Severity scale:  
  (82/100)

Vista Antispyware 2011. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as vistaantispyware2011 | Type: Rogue Antispyware
12

Vista Antispyware 2011 is extremely unsafe because it is categorized as rogue anti-spyware. This scam originates from the same rogue anti-spyware family as the infamous XP Security 2011 and other threats from Security AntiMalware Guard group that have been noticed in the middle of November. Vista Antispyware 2011 is known to have been infecting computers running Windows Vista by posing to be legitimate anti-spyware. It implements its malicious tactics through the bogus online virus scanners and sneaky trojans that overcome computer’s defense without any permission.

Having infiltrated computer in this way, malware never stops. Just like its relative programs, Vista Antispyware 2011 drops its own files to detected the as malicious. It functions by displaying numerous security notifications and may also start redirecting your web browser to insecure websites also promoting Vista Antispyware 2011. Its alerts announce:

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Additionally to these above mentioned symptoms, Vista Antispyware 2011 can be predicted to ask you to pay for its licensed version – foolishly said to be the only possible solution if you want to get rid of the problems detected. In fact, Vista Antispyware 2011 scanners are just invented things of the scam and are definitely untrustworthy. It’s highly recommended to remove Vista Antispyware 2011 virus before it will “remove” these problems found on your PC.

How to remove Vista Antispyware 2011:

To remove Vista Antispyware 2011 you will need another PC, as removing it from safe mode with networking will not work in most of the cases.

a) Burn these programs to CD or write them to USB disk. You can use your MP3 player, or smartphone if it has storage functions. This parasite does not spread through USB at the moment:

1. STOPzilla or an automatic removal tool below. Update STOPzilla and run a full system scan.

2.You might want to download Hitman Pro or Malwarebytes as alternate scanners. Though you are likely to be able to download them later on.

b) Boot normally. Wait for Vista Antispyware 2011 to launch, and run exeregfix.reg . This should allow launching legitimate programs

c) Delete or remove the files that are mentioned in our files box. You can use STOPzilla to identify the infected files and additional infections or automatic Vista Antispyware 2011 removal tool. Do not forget update it before scanning. Remove what it finds.

d) Scan with STOPzilla and secondary tools and reboot your PC. This should fully get rid of Vista Antispyware 2011.

UPDATE!!! One of PC security bloggers, S!Ri, has announced about a serial code that may help you to disable those malwares like Vista Antispyware 2011 that change their names according to OS they find. Enter this serial code when doing registration: 1145-17884799-7733. This and the order number 21197673 should also work for earlier versions of this type of parasite. After typing them, you should become able to use your anti-spyware, if it fails follow the guide written below. Be aware that these numbers are expected to change in the near future!

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Vista Antispyware 2011 you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Vista Antispyware 2011. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Vista Antispyware 2011 manual removal:

Kill processes:
pw.exe

MSASCui.exe

Delete registry values:
HKEY_CURRENT_USERSoftwareClassespezfile

HKEY_CLASSES_ROOTpezfile

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*

HKEY_CURRENT_USERSoftwareClassespezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*

HKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"

Delete files:
%UserProfile%Local SettingsApplication DataopRSK

%UserProfile%Local SettingsApplication Datapw.exe

%UserProfile%Local SettingsApplication DataMSASCui.exe

%UserProfile%AppDataLocalopRSK

%UserProfile%AppDataLocalpw.exe

%UserProfile%AppDataLocalMSASCui.exe

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions


  • Guest

    I don't HAVE ACCESS to another computer.

  • Guest

    this is a horrible procedure. and spyware doctor doesnt remove anything unless you buy the full version. thanks for wasting my time, now i can go waste some money paying a computer geek to fix my computer for me.

  • foobar

    isoHunt seems to be at least one source of this infection. It's probably one of their ads.

  • Guest

    Instructions say to run exeregfix.exe however there is no link or location to download this file.

  • guest

    I revomed this by repeatedly pressing f2 on startup and using system restore from the menu which appears. no downloads required, job done.

  • PO’s comp user

    This is all bullshit. I don;t have access to another computer either, there has to be an easier way.

  • Vitiok

    used Malwarebytes. problem solved

  • Disinfector

    I just removed this virus from a Vista machine but the executable was iqo.exe rather than datapw.exe.
    First, I booted into Safe Mode with Network Support.
    Then, I found iqo.exe in Task Manager (launched with CTRL-ALT-DEL) and noted the path to the image.
    Then I killed the process tree.
    Then I navigated to the location of iqo.exe.
    Then I configured the folder options to show hidden files *and* protected system files.
    I then noted the date created for iqo.exe.
    I deleted iqo.exe.
    I deleted other files in the folder with the same creation date/time.
    Then I updated MalwareBytes and ran it.

    I hope this helps.

  • nathan

    The above did not work for me, because the virus was not under the same name.
    This virus was called tge.exe on my friends computer and ran as a process or service called microsoft games center or something like that. I took the harddrive out and used it as an external on my computer and ran microsoft security essentials. It found another rouge, but it seemed like tge.exe was still running. If you cannot run it on another computer, I would just start in safe mode. C:usersyournameappdatalocal is where you can find tge.exe. If you can find the exe of the virus and delete It, then do that. It was hiding itself from explorer for me. I opened up task manager and right clicked on the tge.exe process and hit properties. I then stopped the process from behind that window. When it was stopped, I renamed tge.exe to something else. It had messed up my ability to open up .exe files, so I used this fix http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html . I would disable anything in internet explorer addons that you do not directly know, because it will try to open up vista spyware 2011 in the window. I would not install another malware remover. I would just download microsoft security essentials for free if you dont already have virus protection. itThis was a rough virus to get rid of and I give credit to God for guiding me as always :).

  • Anon

    10. by . 2010-11-24 08:11:57
    I dont HAVE ACCESS to another computer.

    ^^^ Use a library its one thing theyre good for

  • Eric

    Still working on getting rid of mine but mine is KBR.exe

  • John Crosby

    Though I couldnt launch .exe files, it seemed to work when I right clicked and ran as administrator.

  • chris

    i fought with vista anti spyware for a couple of hours & no trick that I knew could get rid of it for any length of time…. I contacted my credit card company & told them what was going on, I told them I was going to purchase their product then stop payment on it, (I have my own retail buss) the credit card company will “charge back” the monies on my card, they will have to fight it, either way win or loose it costs them 35.00 for a chargeback fee…..

    if everyone did this to each b.s. company that puts a virus on your computer & then tries to make you buy their system, it would cost them a fortune!!!!!

    hope it all works out in the end,

    p.s. the guy I talked to from the cc company had to chuckle, :& said it was a great idea….

    cg

  • Jeff

    yep, I tried everthing to get rid of this, actually unsure how it got through my high priced virus / spyware program, on my business computer. Finally got a brain fart and retored ny system to an earlier date. system works great again.

    Not hard to tell that this is a scam though with all those spelling mistakes, but what a bitch!!!

  • mb

    worked great and got rid of the vista antispyware.

  • Jess

    SYSTEM RESTORE!
    I followed the above instructions and it didnt even work (without paying).

    However, I ran a system restore, to about two weeks ago, and its gone.

  • snow_eyes_d.a.b.

    I have another code in case that doesnt work.
    1147-175591-6550
    does anyone know how to reset the system to a previous date? i think it uses task manager? but i cant remember how to get there manually. Help?

  • Sarah

    All right, the best thing EVER I have found for this horrible virus (which still unfortunately requires another computer) is downloading Microsoft Security Essentials off of the Microsoft website. Its the best program Ive ever had (way better than Norton) and its FREE!!
    Just run a quick scan, it detects it, and then its gone. I spent all day trying to find a solution to this virus and nothing on any forums. This did, hallelujah. And its even protected me from it two other times. One of those times just now when I clicked a link on google. Microsoft Security Essentials picked it up and cleaned it off in a matter of seconds.

    http://www.microsoft.com/en-us/security_essentials/default.aspx

  • T3B3C3

    > MS Security Malware detected, although at first and tried to detain him and, of course intermediary for the infection still occurred.
    > Avira disappointed this time the full line. Even if malware detected, youll eat at all could not cope.
    > While antimalware found and “pretended” to remove that, but with minor bugs.
    After removing Vista Antimalware completely stopped working security center, rehabilitation center, antivirus, firewall and defender were not going to run.

    Please use the restore points, then the laptop recovery tool from the notebook manufacturer. And everything will be ok.

  • Davy

    After much frustrating messing about found the comment about Microsoft Security Essentials. Worked perfectly. Thanks

  • tkg2902

    As mentioned earlier, you can disable it by using system restore, but make sure you do it in the repair mode. Using system restore in normal operating mode wont kill it.

    Doesnt hurt to run a good system scan and and tune up at a repair facility as well.

    Also, beware of some of the sleazier porn sites ! Yeah thats where I got mine. :o.