Vista Total Security 2011

Vista Total Security 2011 is a rogue security product that uses random name and install itself on the computer without user’s permission. Vista Total Security 2011 is deliberately installed only on machines running given operating system. While Windows 7 and Windows XP is intended to acquire Win 7 Total Security 2011 and XP Total Security 2011 respectively. If any of these fake AV is installed on system, users will be bombarded with fake alerts and warning messages showing various threats detected. An advise to remove them is offered but only with the registered version of Vista Total Security 2011. This program is not for free, victims must shell-out a sum of money to upgrade it to a full version. Even with the paid version, viruses still remain on the computer because user is put on situation where rogue programs are marketed in deceitful way. No positive outcome will be obtained when buying rogue program such as Vista Total Security 2011.

As a matter of fact, Vista Total Security 2011 virus must be removed immediately from a computer before any further harm can be achieved. Heavily infected computer may experience browser redirection and Internet access blocking. All installed applications are also prevented from running. Security settings will be reduced by ending security-related process.
Taking out Vista Total Security 2011 from a compromised computer will not be an easy task. It did not provide any uninstall information for automatic removal. This rogue product can only be removed by using a trusted security application made available below. Make sure that database is updated before running a full scan on the compromised computer.

Vista Total Security 2011 Screen Shot:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Vista Total Security 2011 Removal Procedures

Manual Removal:
1. Stop Vista Total Security 2011 process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
(random characters).exe

2. Update your installed anti-virus program.

3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.

4. Edit Windows registry and delete Vista Total Security 2011 entries.
– For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
– For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.

5. Exit registry editor.

6. Remove Vista Total Security 2011 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
(random characters).exe

7. Click Apply and restart Windows.

Vista Total Security 2011 Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.

Technical Details and Additional Information:

Vista Total Security 2011 Files:
%UserProfile%\Local Settings\Application Data\[random]

File Location for Windows Versions:

  • %AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\
  • %UserProfile% is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
  • %Temp% refers to C:\Windows\Temp\.

Vista Total Security 2011 Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1’ = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1” %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1” %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1” %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1” %*’

18 Responses

  1. Joe Burgarino says:

    Please stop with the pop ups Im not interested in your product

  2. Tamara Kelly says:

    Somehow my computer became infected by the vista security 2011! I spent 3 days trying to go through this page and delete the registry keys associated with the program! Since I am not a computer pro I was concerned with deleting registry keys that I didn’t know what they belonged to! I tried downloading Spy Hunter and Spy Doctor and both of them will scan your computer but if you want vista security removed you have to buy the program! I was hesitant to do a complete system restore and found that vista security had blocked my access to it! I came across the malwarebytes website which told me that it would scan it and get rid of it as well! I downloaded the program but vista security blocked it so that I couldn’t run it. I changed the name to something simple and tried again! This time it did scan and found the trojans and quaranteed them! After that I shut down my computer and restarted it and have had no more programs with my browser being hijacked! Malwarebytes is totally free to use and works great! I didn’t like the thought of removing registry keys when no one could decide on which keys to remove! I didn’t want to take the chance of crashing my computer! This was so simple to do and completely solved the problem! I did contact the support group email on the vista security box and was told that they had nothing to do with this and that the virus would self delete in 6 days! That I don’t know but this program does work great and you can’t beat the cost!
    Good Luck this one was hard to fix!

  3. Druid TC says:

    It’s blocked everything – internet, system restore, regedit. What should I do?

  4. Chris B says:

    I’ve removed this virus a few times now, I’ve had the best luck removing it using safe mode with command prompt. Killing the process first, then proceeding to regedit with no problems, then followed the above instructions.

    In case you are not familiar, with the command prompt:
    “C:\regedit” for the registry
    “C:\start windows” to browse your hard drive for the files

    I then did a system restore from the “windows repair” option from the boot menu for good measure. Seems to work well, hope this helps!

  5. Tiffany says:

    I got this virus from some lyric website! And I did what you said about finding the process and closing it (mine was pti.exe) and it wouldn’t let me into spybot or any other virus software so I just kept closing the process quickly when it popped up on the list and spybot opened and that has gotten rid of it completely so thank you so much for this!

  6. Tiffany says:

    Ps – it wouldn’t let me access the Internet eithere, so if it does that, close the process and try again.

  7. Vanessie Smith says:

    This product is a total rip-off. Less than a month ago I had pop-ups on my Vista laptop stating I had several viruses as to download Vista Total Security for best defender. Now three weeks later, I have old viruses and new viruses popping up all over the place and these people want me to send them some more money. I guess they just suppress the viruses and when I tried to contact support… guessed it…..I got zippo. But they still have my bucks and I still have the viruses. Isn’t there a law against this?

  8. quick geek says:

    this system security tool is very annoying…what we can try is to perform a system restore and take the computer back to a previous date when it was working fine….then boot to desktop try running a superantispyware(free edition) remove the infections and restart Windows…….the cause for this issue is a Rogue Fake Anti virus(it will perform a fake scan and ask to purchase it) try to remove it and have peace of mind with respect to the computer

  9. Dean says:

    Thank you so much!!!!! It worked perfectly!

  10. Black Barney says:

    I got this last week and got rid of it last night. I did a safe restart and ran Windows Restore from that to a date a couple weeks back. Then I installed an anti-malware application which removed 3 infected files and that did it.

    What an annoying virus. Thanks for posting this for other victims!

  11. Mike D says:

    Thank god there are people who figured out how to get rid of this virus! My parents just got hit with this virus. It is indeed one of the most difficult ones to get rid of, that I have encountered. I’m currently in the process of the computer being scanned.

    Unfortunately, I can’t always help my parents out with this stuff because I’m not always around to supervise their internet browsing. This is the sort of thing that I cannot stress enough on, people need to be educated on viral tactics. Learn the signs of impending danger if you click on a link to some website or open an e-mail!

    @Vanessie Smith: You are a typical uneducated computer user. The program is not an anti virus, it IS a virus, and quite a difficult one to get rid of. It got onto your computer disguised as an antivirus (this is a tactic called phishing), and scammed you. On top of falling for the scam, you actually paid the people who created the infectious program! Yes, it is stealing, and there probably is a law, but good luck with that. You will be much better off taking a few computer classes that teaches you the signs to watch for when random things pop up on your screen. Never…..ever….ever ever ever ever assume that a program is safe when you are NOT the one initiating it!

  12. Jonathan says:

    I had run a virus scan and during the scan it found the virus and deleted it but now I can’t open the programs without running as administrator

  13. Easy says:

    Thanks! Stupid program tried to get me!

  14. Josh says:

    I found that opening windows task manager in normal mode helped. I found the three character .exe file. I opened it and left it open. I opened my recycle bin and then ended the process in my task manager. After that I deleted the file. Then I emptied my recycle bin. It worked. I don’t know about anyone else, but hoped or helped.

  15. Aaron Borg says:

    Do this…..

    1. Turn on computer and acsess SAFE MODE
    2. Let it all load up when it does type in search SYSTEM RECOVERY
    3. Open and run it. Then go back to a time the virus wasnt there so say you got it on 12 april 2011
    go back to 10 april 2011 (then follow the onscreen instructions)
    4. It will take about 10, 15 mins then when windows starts up it will then be okay to use
    with the virus gone.

    Just did this and it worked fine.

    This virus wont let you use the internet ot hardly anything so you will need
    to do this, its the only way of removing it’.

    Remember: SAFE MODE only as normal mode wont work

    Thankyou Aaron Borg.

  16. Sophy says:

    nothing is working :( this virus has locked me out of everything. i cant get online or into recover nothing. please help. Ive already tried buying it to and that didnt work so now im out 60 dollars :( :(

  17. Ipsita says:

    thankx a ton for the article…..
    it was of awesome help….
    i did everything that was mentioned above…
    1) deleted the virus in ‘regedit’.
    2) downloaded the Stinger McAfee thing….it worked wonders.

    now there are no pop-ups…..n i can open the other anti-virus softwares i have in my pc….
    though i notice a dotted boundary with the vista logo around the antivirus softwares…..sometimes that worries me….as for now everything is OK.
    :-) thankx again..:-)

  18. syedzaman says:

    my internet not work

Leave a Reply

Your email address will not be published. Required fields are marked *