This rogue security application goes by many different program names listed below.
Windows Vista rogue names: | Windows 7 rogue names: |
| Vista Antispyware 2012 | Win 7 Antispyware 2012 |
| Vista Antivirus 2012 | Win 7 Antivirus 2012 |
| Vista Security 2012 | Win 7 Security 2012 |
| Vista Home Security 2012 | Win 7 Home Security 2012 |
| Vista Internet Security 2012 | Win 7 Internet Security 2012 |
Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 is one of many fake antivirus applications just like the '11 version of this malware described on this page Vista Antispyware 2011, Vista Security 2011 and Vista Antimalware 2011. If you take a closer look at these fake antivirus applications you'll see that they are almost identical. While running, the fake antivirus will launch pop-up windows with false or misleading alerts. It states that your computer is under attack from a remote server and that there is a piece of malware running on your computer that may steal your sensitive information.
It also displays this fake Windows Security Center which looks quite convincing and professional.
Vista Antispyware 2012, Win 7 Internet Security 2012 prevents you from visiting antivirus vendor websites, it may disable certain Windows utilities and block legitimate software. Actually, it hijacks Internet Explorer and other browsers and it might be that you won't be able to visit any website. The fake alert states: Visiting this site may pose a security threat to your system!
Here's another fake security alert which is displayed every time you attempt to run legitimate software:
Vista Antivirus 2012 Firewall Alert
Vista Antivirus 2012 has blocked a program from accessing the
internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
And probably the most annoying thing about this malware, is that Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 hijacks a file association for executable (.EXE) files.
In the worst case scenario, if can't reboot your computer in safe mode and install anti-malware software to remove Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012, you can use this serial 1147-175591-6550 or 2233-298080-3424 to register the rogue application in order to stop the fake security alerts.
Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly. Without a doubt, this security application is nothing more but a scam. Don't end up handing your credit card information over to the people most likely to defraud you. If you need help in removing this annoying malware from your computer, please leave a comment below. Good luck and be safe online.
Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 removal instructions:
1. Click Start->Run or press WinKey+R. Type in "command" and press Enter key.
2. In the command prompt window type "notepad" and press Enter key. Notepad will come up.
3. Copy all the text in blue color below and paste to Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[-HKEY_CLASSES_ROOT\secfile]
4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)
5. Double-click on the fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
7. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus 4.
Alternate removal instructions:
Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.
Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
- Hide extensions for know file types
- Hide protected operating system files
1. Go into C:\Users\[UserName]\AppData\Local\ folder.
For example: C:\Users\Michael\AppData\Local\
2. Find hidden executable file(s) in this folder. In our case it was called vkl.exe, but I'm sure that the file name will be different in your case. Rename vkl.exe to vkl.vir and click "Yes" to confirm file rename. Then restart your computer.
3. After a restart, open Internet Explorer. Download exefix.reg and save it to your Desktop. Double-click on exefix.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.
4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus 4.
Associated Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 and registry values:
Files:
- C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe
- C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
- C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
- C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS]
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
- HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
- HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
No comments:
Post a Comment