This rogue security application goes by many different program names listed below.
Windows Vista rogue names: | Windows 7 rogue names: |
Vista Antispyware 2012 | Win 7 Antispyware 2012 |
Vista Antivirus 2012 | Win 7 Antivirus 2012 |
Vista Security 2012 | Win 7 Security 2012 |
Vista Home Security 2012 | Win 7 Home Security 2012 |
Vista Internet Security 2012 | Win 7 Internet Security 2012 |
Vista Total Security 2012 | Win 7 Total Security 2012 |
Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 is one of many fake antivirus applications just like the '11 version of this malware described on this page Vista Antispyware 2011, Vista Security 2011 and Vista Antimalware 2011. If you take a closer look at these fake antivirus applications you'll see that they are almost identical. While running, the fake antivirus will launch pop-up windows with false or misleading alerts. It states that your computer is under attack from a remote server and that there is a piece of malware running on your computer that may steal your sensitive information.
It also displays this fake Windows Security Center which looks quite convincing and professional.
Vista Antispyware 2012, Win 7 Internet Security 2012 prevents you from visiting antivirus vendor websites, it may disable certain Windows utilities and block legitimate software. Actually, it hijacks Internet Explorer and other browsers and it might be that you won't be able to visit any website. The fake alert states: Visiting this site may pose a security threat to your system!
Here's another fake security alert which is displayed every time you attempt to run legitimate software:
Vista Antivirus 2012 Firewall Alert
Vista Antivirus 2012 has blocked a program from accessing the
internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
And probably the most annoying thing about this malware, is that Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 hijacks a file association for executable (.EXE) files.
Quick removal:
1. In the worst case scenario, if can't reboot your computer in safe mode and install anti-malware software to remove Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012, you can use this debugged serial key 9443-077673-5028 or 3425-814615-3990 to register the rogue application in order to stop the fake security alerts. Just click the Registration button and then select "Activate manually". Don't worry, this is completely legal. If the reg keys do not work anymore, please follow the removal instructions below.
Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.
2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.
Without a doubt, this security application is nothing more but a scam. Don't end up handing your credit card information over to the people most likely to defraud you. If you need help in removing this annoying malware from your computer, please leave a comment below or follow the alternate removal instructions. Good luck and be safe online.
Alternate Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 removal instructions:
Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.
Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
- Hide extensions for know file types
- Hide protected operating system files
1. Go into C:\Users\[UserName]\AppData\Local\ folder.
For example: C:\Users\Michael\AppData\Local\
2. Find hidden executable file(s) in this folder. In our case it was called vkl.exe, but I'm sure that the file name will be different in your case. Rename vkl.exe to vkl.vir and click "Yes" to confirm file rename. Then restart your computer.
3. After a restart, copy all the text in bold below and paste to Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)
5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Open Internet Explorer. Download exefix.reg and save it to your Desktop. Double-click on exefix.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.
7. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.
Associated Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 and registry values:
Files:
- C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe
- C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
- C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
- C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS]
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
- HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
- HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
0 comments:
Post a Comment