Home Malware Programs Rogue Anti-Spyware Programs Vista Security 2011

Vista Security 2011

Posted: November 10, 2010

ScreenshotThe rogue anti-malware program Vista Security 2011 offers the user malware protection, but Vista Security 2011's features are merely faked to create an appearance of both infection and defense. Vista Security 2011 adjusts its name to suit the operating system of the computer Vista Security 2011 infects, making this version of it a Vista-only infection, although you may see Vista Security 2011 infecting other Windows operating systems under a slightly different name. Without deleting Vista Security 2011, your computer will be attacked by false alerts and system scan results, blocked applications, web browser hijacks and altered system settings.

A Different Shell Covering the Same Rotten Egg

An infection by Vista Security 2011 will only occur by that name in a computer running Windows Vista – this is because the rogue anti-malware program Vista Security 2011 uses a different name for different systems. For example, XP Security 2011, Vista Security, Vista AntiVirus 2011 and XP AntiVirus are all spin-offs of this single infection, and they all engage in the same malicious attacks on your PC.

Once Vista Security 2011 infects your PC you will start experiencing the appearance of strange alerts and errors. These are entirely faked to create a sense of vulnerability in the user and don't indicate that countless infections are actually taking over your system. Some of Vista Security 2011's preset errors can include:

“Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.”

“Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.”

Vista Security 2011 reports that it is turned off. Antivirus software helps protect your computer against viruses and other security threats. Click Recommendations for suggested actions you can take.

"Windows Security Center
Vista Security 2011 reports that it is currently turned off. A firewall helps to protect your computer from potentially harmful content on the Internet. Click Recommendations to learn how to fix this problem."

"Vista Security 2011 Firewall Alert!
Vista Security 2011 has blocked a program from accessing the Internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords."

Paying no attention to these errors will prevent them from directly harming you, but Vista Security 2011 is also likely to indulge in other types of malicious behavior with more serious consequences for your computer's security.

Although Vista Security 2011 may badger you about a registration process, you should never give money or private information to the fraudulent company responsible for this rogue anti-malware program. Doing so will result in your being a victim of fraud at the very least, and keeping Vista Security 2011 on your PC is completely non-beneficial.

Vista Security 2011 Doesn't Stop with Bad Warnings

Along with Vista Security 2011's more visible attacks, Vista Security 2011 may use the above errors to cover up Vista Security 2011's attempts to crash your anti-malware and Windows maintenance software. Another typical sign of Vista Security 2011 infection is strange web browser behavior - unusual error messages that prevent you from visiting safe websites, or spontaneous redirection to malicious websites.

In extreme circumstances, faking a registration process with the code '1147-175591-6550.' is known to reduce, but not stop malicious behavior from Vista Security 2011 and its clones. The complexity of Vista Security 2011 as a threat including dangerous Registry entries and other difficult to remove components make anti-malware software your best choice for removing Vista Security 2011.

Verify that Vista Security 2011 isn't active before you try to remove it; Vista Security 2011 may be visible as an active memory process with a name consisting of three randomized letters, even if you've already closed the visible program. Update your anti-malware programs before you attempt your scans, since Vista Security 2011 is a recent infection, as Vista Security 2011's name indicates, and can avoid removal attempts by less updated software.


ScreenshotScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
    2 %AppData%\Local\[RANDOM CHARACTERS].exe
    3 %AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
    4 %AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
    5 %Temp%\t3e0ilfioi3684m2nt3ps2b6lru
    6 c:\[RANDOM CHARACTERS].exe
    7 c:\Program Files\Vista Security 2011
    8 c:\Program Files\Vista Security 2011\VS2011.exe
    9 c:\WINDOWS\system32\[RANDOM CHARACTERS].exe
    10 c:\WINDOWS\system32\winhelper86.dll
    11 c:\WINDOWS\system32\winlogon86.exe
    12 c:\WINDOWS\system32\winupdate86.exe
    13 Vista Security 2011.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 LETTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 LETTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Vista Security 2011"HKEY_CURRENT_USER\Software\VS2011HKEY_CURRENT_USER\Software\Vista Security 2011HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Vista Security 2011HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 LETTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM 3 LETTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winupdate86.exe"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Vista Security 2011

61 Comments

  • Andrew says:

    Hey,

    I had this all of a sudden. Any browser i tried to open would just give me a bogus page about how my computer was infected. Even opening windows defender and clicking on things opens up the "Vista Security" screen. What are these faggots running out of russia? why are they not in prison for this? I almost want to give them my credit card so i can trace them and skull[REMOVED WORD] their families. A virus is one thing, this is ridiculous. I did a system restore and it took care of it.

  • Collin says:

    I did the same as Andrew. i did a system restore and I got things working good again. To those Russians Bleep them. This virus is a bitch.

  • John says:

    I had the same problem. internet access blocked. Even scanning with McAfee didn't work after 12 hours! Restored system from last back up and scanned with McAfee and all OK. Wasted 6 hours of my life sorting it! B**st**ds!

  • cr8ig says:

    hi there
    im having the same trouble and have tried the above and a system restore but still i have the issue of vista security 2011
    can anyone please help

  • Tim says:

    I am having the same problem right now! When you say you did a system restore does that mean you followed the manual system removal insturctions above?

  • Beth says:

    I'm a complete technophobe and this hasn't really helped. How do I restore my system?

  • Beth says:

    How do I do a system restore?

  • augie says:

    i got this virus for no aparrent reason, i didnt click on anything. just opened firefox one day and it took over imediatly. i tryed system restore point, and it did not work. mabey i didnt go back far enough idk. So i wiped all hard drives and am fresh installing vista. Freakin BS it is. but really i had nothing important on that particular PC.

  • Joe says:

    I have this virus now. I booted up my computer in safe mode and i still cant open regedit or command prompt, system restore doesnt work either and i cant get on internet to download those removal softwares. Even if i do get it from another computer, i doubt it would let me open it. Im currently using my phone to get on here. Desperately need help.

  • Nick says:

    I am going through the same thing right now. I spend all morming trying to get rid of this stupid virus. I am doing system restore right now and hope it works. I wish i could find out those stupid idiot doing this.

  • Jason says:

    Wow this virus was an annoying one, first thing i did was uninstall firefox, woops. Then i noticed it kept loading the defender, i searched for this program on my system... nothing found and i remember i never installed anything so dumb in my life? vista internet security? hah what a joke, then i kept closing something called lsc.exe in task manager, then i used CCLeaner and did a quick scan for TEMP files, then removed the threat right then and there. didnt even need that malware scanner since it asks you "pay me or no threat removed" nice little prog though showed me where the threat was i removed it manually.

  • Jamie says:

    I have the same problem. It wont let me run a system restore tho. Any ideas?

  • Ryan says:

    Was unable to use the normal system restore since this virus would not let me open it, even in safe mode. Loaded Windows in the Safe Mode Command Line option and typed "rstrui.exe and restore program loaded and fixed all my problems.

    http://windows.microsoft.com/en-CA/windows-vista/Start-System-Restore-from-a-command-prompt

  • richard williams says:

    my neighbour got this last night - blocks internet, task manager, restore, bios. his brother in law tells him - had same issue and also threatening phone call demanding money even though ex directory !
    well never mind prison these cretins should have their balls cut off. neighbours machine is no longer Vista so problem solved

  • Dice says:

    i found out the virus has one weak point you can run system restore if you "Run Progrm as admin" just right click the program and run program as admin, it forcefuly starts it open

  • Ann-Marie says:

    Try right clicking system restore and running as administrator... worked for me!

  • nathan says:

    i had it "brw.exe" i had a spare account on my OS just 2 make sure (mums laptop) i booted mine and pressed w (windows key)+l and loged in mums account then started restore and woot it worked

  • Neil says:

    Will Norton remove and protect me from this stupid Vista Security Virus?

  • Damien says:

    Ok guys I had this shit as well and I found an easy way to correct it. Right click on system restore and execute it as Administrator.

  • Gracie says:

    Man i have never had so much trouble uninstalling something i hope it's gone it's not annoying me anymore anyone no a program i can run just to be poisitve??

    Thanks,
    Gracie

  • nikki53 says:

    this happened to me yesterday, like most of the people says here, i get rid of it by doing system restore. to some PC you can find it by clicking control panel and look for system and maintenance then back up and restore center. just click "Use system restore to fix problems etc ..\" and the rest will guide you on what restore point do you want to go- that is before the virus attacked your PC. you do all this on safe mode. hope this will help.

  • Lone Star says:

    Many thanks to all who suggested running System Restore as administrator. Worked a treat for me after having just about reconciled myself to doing a complete reinstall.

  • Michael says:

    If this happens to u that u cant even open ur internet browser, do this , right click on the application then click open as administrator , it worked on meh 🙂 hope this helps

  • nikki53 says:

    system restore will do the trick i just tried it .

  • nick2006 says:

    wait for \'vista security 2011\' window to appear. do not close it. ctrl,alt,delete to start task manager. in applications window right click on \'vista security 2011. in drop down list select go to process, the ofending article should automatically be highlighted. select end process

  • Julia says:

    Thank you guys,
    I only could do it with Ryan help - Safe Mode Command Line option and typed \"rstrui.exe and then put restore point, tnanks again.
    I am russian by the way.
    but whoever did it they are cretins, I agree

  • ann says:

    i am trying system restore now. this was my day off and this stupid thing wasted it for me. i am now going out for dinner at 8pm.

  • Sean Shannon says:

    I was attacked with this. My only solution was to (for vista users) Click the start button. Search for the following without quotes \"System Restore\" when you get the program right click it and RUN AS ADMINISTRATOR then follow the instructions. I restored to a point that was only 12 hours before.

    I was glad this worked. I tried everything else suggested in this article and nothing worked. The file that i saw was GWD.exe but when i was looking for that file or any other file that was part of this issue and i was unable to find it. Regedit failed to find the files and locations.

    Restoring the way i suggested above is the only solution in my case.

    If you get infected by this. Run the task manager. Locate the file location. If you find the folder but NOT the file. Run system restore.

  • Deep says:

    Guys, this virus sucks to the core!! System restore through safe mode in the command prompt saved my life!

  • Spelbound says:

    to get to a restore point click on
    Control Panel
    System Maintenance
    Back up and restore Center

    Then select the option below the other two. "Use system restore to fix problems....."

    If you use AVG - it seems to me that the virus interferes with AVG - so _ uninstalled AVG, before going to a restore point, and then re-installed it afterwards

  • Grubensteinerfranen says:

    Dear all, A few weeks back I had Registry Checker Virus doing the same thing as this Vista Security Alert. I found from some ace fellow somewhere THAT IF YOU GOTO "START" "COMPUTER" "PROGRAM DATA" and scan down the list of files - usually ones you recognise !! - ONE WILL STAND OUT AS A 'THAT DON'T FIT' HERE ! Just rename it anything you like e.g. nuisance , and then delete it REBOOT and you're done. This will work for other similar nuisances in the future. Bye, Cosmos-9.

  • Gary Jones says:

    DEAR ALL, JUST GOTO "START" "COMPUTER" "C-DRIVE" "PROGRAMDATA" (NOT PROGRAM FILES) LOOK DOWN THE LIST OF FILES - U SHOULD RECOGNISE MOST BUT BUT BUT ONE WILL NOT HAVE A "NAME" JUST A ROW OF NUMBERS AND LETTERS. RENAME IT "NUISANCE" AND DELETE IT. REBOOT AND YOU'RE DONE . bYE.

  • Hank says:

    In addition to the programdata, you also need to delete the file "xla.exe". You can find the file location from the task manager, right click on xla.exe will let you select the file location. Kill the xla.exe at the task manager first.

  • Mohd Harris says:

    Just got this on 15th April. its was hfw.exe. Unable to go into system regedit. Also unable to go to system restore b'cos no administrator right. Could some1 pls enlighten me how to clear this nuisance virus.

  • Jackie says:

    My computer was attacked last night. I am so glad I decided to research before I purchased it. Thanks to all. I am goint to work on my PC tonight. Your comments are very helpful.

  • Jackie says:

    Hi all, my computer was attacked last night. I am so glad I decided to research this instead of entering my credit card. Your comments have been helpful. I am going to work on my PC tonight.

  • Bonbon says:

    Lucky for me I was able to get on the internet and googled \"vista security 2011\" which brought me to this website. Did a system restore and \"poof\" it was gone!!

  • Bill says:

    I think this thing has updated. I cannot get system restore to even appear. Every time i try to turn it on, the window you are supposed to get to turn it on does not appear.

  • Zoe says:

    Thank goodness for the internet. I had to use a friends computer to find the cure.
    I went to Vista Security 2011 Removal Instructions. Use system restore to remove it. I just did it and it worked!!! I intially went to Best Buy to see if they could fix it and they wanted $129!!!!

  • Chris L. says:

    THANK YOU! I started working on this early this morning - many sites giving lots of weird, complicated instructions that didn't work for me. Finally found this comment section and system restored...all gone! So easy. My Best Buy wanted $199.00 to fix it....THANK YOU!

  • TheEman says:

    Ok for those of you who got the Vista Security 2011, I got it. Use Combofix 4.99MB download takes like 30min to run Every bit of the Vista security thing gone it then restores your internet to normal!

  • Rich L. says:

    Not a geek. Some additional notes that may be helpful, from my experience.
    1. Only way I knew to get to safe mode was to unplug power and pull battery from my laptop. Then I had the option, upon turning it on again, of rebooting in safe mode with a command line.
    2. Be patient when doing the restore command exe. It took at least a minute for the restore screen to come up.
    That my system is fixed is presumptive at this point, until I get more experience showing no issues. At this point I am able to connect to the internet successfully. I restored to yesterday, as issue just came up an hour ago. It appears that, thanks to the information here, I was able to resolve, for which I thank you. Required access to another functioning computer to read the above to make it happen though.

  • Eric says:

    thanks to the people who thought of the " run as administrator " option.

  • judy says:

    Help! All my .exe files for every application are missing or blocked to execute. I can not use any MS or other software, including my Webroot or McAffee.
    I deleted the malware, but did not have a previous restore point for me to go back. I removed the malware via the task manager function. Appreciate any tips. Judy

  • Jack says:

    PLEASE HELP!!!!! I have tried to RESTORE 3 times now but still have this stupid virus. I can't even access the internet like many of you before me have posted. Please help! I need to get my computer back ASAP!!!

  • Carrie Jones says:

    I just snuffed Vista security. A few months back, I had another security malware attack on my computer. Here is what I did:

    I frequently have guests who need to access email, etc. on my computer, so I set up a "guest" user on my computer, so they cannot screw up the system or access any of my personal files. When the malware attacked, instead of having to go through the safe mode, I went into my system as the guest user and when I went into system restore, all I had to do was type in my administrator password and I was able to push the whole thing back a week. Goodbye stinky Vista virus!! I strongly suggest setting up another user id (with or without a password), so when you have to take control of your computer, you have another way into the system that will provide a clear path to your system restore.

  • cassius brown says:

    I did a start up in safe mode. Right click on systems restore and run as administrator. I picked a restore date several days prior to the virus attack. Just wanted to say that without everyones advice/posts I would be at Best Buy right now-minus 200 dollars... Thank you folks so much......ps I think this may have hit my pc through YouTube

  • Nick2006isGOD says:

    Nick2006 described a proceedure that worked like a charm. Control Alt Del brings up the Task Manager - right click the $%#^ virus and on the highlighted offending program choose "end Process" POOOOOFFFFF! Gone

  • Wayne says:

    This is a very tenacious virus. I could not even get to system restore from safe mode. I ended up having to do as Ryan did and go to Safe Mode Command Line option and typed "rstrui.exe This allowed me to go back a couple of days and restore. This seems to have eliminated the problem for now. Norton was on, by the way and did not pick up the virus, go figure.

  • Karina says:

    This was a very nasty virus, however mine now says 2012 so I think these guys have upped the stakes because I did 7 system restores further and further back and it still couldn't get it. I used 3 virus removal systems and none of them got it and I couldn't find it in my programs. I am trying this removal tool and hopefully it works cuz I have been fighting this thing for like a week now... Good luck to all of you!

  • Reyes says:

    Update your Java

    start -> control panel -> Java

    click on java icon & update

    make sure your proxy setting are automatic unless you connect to the internet by other specific proxy.

    the attack comes from a java script.

    I removed fnm.exe from my pc and cleaned the registry files like it says to do up top & it vanished. That is it no need to sys restore.

  • Michael says:

    I like to let everyone know that the Russian guys who made this virus have been located and dealt with. They will face a harsh punishment that they will never forget.

    Note to our Russian virus makers:
    Enjoy your punishment, I'm sure you know now that your equipment has been fried and you will face financial punishment for your deeds.
    Karma is a bitch.

  • tdb57'@hotmail.co.uk says:

    had this virus hubby did system restore but now i have no inter net conextion at all it says there is a wire not pluged in but there is please what can i do

  • David Laverdiere says:

    Right clicking on system restore worked for me. Thanks Folks!!

  • lilly says:

    I'm completely clueless when it comes to technology and my friends helped me get rid of this virus with great effort. However, there still seems to be some parts of it left behind. It won't let me download other internet browsers and other things. I don't know what to do since it doesn't let me have freedom over my computer and it's frustrating. Can someone please help?

  • Matt says:

    The Vista Safe Mode with Command Prompt saved me.

    1) Reboot PC, hit F8 as its booting, select Safe with Command Prompt
    2) type rstrui.exe
    3) For me, I didnt see the Restore window, at all - had to CTRL ALT DEL to task manager, click the backup program and click Switch To...
    4) Selected a backup from a few days ago, seems to have fixed the issue

    THANK YOU

  • Dudeman says:

    To Judy: right click the program and hit "run as administrator" to run it. Then clean your computer with anit-virus stuff (a quick scan of malwarebytes works well) and use system restore to restore your computer!

  • Beth says:

    HELP!!! I was the real stupid one and tried to \"buy\" this thing before I did some research. They now have my credit card info. What do I do now??? How can I stop it? I am not sure if it went through and it will be a couple of days before I know if the charge went through. I got a message that there was a problem processing it but I am still scared. Any suggestions?

  • mr george tillotson says:

    SECUREVISTA. what is this? A debit of £69.98 was deducted from my current bank account recently. what is this for?

  • Amonwam says:

    Go into safe mode with networking. Right click your airtvinus icon and choose run as administrator . You should be able to access your virus scanner this way. Do a full scan. It should detect and remove it. After this, it's a good idea to run a spyware/malware detector like spybot search and destroy or IObit Security. I also used ccleaner to do a registry cleanup .My airtvinus (AVG 9 full) caught everything but I did the rest just to be safe. 4 days now, and no problems since.

  • baidu says:

    Wohh just what I was searching for, regards for posting.

Loading...