How to remove Vista Defender 2011 / Vista Defender 2012 / Vista Defender 2013 Virus/Spyware

Vista Defender 2011 / Vista Defender 2012 / Vista Defender 2013  is a rogue security software. It will send popups saying “malware has been detected on your computer” in an attempt to scare you into buying this malicious software.

It will show you a list of problems on your computer, none of the reported issues are real, and are only used to scare you into buying Vista Defender 2011 / Vista Defender 2012 / Vista Defender 2013  and stealing your personal financial information.

These spy wares send pop ups to purchase their products. If we enter the credit card details for purchasing these spy wares, they will hack our credit card information.


STEP 1 : Start your computer in Directory Services Restore Mode

      1.Restart your computer
      2.While the computer is getting restarted keep on tapping on the F8 key on top row of your keyboard.
      3.Keep on tapping on that F8 key as soon as you are seeing your computer manufacturer screen.
      4.Then you will get a menu from which you need to select “Directory Services Restore Mode” by using your arrow keys .
      5.And then click on enter

STEP 2 : Disable the Infection from the Registry

Vista Defender 2011 / Vista Defender 2012 / Vista Defender 2013 has changed your Windows registry settings so that when you try to run a executable file (ending with .exe ) , it will automatically start the infection rather than the desired programs like Internet Explorer, Your Antivirus Program, Task Manager Etc.

  • Download the RegistryFix.reg file to fix the malicious registry changes from Vista Defender 2011 / Vista Defender 2012 / Vista Defender 2013.
  • REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called RregistryFix.reg)
  • Double-click on registryfix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.

STEP 3 : Enable Hidden Files and Folders

  • Open My Computer / Computer
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View Tab.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • After this please press the Apply button and then the OK

STEP 4 : Find and Delete the Infected Files
The infected files will be located in C:\Users\{YourUserName}\AppData\Local\
In this folder you can see one three character .exe file… Like jeg.exe , lit.exe , gir.exe etc
Try to Delete this XXX.EXE file. If you are not able to delete this .EXE file rename it with a name INFECTION.EXE.OLD and restart the computer. After the restart go to the same location and delete the file…

Some of the Infected files and its locations



STEP 5 : Scan Your Computer using Some Good Antivirus Programs.

Malwarebytes Anti-Malware FREE


Emsisoft Emergency Kit

Kaspersky Virus Removal Tool

Norton Power Eraser

If you need any more assistance replay back here…..


Kuttus is an IT professional and a part time blogger. He has started the 123seminarsonly to write his findings gained in daily work life. Kuttus writes articles which are mostly related to technology and Virus Removal. He has been interested in virus and Malware removal. He is working as a remote virus removal technician from the last 7 year.

More Posts - Website

Comments are closed.