Severity scale:  

Vista Guardian. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as VistaGuardian | Type: Rogue Antispyware

Vista Guardian is a rogue anti-spyware program that deliberately displays exaggerated scan results to make you think your computer has many infections and security/privacy risks. This program is usually promoted through the use of fake online scanners, that state that your computer is badly infected and that you should download and install Vista Guardian in order to remove infections and to protect yourself. When Vista Guardian is installed and active it will automatically perform a fake system scan when you login to Windows. After the scan it will display numerous infections of exaggerated security threats on your computer and then state that you should purchase the program in order to remove the infections or threats which don’t even exist. Don’t pay for this bogus software and uninstall it as soon as possible. If you are infected with this virus, then please use the removal guide stated below to remove Vista Guardian from your computer manually for free or with an automatic removal tool.

While VistaGuardian is running you will also find your computer flooded with various alerts stating that your computer is infected with malware. This program will hijack both Internet Explorer and Firefox to randomly display messages about insecure Internet activity when browsing the web and state that you should purchase Vista Guardian to protect your computer from possible attacks. These alerts, like web browser hijacks are just another attempt to trick you into believing that you are infected with Trojans, worms and other viruses. However, the worst thing is that this parasite blocks anti-virus and anti-spyware software as well as useful Windows functions (Task Manager and Regedit). In order to remove this virus you will have to either use another PC or re-enable default Windows registry settings. To do this, please use the guide below.

Vista Guardian removal instructions:

1. Click Start->Run (or WinKey+R). Input: “command”. Press Enter or click OK.
2. Type “notepad” as shown in the image below and press Enter. Notepad will open.
3. Copy and past the following text into Notepad:

Windows Registry Editor Version 5.00


“Content Type”=”application/x-msdownload”


4. Save file as “exefix.reg” (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files
5. Double-click to open exefix.reg. Click “Yes” for Registry Editor prompt window.
6. Download STOPzilla or an automatic removal tool below. Update STOPzilla and run a full system scan.

If you can’t complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install STOPzilla.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Vista Guardian you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Vista Guardian. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Vista Guardian manual removal:

Kill processes:

Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*

HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*

HKEY_CLASSES_ROOTsecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesInternet Exploreriexplore.exe"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"

Delete files:


About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

  • Javier

    It says to me that I dont have access to the device, route of access or file specify. It is possible that it does not have permissions adapted to have access to the element. HELP PLEASE!

  • Guest

    Thanks a lot dude. Its really effective. You are better than these antivirus companies dude…..keep up the good work…. 🙂

  • Guest

    its really worked! thanks alot! awsome work done! thumbs up

  • Guest

    u have to pay for the spyware

  • handy

    when deleting manually, do not delete everything, let “%1” %* stand, else you wont be able to open .exe files. (except with right click and start as an admin)

  • a thanker

    Thanks a lot, it worked like a charme!

  • Guest

    THANKS! i put it off for 3 days it was dumb… it was fu-kin easy to do. took 20 seconds!

  • <Concerned User>

    You still cannot remove it for free.. you must pay for a key after using spyware doctor……

  • Guest

    I did the first command: Kill the process: av.exe
    Regedit cannot be found.
    Internet explorer is broken and won't work.
    what next?
    any help, please

  • Guest

    I can't find the last file at the end… help?

  • Guest

    just wanted to see if these posts were legit

  • Guest

    where do these thing come from? dont want to get it again!