FacebookTwitterLinkedIn

Vista Defender Pro

Also Known As: Vista Defender Pro Rogue
Type: Fake Antivirus
Damage level: High

Tomas Meskauskas Written by on (updated)

What is Vista Defender Pro?

Vista Defender Pro is a fake antivirus program derived from a large family of rogue applications notorious for infecting a very large number of computers. Internet criminals designed this rogue program to change its name according to the operating system it infects.

In this way, this bogus program looks authentic and thus more unsuspecting computer users fall for this trickery and purchase a useless security program to remove the supposed security infections. These infections do not actually exist.

Vista Defender Pro fake antivirus program

This fake program is often propagated via bogus video codecs. When you enter a website, a video screen appears reporting that you need to download or update your video codec.

If you agree, a fake security program is downloaded rather than the video codec software. When this rogue program self-installs on your computer, it displays various fake security messages and performs security scans, stating that your computer is at risk.

The program will find multiple 'infections' and you will be asked to purchase a full version of Vista Defender Pro to remove them. Do not buy this program, it is a scam.

This program was created with the sole purpose of stealing money from your credit card. The scans and security messages are fake, so ignore them and remove this bogus program from your computer.

If you have already purchased this fake software, contact your credit card company and explain that you have been tricked into purchasing a fake security program. Vista Defender Pro is merely an imitation of a genuine security program.

Internet criminals responsible for creating this bogus program make money from PC users who purchases its license. You should not fall for the trickery displayed by Vista Defender Pro; it is a scam that should be eliminated from your PC.

The following fake security messages will be shown by Vista Defender Pro:

"Tracking software found! Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing a security scan."

Do not trust this program. Use this removal guide to completely remove Vista Defender Pro from your computer.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Vista Defender Pro virus removal

1. Download fix.reg file. After saving the file to your desktop, double click fix.reg and then click YES to confirm.

--->DOWNLOAD fix.reg<---

2. Open Internet Explorer, click Tools and select Internet Options. Select "Connections".

internet explorer internet options

 

internet explorer internet connections

 

3.Click LAN settings, if 'Use a proxy server for your LAN' is checked, uncheck it and press OK.

internet options lan settings

internet explorer proxy settings

 

 

 

 

 4. Download a legitimate anti-spyware program to fully remove Vista Defender Pro  from your PC.

If you are unable to remove Vista Defender Pro, you can use these manual removal instructions. Use them at your own risk, since if you do not have strong computer knowledge, you could harm your operating system.

Use them only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Vista Defender Pro  processes:

av.exe
ave.exe

Remove these Vista Defender Pro registry entries:

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CLASSES_ROOTsecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "%1" %*
HKEY_CLASSES_ROOTsecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataave.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"

Delete these Vista Defender Pro files:

C:\ProgramData\QJyrk5wvCU1
C:\Users\All Users\QJyrk5wvCU1
%UserProfile%\AppData\Local\av.exe
%UserProfile%\AppData\Local\ave.exe
%UserProfile%\AppData\Local\QJyrk5wvCU1
%UserProfile%\AppData\Local\WRblt8464P
%UserProfile%\AppData\Local\Temp\QJyrk5wvCU1
%UserProfile%\AppData\Roaming\Microsoft\Windows\Templates\QJyrk5wvCU1

Summary:

The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.

A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:

Fake pop-up used in rogue antivirus distribution example 1

Fake pop-up used in rogue antivirus distribution example 2

Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of vista defender pro rogue and other rogue antivirus programs:

example of a webpage used to collect payments for fake antivirus programs

To protect your computer from vista defender pro rogue and other rogue antivirus programs users should:

  • Keep their operating system and all of the installed programs up-to-date.
  • Use legitimate antivirus and anti-spyware programs.
  • Use caution when clicking on links in social networking websites and email messages.
  • Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.

Symptoms indicating that your operating system is infected with a fake antivirus program:

  • Intrusive security warning pop-up messages.
  • Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
  • Slow computer performance.
  • Disabled Windows updates.
  • Blocked Task Manager.
  • Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.

If you have additional information on vista defender pro rogue or it's removal please share your knowledge in the comments section below.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Vista Defender Pro Rogue QR code
Scan this QR code to have an easy access removal guide of Vista Defender Pro Rogue on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.