- Blocks internet connection
- Installs itself without permissions
- Connects to the internet without permission
- Slow internet connection
- System crashes
- Annoying Pop-up's
- Slow Computer
Vista Anti-virus 2012
A new family of rogues consisting of Vista Anti-virus 2012, XP Antivirus 2012 and Win 7 Antivirus 2012 has been making their presence felt. Vista Anti-virus 2012 will change its name to adapt to its environment. If the user is running the Windows Vista operating system, the rogue will keep its name as Vista Anti-virus 2012, and should the user be running Windows 7, the rogue will change its name to Win 7 Antivirus. Although the names may change, all versions are exactly the same application.
Vista Anti-virus 2012 enters the system in a variety of ways – the most popular being through corrupt websites using drive-by download tactics, and also through fake online malware scanners which will warn against fake threats supposedly ravaging the system. Vista Anti-virus 2012 will install itself as a single executable file called kdn.exe. Once the rogue enters the system and securely roots itself, it will edit registry entries to make it so that each time the user launches an executable file, Vista Anti-virus 2012 will launch instead. It will also disable any security software which may be able to detect it, or remove Vista Anti-virus 2012 altogether. The user will also be unable to connect to the Internet and each time he attempts to launch Internet Explorer or FireFox Vista Anti-virus 2012 will block the browsers and run instead, and will then display a fake firewall warning stating that the browser is infected.
The fake software will launch various fake system scans, and will warn of fake threats being present on the system such as P2P-Worm.Win32.Duload.a and IRC-Worm.DOS.Loa. It will also report on genuine Windows files as being infected, and should the user delete these files it will cause permanent damage to the system. Vista Anti-virus 2012 will offer to get rid of the reported infections, but only once the user pays for its worthless software.
As a further attack on the system Vista Anti-virus 2012 will generate false security alerts, which will state that the user’s PC is infected with various dire infections. Some of these fake alerts read as follows:
The ultimate goal of Vista Anti-virus 2012 is to fleece you out of your money. Never pay for any Vista Anti-virus 2012 product, and do not believe any correspondence received from the rogue. Instead take back control of your PC and destroy Vista Anti-virus 2012 immediately. This can best be achieved by making use of a genuine security tool which will also protect your PC against similar future attacks.
The rogue removal will be easier if you used these activation codes to “register” the rogue:
This rogue is particularly annoying because right after the installation it blocks every single exe file and you can no longer run your computer. Then there is nothing else left to but to restart your computer. When you do, while it boots press F8 and select to load the Safe Mode with Networking, so that you could download SpyHunter from our website. Then restart again, and load your computer in Normal mode to install SpyHunter. Another way to install the program is to download it on another computer, rename the installer file from installer.exe to installer.com and then transfer the file into a USB flash drive. Plug the drive into the infected computer and use it to install the program.
Once SpyHunter is installed, it will scan your computer and detect the rogue, and kill it.
NOTE: Just because you can no longer see the rogue it does not mean that it doesn’t exist. Perform a full system scan to locate and terminate all of its components, because any file associated with the rogue can leave your computer’s door open for other malware.
How to manually remove Vista Anti-virus 2012
Files associated with Vista Anti-virus 2012 infection:
Vista Anti-virus 2012 processes to kill:
Remove Vista Anti-virus 2012 registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee” -a “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ’1′
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′