Severity scale:  

Vista Antivirus 2012. How to remove? (Uninstall guide)

removal by Julie Splinters - -   Also known as VistaAntivirus2012, VistaAntivirus 2012 | Type: Rogue Antispyware

Vista Antivirus 2012 is a rogue security program that is promoted through the use of Trojans. When this fake program is running, it will simulate a system scan and display a list of false system security threats. Vista Antivirus 2012 will display fake security warnings and impersonate Windows Security Center to make this scam look more realistic. It will also hijack your web browser and block antivirus and anti-spyware programs. Finally the rogue program will ask you to pay for a full version of the program to remove the non-existing infections. Don't purchase it and remove Vista Antivirus 2012 from your computer upon detection.

Vista Antivirus 2012 protects itself quite effectively. It blocks legitimate security software and hijack web browsers. In some cases it blocks all programs, not only anti-virus or anti-spyware software. What is more, it will detect many of well known and reputable websites as harmful and display fake security alert stating that you may infect your PC if you open a particular website. And of course, it disables certain Windows functions such as Task Manager.

To make its victims scared, it will state:

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

It's possible to remove it manually, but you have to re-enable those Windows functions at first. You may also download an automatic removal tool, but again have to fix some registry entries and terminate the main process of Vista Antivirus 2012 to be able to use malware removal tool. As you can see, Vista Antivirus 2012 is nothing more but a scam. If you have already purchased this rogue program then contact your credit card company and dispute the charges. In addition, if you find difficulties in running your anti-spyware, please follow these special tips you should know:

1. Try launching as administrator by right-clicking on executable and choosing from menu

2. Try renaming the executable to something else, like iexplore.exe so Vista Antivirus 2012 will not block it.

3. From another user account on Vista system

4. Launch anti-malware programs from safe mode with networking.

5. Stop Vista Antivirus 2012 processes with task manager or other utility.

6. Using codes like 3425-814615-3990 or 9443-077673-5028 to disable malware.

This will allow running legitimate anti-malware programs and completely clean your PC from Vista Antivirus 2012.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Vista Antivirus 2012 you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Vista Antivirus 2012. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage

Vista Antivirus 2012 manual removal:

Kill processes:

Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = '1'

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe"'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesInternet Exploreriexplore.exe"'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = '1'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = '1'

Delete files:





About the author

Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

  • EnriqueAdams

    Thanks for sharing info! But when i scan my computer with help of antivirus it removes all defected files .But how can i protect some important files …

  • joseph

    it is not enough for fix this issues.

  • kman

    This thing ran even in safe mode. Had to run FixNCR.reg to shut the thing down in safe mode. Malwarebytes then found two trojans and got rid of those. MSSE would not run and had to remove it from the startup folder in order to uninstall and reinstall. Also had to reinstall Spywareblaster. File was listed as ibn.exe in the user profile and the users application data file.

  • Brookline19

    Im having issues with this virus also. I think I have removed the virus but it has damaged a driver and is now giving me a BSOD: IRQL_Equal_OR_LESS error. Anyone else have this issue?

  • spuno

    This worked for me, thanks

  • sprnrice

    This was very helpful!

  • jack rich

    ok i found a bug around this to get your internet running to download malwarebytes run scan and remove….just open internet explorer or any other browser and open it 20+ times really fast it confuses the malware it caint keep up and you will get one open successfully

  • nhbird

    I have a HP laptop, running Windows Vista. I hit F11 on the restart, which allowed me to create a restore point to before this POS showed up. It was that easy…hope this helps out!!! Happy New Year!!!

  • Virginia

    i just got this viruas the day before christmas…could not even play free cell let alone get on line..after reading up on it yesterday i was not able to restore my computer to an earlier date but i was able to make a new administrator account and delete my old one which did the i guess i need to get some new security andf hope it does not come back!

  • mmontgomery

    I did a system restore and then used my PC Spyware program to scan and then rescan and so far so good. I deleted all my cookies and cleaned out the cache. I actually went back three weeks to restore. I have made sure everything is up-to-date.

  • Slolem66

    Tried system restore 2 times and it has failed to restore? Is any software free and safe to use?

    • omni

      because of the attack on the user profile, you need to force the RESTORE to run as administrator . . . right click, not left click.

  • marky

    thank you so much! worked like a charm. merry Christmas to all

  • John

    You might have to reset the winsock in order have browser to display pages again, when the problem is not firewall settings or IE lan settings. Run cmd.exe with administrator privileges an then:
    c:>netsh winsock reset

    your browsers should be working again.

  • Nick

    Just got it again. I had it a few weeks ago but I was able to System Restore and get rid of it. Now when I try to System Restore it just restarts before it can finish. Also its throwing in a bluescreen now. Any tips on where to go from here? Im thinking of justing spending the money to get it fixed.

  • Joe Mama

    Yeah I think somehow theyve designed it to get in through hostile scripts or something. It popped up on two of my work computers (see below) when I wasnt clicking on links or downloading programs.

  • Joe Mama

    This is a very nasty little virus, but luckily I was able to remove it from two computers within a couple days of each other. Both times it showed up, I was browsing the internet, the first time with MS Internet Explorer, and the second with Firefox. I use Avast antivirus, and both times it popped up with a warning about an attempted malicious script. I figured that Avast would block them, and both times I closed the warning popup. After that is when the virus started. I dont know if the virus was spoofing Avast warning popups so that when you click on it it installed the program, or if it was somehow able to attack Avast to the point where it took it over. This first time it was called Vista internet security 2012. On the first computer, the problem was fixed pretty easily, and after a virus scan and malware scan using Spybot S&D, it showed the computer clean with no more problems.

    Two days later, the second attack occurred. The same thing happened as before, I was online and Avast popped up with a warning. I clicked to close it, and then the Vista Antivirus 2012 virus popped up. This time it was a bit trickier to get rid of, since the first version still allowed me to open executables, but this version wouldnt. I did manage to finally remove it, however it did something to Avast which wouldnt allow it to use real-time protection and disabled a few other components. It also screwed with Windows firewall, Windows Defender, and Windows Security center even after the virus was removed. Some residual component was still left which wouldnt allow me to remove and reinstall Avast. I had to do a system restore on the computer which took care of the problem, and after a reinstall of Avast and scanned for viruses and malware, it now has a clean bill of health.

    I really would like to know how this virus got on two of our computers. I didnt click on any suspicious links or download any strange files. Im computer-savvy enough to know not to do that. In fact, the second time it happened I was reading an article online when the virus popped up and I dont think I was even touching the mouse. Now I only use Firefox with the Noscript addon to prevent this from happening again.

  • Randall

    If its intercepting all of your executables, then what you do to safely run them is right click the exe (or its shortcut) and select “Run as Administrator”. It doesnt seem to be able to intercept exe files when you run them like that. Thats how I got my anti-virus software to run, otherwise it would intercept it and not let it run.

  • Alternative Way

    If you create a new “Admin” account and delete the infected account, everything will be back to normal. HOWEVER, there is a risk that some of the files are infected. With the newly created account, run a legit anti-virus program. Voila!

  • vq5

    I thought I removed this several times thinking alls well only for it to come back again. You will see you think its gone for couple days then its back. Hopefully someone finds a permanent fix soon.

  • %^&*!!!

    I was attacked with this mother today, december 19th, and successfully removed it by doing a forced shutdown, rebooting in safe mode with networking, and doing a system restore. Everythings running just fine now.

  • Hate Malware

    Since the name keeps changing, I suggest doing this (Vista):
    Boot in safe mode
    Open the task manager
    Find the “Antivirus” application
    Right click it and press “Go to Process”
    Right click the highlighted process and press “Go to file location”
    End the Process in the task manager
    Delete the executable with the same name of the process in the newly opened folder

    After doing this, I did have some issues opening executable files. I got around it by trying to open some random file using Firefox (dont know if you can do it with Chrome) and went to this page “” in order to fix the file association issues

    Good luck

  • vudoo-

    I just acquired and spent all afternoon fighting it.

    the executable was qep.exe

    i followed the instructions at the top of the page. some of the values were missing or different.

    basically get to a point where it isnt running and cant start, then system restore. it sucks. i was lucky that i downloaded a windows update yesterday, so I didnt lose too much.

    hope this helps.

  • Ian

    I tried to run system restore and couldnt but I right clicked and ran as admin and it got around it that way. Hope that helps.

  • Tyler

    Ran into the 2011 version of this virus and still have Malware bytes on my computer from it, I ran it 3 different times, and 3 different times it failed to get rid of 2012. Downloaded STOPZilla, started scan, and it caused my computer to crash (either the virus or STOPZilla) Did a system restore to a few days ago, was fine all day today, then around 1:20 A.M. CMT, I got the virus again. Downloading STOPZilla again, and also downloading STOPzilla, and going to run all 3 (malware, STOP, and Spyware) I hope THIS gets rid of it…

  • bert

    well i followed the steps opened in safe mode and it popped up anyway i went to system restore and just befor ei could make a selection the power shut off.. so i tried again and it goes to the system restore page and shut off.. i ve tried now 5times to hard start and do something but it keeps shutting down..what do i try now..?

  • Doing this Too Long

    Just start in regular Safe Mode. No Networking. it takes a min but system restore will come up. Regular safe mode keeps the virus from opening. Then your home free from there.

  • bonezy

    i removed this virus by creating a restore point! this virus blocked internet explorer, and others!

  • wisernow

    As reported above, the rogue program disabled most avenues to recover — I presume the jackasses follow this thread and others on the same subject in order to “enhance” their product to make it even harder to clean off your PC. I was finally able to get my System Recovery CD to boot (the Trojan program seemed to be able to override the boot options, but I finally was fast enough on the keyboard to boot from CD).

    Once I did a quick System Repair on the boot partition, I was able to create a second admin account, bring up Task Manager and kill the 3-letter process running, and then run the real system restore (which had also been disabled by the Trojan). Nasty business, this “Vista Antivirus 2012”

  • Neil

    It popped up on me even when I started in safe mode wouldnt let me run system restore. I eventually opened up the windows folder on my computer, found the system restore icon (rather than the shortcuts from the start menu or control panel) right clicked on it and selected “run as admin”, and that worked. Thanks fortheheads up on deleting cookies. Will go do that now.

  • Steve

    Update: Found my Process as adv.exe

  • Will

    **** Oh, and for those of you who have more than one user account on your computer, be happy. This infection can only infect one account. So log out of that one, log into your other account, and then run malwarebytes to get rid of it. I hope this helps.****

    You can also create a new user account, make it the administrator, boot up and then get to system restore to get your computer at least back running minus the pain in the arse Vista security screen and being able to get online… Im now going to run MalwareBytes and other cleaners from sites to see if I can get rid of it where ever it might be sleeping…

  • Cerena

    Heres some added info I just learned that will help many of you. This Vista Anti-Virus/Spyware is actually located and ran from your cookies. You have to commonly remove and delete your temporary internet files (cache and cookies) to keep it from taking over your computer. This program/file will sit in your temp files until a later date and time, and then spring on you when you least expect it.

    As well, if you want to be prepared for this virus attacking again, you can create a Bit Defender CD (you can download this program free from online, a simple bitdefender search on google or yahoo will bring it up). Once your computer is taken over, you can pop in this CD and it will run a program directly from that CD to scan for the infections. This may not get all the infection out, but it WILL give you control over your computer again, to go and run whatever adware/malware antivirus/antispyware program you have. One of the better programs for catching this infection, is with MalwareBytes (once again, downloaded for free).

    Oh, and for those of you who have more than one user account on your computer, be happy. This infection can only infect one account. So log out of that one, log into your other account, and then run malwarebytes to get rid of it. I hope this helps.

  • oepix

    I found it as vef.exe, removed it twice in 10hrs via spybot, dono how my pc got infected and antivirus didnt even blink…crap

  • DennyDIep


  • Virus Slayer

    This worked for me… Even being computer illiterate and all. Thanks to you guys of great wisdom.

  • RC

    I got this virus twice. First time, I clicked on it, not realizing it was a virus. Today, I went to task manager, right clicked on whatever was popping up (the fake Vista anti-Virus and the fake Windows Manager) and clicked on “go to process.” It takes you to the process with the name to delete. Had to do that twice. Hope it worked. And I had AVG free. Didnt pick a thing up.

  • Cerena

    Obviously this virus/malware/spyware has gotten even more advanced. I couldnt access internet at all, couldnt use any antivirus or antispyware programs, and I couldnt even do a system restore from the main menu, from any of the safe modes, and not even from the OS disk! Im left with having to reformat and reinstall my entire system. 🙁 Beware of any sites you download from. If there are comments about things you are downloading, read them! People will leave comments if a site or link downloads a virus instead of what they wanted, cause theyll be pissed and range about it. Take precautions. If you dont have an antivirus and antispyware, you can download AVG for free, and it does a wonderful job at protecting your computer.

  • Mike Blake

    Just wanted to pass along a quick tip that makes eliminating this must faster if you already had the freeware version of Malwarebytes installed, but are unable to run it because the infection redirects starting most .EXE files to itself.

    Boot to Safe Mode, Command Prompt Only. From the c: drive change directories to the programs home directory and rename the main programs executable from MBAM.EXE to MBAM.COM. Yes, they forgot that .com files are executables too. Once it starts you can update it and itll clean the system up.

    On most PCs Ive cleaned up, the path is “C:Program FilesMalwarebytesmbam.exe”. But if youd rather not type all that, remember the old DOS folder names…you can cd to progra~1 and malwar~1 instead!

  • tOM

    I just ended all the processes that had three letters. It was a battle to keep them closed long enough to get the System Restore window up, but eventually I won out. Thanks for the tips everyone!

  • pissed off

    I rebooted in safe mode just now with networking, I opened up my device manager. I searched for three letter. EXE files and found VJH.EXE. I cancelled it and it turned off the malware per say. I tried to start up system restore which soon opened up the file again. I kept on ending procress once i saw VJH start up…..after a few tries and being offline, i was finally able to open system restore. seems all is good… phew…thanks for the tips!!!

    P.S. I had to hard shutdown the computer, removed the battery just in case, and disconnected any lead wifi/cable for internet.

  • L rayfield

    when i got the virus i couldnt even do the system restore, even in safe mode i couldnt, but i did put in the vista os disc restarted computer and pressed f12 to choose to boot from disc then i was able to do the restore from the disc

  • pe_fontes

    THANK YOU SO MUCH THANK YOU THANK YOU THANK YOU, i cannot give you anythign to trade but i will spam this url over the net 😀 THANK YOU

  • DGFreeman

    Nothing has worked for me so far, currently in the process of factory image restore. Well see if that takes car if it, I think it should. I have to say I have two Dell machines and both of them are having trouble lately. Don know if it is Dell or windows or what, but Im think of going all Mac!

  • Martin Graham

    Its pretty simple to remove this virus. Dont attempt to remove it manually or with the help of anti-virus software. I have had this infection twice, and this is what you do:

    1. Shutdown your computer as soon as you recognize the virus. Force a shutdown if necessary with the power button.
    2. Start it up and keep hitting the F8 key while it is restarting until you get the boot menu. Choose Safe Mode with Networking.
    3. Find System Restore from the Safe Mode Popup that appears. Start the System Restore wizard and choose to restore to the checkpoint it recommends.

    Thats it. The only thing you will lose are any system changes since the last system checkpoint. Your data files, pictures, music, etc will not be affected.

    I have done this twice with good results.

    • Red Thurman

      I sys restored once and it worked. Got it again – you cant do F2, F8 (like you said above) any more. Now when you go to any Safe Mode including including Networking the scum bastards have control of that too.

      Microsoft and Microsoft Corp is all over it why cant one of those wizards track these morlocks down, have them arrested, prosecuted or slowly and painfully execute them and help cleanse the gene pool.

      Any other suggestions how to fix problem or kill them or both???

  • anon

    Actually this virus randomly names its process as a three letter name (not just ppn.exe). It will be different on any infected computer you look at.

  • anon

    I found i as AYN.exe

  • scott penton

    I found it as qto.exe, thanks for this

  • Anon

    I found it as kik.exe

  • Ronnie

    Thank you very much for this info. I performed all the steps as you said and I ran PC Tools Spyware doctor and everything is now back to normal.

  • Ronnie

    Found mine as cbb.exe

  • Jeremy Preet

    The easiest, quickest and safest way to delete any malware is to do a SYSTEM RESTORE on your computer. It is part of Microsoft Operating system software so you know it is not a fake answer that will corrupt your computer. Hit the Start button. In the search cell, write, “system restore” then follow the instructions. Choose a restore time that is the most recent before your computer was infected. System Restore will restore the OS to that time — without the malware. I just did it on my computer to delete malware that took over my internet–Ran System Restore, clicked on internet, no problem — and the program is gone from the system tray.

    • ryu

      what os were you using when this happened?

    • Ashley

      Whenever I do a system restore it comes back–even though I know damn well it wasnt there then.

  • CC

    Found mine named as tvy.exe

  • Markos

    Update! They renamed it to oeq.exe….

  • AJH

    UPDATE! They renamed it to uqr.exe instead of kdn.exe on one I am repairing right now