time. b)There were a few association problems afterward, most notably, iexplore, and I wasn't able to run exefix_vista.reg because an existing process was using some of those register entries. c) I suspected MalwareBytes, so I used msconfig to remove it from the startup list and rebooted, ran exefix_vista.reg, and all known associations were restored. No need to uninstall MalwareBytes.

If the solutions provided here don't rid your machine of this pest, you may not be following the discussion or else have more than one problem.

Thanks again for the info and the forum.

Anonymous said...

I'm having the same problem as that other person, when I type command it says it can't find it. So I tried the manual way, however, it won't let me delete the firewalloverride or the antivirusoverride registry keys, it says: "unable to delete all unspecified values"

Anonymous said...

omg thank you so much, this helped get rid of it straight away. i felt like jumping for joy, i've been googling for a fix all day. gosh, thanks once again.

Anonymous said...

Also, in spite of the file disassociations and "files not found", I can't recall any point in the process when I wasn't able to run everything from the start menu by right-clicking and running as administrator. This goes for msconfig and iexplore. Thanks for that insight as well. If you're looking for the pest's files in the User directory, make sure explorer is set to view hidden files. Look in Organize;Folder and Search Options;View.

Anonymous said...

I downloaded the Superantispyware so , what i have to do know , explain better

Anonymous said...

Thank you Admin.... this was very worrying and you helped big time... you deserve a medal!

BTW I used method one and combined it with the spy doctor software from google. I also deleted all the files in "APPDATA LOCAL TEMP" for good measure.

Thanks again.

Al

Jackson said...

Is there any way you could post a way to add the Correct HKEY_CLASSES_ROOT\.exe\shell entries for the registry? I deleted the whole SHELL folder and think that may have not been correct.

Anonymous said...

when I press WinKey+r the page stays blank my screen is white and I can't get anything to show please help me!

Anonymous said...

Hello ,
Thank you very much your sistem worked very good , i erase the virus from my sistem , I used option 1 to do so, thank you again and have good luck

Anonymous said...

Thanks a lot.. Worked great the first time with Method 2

cfgobabygo said...

After clearing with malware you have to uninstall your IE. Try getting on the Internet temperarily with Firefox or other webbrowser. Then after the uninstall of IE try reinstalling IE. I'm still in the process but at least I can use Firefox. Other programs are screwed!

Darren said...

You are a star my friend!! This nasty little bas***d had me blowing steam out of my ears!! - Method 2 worked like a charm.

Cheers

Ken said...

worked GREAT thanks for the tip. It was very easy to do.

Ken

Anonymous said...

Hello, I have the same question as San above. I ran fix.reg and after that Vista Internet Security no longer popped up at all. So I go online and downloaded Malware, updated it, and ran a full scan. It didn't detect anything so I went to SUPERantispyware, updated it, and it found two adware tracking cookies. Then I went to the next screen and it started deleting like 97 things and rebooted my computer. I got back on and ran another scan and it found another cookie, so when I hit next it only deleted one thing and didn't reboot my computer. So my questions is: How do I know if Vista Internet Secuirty 2010 is off my computer for good? Everything is working right now, but I'm not sure that means it's gone because everything was completly fine after I ran fix.reg! Please help I've been battling this thing for a little over a week! Thank you so much for getting me back up and running (almost I think)!!!!

Anonymous said...

Thanks so much for posting this! I have close to zero knowledge of computers, but did it succesfully thanks to your help.
So a BIG thank you form Holland!

Marco.R said...

I just personally wanted to say thank you for taking the time to do this :'D

Anonymous said...

Worked 1st try! Thank you! Thank you!

Anonymous said...

Well not even rebooting the computer in safe mode, safe mode with networking or safe mode with command prompt seem to work at all. It is not finding the command prompt at all and keeps suggesting that I write it properly. How am I supposed to fix or use the methods suggested?

Anonymous said...

ok ive been baddling this virus for 3 days ive tried avg avast and microsoft security essentials the only reason i knew it wasn't completely gone is my microsoft sucurity essentials completely dissapeared off my computer... i am rite now following 1 and am in the process of using superantispyware but when i first downloaded it would not update will this cause a problem???

just.a.train said...

Hi, a few weeks ago, I got infected by this fake antivirus program, and after finding your blog, I've removed it successfully. However, a few days later, Vista Antivirus Pro 2010 was once again on my site and doing it's false scans. Since then, I've already removed it from my computer three times, I am now on my fourth. Is this because I am visiting the same site that got me infected in the first place, or is this because I have yet to successfully remove the virus completely?

Admin said...

just.a.train, this virus is morphing constantly, and it gets though your antivirus software (do you have any?). Besides, it's possible that some of the malicious files can't be removed with malwarebytes or superantispyware. Such infections usually come bundled with other malware. Read step 8 is the removal instructions above.

8. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Click on the link "ESET Smart Security" and you will be redirected to official ESET site where you can download ESET NOD32 Antivirus 4. It's free for 30 days. Install it and run a full system scan. I bet it will find more malicious files that malwarebytes or superantispyware. Good luck!

Anonymous said...

oh man THANKS THANKS THANKS THANKS THANKS its work good and now all the programs is worked also

You Are The Best

do u have a facebook acount ?? so we can thank you u helped us with very big problem

Greetz from italy

Anonymous said...

Thank you so, so much. I used method #1 and worked like a charm, no more "Smart Security 2010". Thanks again!

Anonymous said...

Thanks a lot!
I actually thought i had some kind of virus or something
Thank you for posting

Anonymous said...

Hi,I am not able to type anything in Start-> Run-> a command line evem in a safe mode. Keybaord become disabled. Is anything I can do else? Please help. Also in a process no pure ave.exe, avg...,which I use to run to clean computer.
Please help!

Anonymous said...

Hi, I got this virus yesterday (is it possible that it infected the USB pen drive I used in another infected computer?), and now I'm trying the manual removal using linux.
I found Jd7i63U6u instead of QJyrk5wvCU1, no av.exe, neither WRblt8464P 'till now.

THANK YOU SO MUCH! I hope it will work! [hope]
Matteo

Anonymous said...

is this fix working? i m worry this is another spyware site :(

Admin said...

Q: "is this fix working? i m worry this is another spyware site :("

A: It works, but not for everybody I'm afraid. And this blog is safe.

Anonymous said...

Ugh. I just this virus a few minutes ago while I was browsing the internet.
I'll let you guys know if it removed. SUPERAntiSpyware is scanning right now..
I hope it works.

Anonymous said...

Mmm... I wanted to come back to windows (safe mode), and change the registry values, but vista doesn't recognize .exe files... what have I done?!
Thank you,
Matteo

Anonymous said...

I deleted just 2 exe files from AppData\Local\Temp folder, and it seems to be working removed. What happens if I delete all the contents of this folder?

Admin said...

Q: "I deleted just 2 exe files from AppData\Local\Temp folder, and it seems to be working removed. What happens if I delete all the contents of this folder?"

A: Nothing will happen. But I think you don't need to remove other files from Temp folder anyway. Good luck!

Admin said...

Matteo, you have to fix exe files associations. Download and run this file:
https://docs.google.com/uc?id=0B7pJ7yI2AU6jOGQ0N2JiZDYtNmM3NS00NmQyLWFiNDktYThkODcyOTM5OGIz&export=download&hl=en

Anonymous said...

I'm on my Windows vista now, everything seems to work, but I'm not sure for the infected registry values: what do I have to do? to change them into something else, o to erase them?
Thank you again for your help, I would be lost (and I would have crushed this thing into pieces...)
Matteo

Anonymous said...

Done, thank you!
Now anything seems to work (even if I'm still using linux), but I didn't fix the registry values... what do I have to do? I have to change the wrong registry values with others, or I have to simply erase those files/values with ave.exe in it?

Thanks again for your help,
Matteo

Admin said...

Matteo,

First of all do this:

1. Type command in the RUN dialog box to open Command Prompt (run as administrator)

2. When Command Prompt is up, type cd \windows

3. Type regedit to open up the Registries.

4. Expand HKEY_CLASSES_ROOT and find the folder of .exe

5. Without expanding it, on the main .exe folder, Right-click (Default) and Modify. Change the Value Data to exefile

6. Now in the same HKEY_CLASSES_ROOT find the folder of exefile and Right-click (Default) and Modify. Change the Value Data to "%1" %*

7. Lastly expand exefile, expand shell, expand open, click on the command folder, Right-click (Default) and Modify. Change the Value Data to "%1" %*

Then download SUPERAntispyware or Spyware Doctor and run a full system scan. Remove everything it finds. Then downlaod CCleaner and scan your registry. Fix found registry errors.
NOTE: don't remove registry values manually.

Good luck!

Evan said...

Hey admin,

I was trying to do step 1, but when I got to opening the fix.reg file. It says it can't open it because it can't access the registry. Any ideas? Thanks a lot!

Evan said...

Hi admin,

I tried step one, but when I double clicked the fix.reg file, it wouldn't open. A message popped up saying it was unable to access something. Any ideas? Thanks

Anonymous said...

You sir are a wonderful person!

Anonymous said...

This really works. Thank you so much for this.

Anonymous said...

THANK YOU!! So clear and helpful. :D

Anonymous said...

I cannot find the websites that I need to get the antimalware from. Could the Virus be blocking me from downloading them?

Anonymous said...

I found that if you reboot after running the fix,reg, then the pop ups and annoying messages stop then you can download and run the anti spyware software(s)

Anonymous said...

It will if you don't do a restart after running the fix,reg

Anonymous said...

Thank you very, very much!
I've been trying to get rid of this stupid virus!
The directions are soooo clear and helpful. I was really relieved when I downloaded SUPERAntispyware and it got rid of the problem right away after I rebooted my system. I'm so happy that it doesn't try to cheat you out of you money like every other one does.
I hope this virus never comes back! If it does, I'll know how to get rid of it. Thank you so, so much. :)

Ringo, have a banana! said...

Hey, I've gotten through all the steps in Method #2, up until you finish installing the MalwareBytes and ask it to run. No matter what I've tried, including restarting my computer, MalwareBytes will NOT open. I click "Continue" when it asks permission...then nothing happens. Any suggestions? Thanks so much!

Anonymous said...

Thanks, i followed all the steps en viola the virus was gone.

a happy dutchman

Anonymous said...

YOU'RE A SAINT.

Anonymous said...

thanks it seems to be working

Anonymous said...

I picked this problem up last night and your solution helped me get functional by midday today - thank you.

I'm curious, though, how it cut through my security. I don't just browse around unprotected. This went through everything and made changes to my registry without any notification whatsoever. Even when I applied your Fix.Reg file, I was prompted with a "do you want to change your registry" question....

Finally, when running Malwarebytes after the Fix.Reg, I did a full scan and it came up with two entries - when I told it to clean them, it said I had to restart my system and then Malwarebytes stopped working - but when I rebooted and re-ran Malware, nothing came up as a problem. How can I be sure everything is gone?

Admin said...

Download SUPERAntispyware and run a full system scan http://www.superantispyware.com/

If it won't find anything then your PC is clean.

Also you may want to consider purchasing the ESET Smart Security (removal step #8) to protect against these types of threats in the future.

Good luck!

Anonymous said...

When I try to run the fix.reg file, a window pops up that says: cannot import C:/Uses/Jackie/Desktop/fix.reg:Error accessing the registry.

What is the problem? I'm stuck on this step and I can't run the fix.reg...

Anonymous said...

When I type in command in the Run window, it can't find it.

IS there something I need to install in order to get it?

Anonymous said...

The Fix.Reg won't open; there's an error accessing the registry. Any idea on that? :(

Anonymous said...

THANK YOU SO MUCH ITS FINALLY GONE I WAS GETTIN IRRITATED BUT ITS FINALLY OUTTA HEAR THNK AGAIN YOUR TRULY

GAMEHAKER2200

Anonymous said...

I'm having the same problem as 2 out of the past 3 anonymous users...please help!!! cannot merge the fix.reg to my registry

Patrick said...

Once i run the fixreg files then what. should the virus then be gone? do i need to reboot to complete the fix?

Anonymous said...

hi maybe i'm doing something daft but how do you save the notepad file..can't seem to find any save as option.....

Anonymous said...

hi sir. please anwsr this. i did that steps and completeley removed the virus. and also used tha superantispyware. now after 1 month it came back. my problem is when i re created the fix.reg file it said that " the file is not a registry script and that i can only import binary registry files from within the registry editor." so what i did was i run my Super anti spyware run the complete scan, THE virus was removed. my question is. is my computer ok now????? pls help me sir admin.- my name is Cram

la-velle said...

HI! Thanks for this. I did method one and it worked fine and did the malwarebytes scan and it found and deleted two infections. Just randomly about 24hours later its back! before it was called vista defender and now it is called "Viata internet security! I tried method one AGAIN but it didnt seem to have any affect. Any advice would be greatly appreciated xx

Anonymous said...

Thanks for the instructions. Saved my life and my laptop !

Anonymous said...

Thank you so much for this public service. I was totally freaked out this morning when I got those warnings. I followed method #1 and used malwarebytes and it worked completely.

To those who come after me - don't panic. Follow the directions and malwarebytes will remove it. It was also helpful that I had firefox because IE wouldn't open at all and you need to be able to download one of the spyware removal tools. Also, malwarebytes was free and easy so no need to buy or register anything.

Thanks again Admin.

Anonymous said...

Thank you, this fixed it!

Anonymous said...

It worked, thanks for this info!

Anonymous said...

Thanks for this advice, I have done the fix reg bit and the messages seem to have disappeared. Just following with the anti malware applications. This seems to have come from thepiratecity.org - with no warnings as previously mentioned. Could not use IE at all but with firefox able to get to the internet for help.

Anonymous said...

Hello admin ! I fixed the problem on Friday and it came back again few days later. I did the same thing and fixed it again. Is it just another random attack or did I clean it up properly first time ? I am worried that it will keep coming back.

Anonymous said...

does this work ?

Anonymous said...

I've done everything as it is written but after running the fix.reg, error appears. It says : Cannot import C:\Users\hp\Destop\fix.reg specified file is not a registry script.You can only import binary registry files from within the registry editor. please can you hlp me? thnks

Mark said...

I have run program following the steps and have managed to get rid of the virus (i think) but i now cannot use Internet Explorer. I have tried the exefix_vista.reg file as suggested but i still get the message Explorer.EXE Application Not Found box appear.

Is there anything else i can do to fix this??

Thanks

Mark

Anonymous said...

*MY SOLUTION TO INTERNET EXPLORER NOT FOUND*
Heres your problem: "I start internet explorer, and it comes up with : "application not found, or saying it is a threat to your computer". I have a fix!.
If this has occured using Internet explorer, download mozilla firefox; drag the files by usb, or it should be installed already.

If this has occured using Mozilla firefox,download internet explorer; drag the files by usb, or it should be installed already.

Kaye said...

I did method one. But how do you know if the malware has been removed properly already? There are no pop-ups anymore but I still have a faulty internet connection. Please help me!

Admin said...

Kaye,

You should always scan your PC with at least two anti-malware programs.

1. Malwarebytes Anti-malware
2. SUPERAntipsyware

Then download ESET NOD32 Antivirus 4 and run full system scan. Download link: http://bit.ly/cRWrBj

Good luck!

Anonymous said...

Worked like a charm! Thanks a ton for taking the time to share this information. Much appreciated.

Richard said...

OMG! I got this today on the other comp! I get to the step where i do WinKey + R. I type in command and i hit enter. As soon as the window pops up, it gets closed out immediatly (assuming by virus). I cant do anything w/o porno popping up and this and that. I'm very upset atm. Please help me get this command window up so i can continue. =...(

Anonymous said...

Can this work for XP too? I haven't upgraded to vista but the virus is still popping up.

Anonymous said...

Hi, I used method #1 to remove the virus. It looks like the virus is gone, but the internet doesn't work. The connectivity seems fine, but I still cannot load the internet explorer. Are these two related or is it a separate problem?

Admin said...

Please check your web browser and Internet settings. Follow these instructions: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html

Good luck!

Anonymous said...

Admin, many thanks for your time and effort..
Thanks again :)

crow said...

Hi
I followed Method 1. However, Malwarebytes and Symantec don't detect any infections, yet the Vista Antispyware thing keeps popping up. The Spydoc quickly detects the infected files but doesn't remove them unless I purchase its full version. Could you tell me some other free antivirus that might be able to both detect and remove the rogue virus files? Or something else that I should do? Appreciate your help in advance.

Anonymous said...

Used method 1 and it worked but had no internet. I've followed instructions on turning off proxy server and explorer works now too. But I have 1 problem. I cannot switch audio services back on as it won't allow it. I have a red cross on speaker symbol in menu bar and no amount of volume adjustment / tweaking audio settings will remove it. I've checked audio driver settings and it says they are working and up to date. Any suggestions please?. Btw I am profoundly grateful for your kind help in killing this filthy malware.

Anonymous said...

This virus is also saved under the file name rsi.exe from Valve Corporation. It's located in the C:\Users\[username]\AppData\Local file.

I also found rsi.exe in regedit diverting .exe files to run through it first.

Anonymous said...

I had the same problem, and then I used the Restore on the Control Panel. I restored to a date 4 days earlier and now it seems to be working fine.
Will it be enough? Any comments?

Admin said...

You should still scan your computer with anti-malware software. Just to make sure that all the malicious files were removed during system restore.

Anonymous said...

Thank you so much, I thought I was going to pay another $150 for the virus removal. YOU SAVE MY LIFE...Many thanks :)

Mike said...

Worked a treat, thanks very much.

Anonymous said...

I used SuperAnti Spyware to delete this stupid virus and then was unable to open any programs after reboot, so I followed your instructions re: downloading the registry fix and now everything seems fine. Thank you for your easy to follow advice.

Anonymous said...

dude, I love you. Thank you very very very much! :D

Anonymous said...

Hey I got "it"... don't know how but here I am.

As others have reported.. it took over my browser, wouldn't let me do a system restore, could not pull up a command prompt, did didley in safe mode, wouldn't open the programs I downloaded to find it and kill it, slowed my puter down to such a point that it was actually painful etc etc.. generally frustrated the living you-know-what out of me!

So I hope this helps someone

GET OUT OF IE and get into CHROME or FIREFOX

Then run GMER:http://www2.gmer.net/gmer.exe

Save it to your desktop as some gobbledy gook like 1357.exe etc etc...I KNOW you are thinking but it won't OPEN.. open by right clicking and opening as an administrator.

Then after that loooooong process- like I say I am not a computer person or anything just some middle aged broad who is good at reading and following instruction who wants to help. Point is I don't know what that program did exactly but I do know it took out the bugs icon in my system try and I couldn't find it anymore in the task manager processes and puter speed up so all good imho.

Right then the instructions I found said go and download free antimalware from here:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

Open the same way- right click and as an "administrator" install it, update it, run it and restart your puter.

I was never able to get the command prompt to actually come up which actually looked way easier. I figure I was lucky enough to get a *smarter* version of the same virus. So if you got the same toxic version I did I hope this helps you!

;)

Anonymous said...

I all ready removed the malware with malwarebytes. But my .exe files won't work. I opened notepad from the command prompt and typed the registry code the way I see it on this website. I saved and double clicked and at the prompt I answered yes, but no changes. What did I do wrong?

Admin said...

Download exefix_vista.reg and run it. This should fix the .exe problem. You can also Google "exe file association fix vista" for more sulutions. Good luck!

Anonymous said...

Download exefix_vista.reg and run it. This should fix the .exe problem. You can also Google "exe file association fix vista" for more sulutions. Good luck!

Does it matter if im on XP?

Anonymous said...

Admin said...

Download exefix_vista.reg and run it. This should fix the .exe problem. You can also Google "exe file association fix vista" for more sulutions. Good luck!
April 7, 2011 2:48 PM


IT WORKED!!!! THANK YOU!!!!!

Admin said...

Q: Does it matter if im on XP?
A: Yes, it does. Just Google "exe file association fix windows xp" or visit this website http://www.dougknox.com/xp/file_assoc.htm

Hannah said...

It says that fix.reg has been successfully entered into the registry, but what do I do next? I cannot download a spyware software,etc, because it won't allow me onto the Internet!
(I'm using my iPod touch to read this article)

Please help!

Anonymous said...

Admin,

I followed your seven steps above. It removed the virus with no complications.

Thank You!

Anonymous said...

Admin are you familiar with Vista Internet Security 2011 - Unregistered Version? It has taken over my computer and I can't get rid of it. It is running under the process of xvc.exe I can go in and kill the process but it comes right back. Now I'm in safe mode and can't exit from it (this may be different issue, not sure) Please, any help would be greatly appreciated.

Prince said...

If I dont show my sign of gratitude, then am the most ungrateful person on earth. Thank yo very much and remain blessed.

Solomon Sarki-nigeria

Anonymous said...

Thankyou Admin!!!

Tip for those unable to open browser (like me):

RIGHT CLICK on browser (Firefox, Explorer etc...) and RUN AS ADMINISTRATOR.

And don't panic y'all...

Anonymous said...

I just did a scan with windows defender which found 1 harmful virus and removed it, This vista internet security virus is a bit of a nightmare but now I am virus free try it!

Anonymous said...

I went to office depot ($170) and best buy ($210) to get it fixed. I am a student n can't afford to throw away my money like that. Finally came upon this site and am so glad I did. U helped so many people in a very unselfish manner.
God Bless u :)

D said...

I'm so glad I came across this site! You're an absolute GENIUS for solving all these problems! Thank you SO SO MUCH for helping out!

Anonymous said...

Thank you so much!!! That fixed it.

Snazzy said...

omg, thankyou soooooo much, I have been worrying myself sick over these so called threats for days now. Finally my computer is free of this nasty bug and fully protected by Norton and Super Antispyware. Next time something out of the ordinary happens to my computer I must remember not to stress and google it on my phone, Thanks again I'm sooooo happy :)

anni8996 said...

You're a God. Thank you. Have been bugged by it for ages. Can't believe I didn't find this one!

Anonymous said...

This malware has reappeared on my computer as "Vista Security 2012". I followed Method #1 and it looks like I got rid of it. Thank you so much.

I have CA Antivirus installed which didn't detect the malware. Respect for Malwarebytes.

Note that the infected/implanted files are different from the list above. I paste excerpts of Anti-Malware's logfile below.
===
Memory Processes Infected:
%UserProfile%\AppData\Local\xdf.exe (Trojan.ExeShell.Gen) -> 47560 -> Unloaded process successfully.
%UserProfile%\AppData\Local\xdf.exe (Trojan.ExeShell.Gen) -> 50404 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (S7) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
%UserProfile%\AppData\Local\xdf.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
%UserProfile%\AppData\LocalLow\Sun\Java\deployment\cache\6.0\1\71983041-1008e494 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Jerry said...

THANK YOU SOOO MUCH!!! Your guide (step 1) worked so well for me! The only problems I had was sometimes the "Vista Antispyware" would completely shut off "Command". Oh also, I had "Vista Antispyware 2012" in which this method worked fine. THANK YOU AGAIN!!

Anonymous said...

I just got the Vista Antivirus 2012 virus, it hyjacked my computer and would not let me on the Internet. I used another PC to search for 'fix for vista virus' and found your site.

thank you so much for posting this fix, it worked brilliantly!

Stupidly my security software had expired and I had been too busy to update it. I have now put on the free Microsoft Essentials.

Please can anyone tell me if this effective for this type of virus.

I believe I got this virus from searching for 'Red Velvet Cupcakes'... beware all you bakers out there... lol!!!

Anonymous said...

when i click start then i do run then command it says something like windows can not fin the word command