Vista Antivirus 2012
There is nothing to be surprised about the system being infected with Vista Antivirus 2012. The world of IT innovations today is not only described by introduction of high-technology gadgets and implementation of scientific achievements but also by tremendous increase of various forms of cyber crime, starting from development of various forms of browser redirect viruses and ending up with rogue anti-virus industry, the continuously growing niche that seems to expand by leaps and bounds with every new year. Vista Antivirus 2012 is surely the example of such rogue anti-spyware. The software imitates the legit AV program, however, this is all done for the purpose of making users think that the software they see is worth keeping or even buying. Regretfully, this is not the right way of thinking. The tool bearing the name of Vista Antivirus 2012 is really powerless, this is why its purchasing does not make any sense. In times of malware attack the program would not detect it and thus would not help you delete the real infection.
The real outrageous fact about Vista Antivirus 2012 is that the program comes to your system without you actually realizing this. The hoax then modifies your system by adding the registry entry to be started automatically each time you log in to Windows. It actually imitates the Windows Firewall, but this Vista Antivirus 2012 is the fake firewall, of course. The fictitious scanning process of Vista Antivirus 2012 is worth writing about. The malware would run it each time you turn your PC, automatically and without your command. By the way, the very scanning and its final scan report would be accompanied with many warnings, popups, ads and other security notifications telling that your computer is in the desperate condition and that you immediately must do something with it. The software recommends that you in fact effect the payment for its licensed version to delete all those infections which are fake in reality.
Having Vista Antivirus 2012 virus inside of the system is not the end of the world, of course. The removal of this malware is quite a feasible task for many powerful anti-virus scanners and malware removers. You simply need to realize that buying Vista Antivirus 2012 is the waste of your funds for nothing good actually. So, when such offers of the scareware appears, simply ignore it. Delete the malware with the anti-spyware tool recommended at this site.
Tricks to help you execute anti-virus software in spite of the blockage by this rogue:
- A good trick to get rid of this malware is to modify your computer time to 7-8 days in the future and then restarting your system. After that you can restore the date to correct time. Then you may download, install and scan your computer with recommended software to delete all trojans that became the cause of the infection.
- If you already have one of the anti-virus softwares installed on your computer you might try running it with Administrator rights (right-click the icon at the desktop and choose the option “Run as Administrator”).
Vista Antivirus 2012 system modifications:
Vista Antivirus 2012 files created:
- %UserProfile%\Local Settings\Application Data\opRSK
- %UserProfile%\Local Settings\Application Data\pw.exe
- %UserProfile%\Local Settings\Application Data\vz.exe
- %UserProfile%\Local Settings\Application Data\MSASCui.exe
- %UserProfile%\AppData\Local\opRSK
- %UserProfile%\AppData\Local\pw.exe
- %UserProfile%\AppData\Local\vz.exe
- %UserProfile%\AppData\Local\MSASCui.exe
Vista Antivirus 2012 registry entries created:
- HKCU\Software\Classes\pezfile
- HKCR\pezfile
- HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
- HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
- HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
- HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
- HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
- HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
- HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
- HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1″ %*
- HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
- HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
- HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
- HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
- HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
- HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
- HKLM\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
- HKLM\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″
