Click on screenshot to zoom
Danger level 8
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Infection Video Vista Antispyware 2012

Vista Antispyware 2012

There is a cluster of rogue antispyware applications which are basically exactly the same and they differ only in that they change their name according to what operating system the targeted computer runs on. Vista Antispyware 2012 is one of these rogues and it is a new version of Vista Antispyware 2011 which has been terrorizing the user a few months ago. This threat pretends to be a reliable antivirus program in order to rip easy financial gain by fooling unsuspecting computer users into paying for an absolutely worthless product.

There are quite a few ways for Vista Antispyware 2012 to enter the computer system. Two the most popular ones are by the user of fake online malware scanner and hacked websites. When the user confronts fake scanner online it bleeps in various colors demanding the user’s attention and screeching that one must perform a full system scan in order to check whether there are more serious infections in the system. For that the user must download Vista Antispyware 2012, because it is a “reliable” security program.

This rogue is very good a faking its legitimacy, because when it is installed, Vista Antispyware 2012 poses as a Windows security update. It also is very aggressive in achieving its goal, for example, the rogue does not allow you to launch any program unless it deems it to be “safe”. It also might not allow other programs to access Internet when it is necessary, and it makes it look like the programs that user uses all the time are suddenly infected with serious threats. One of the fake security messages that Vista Antispyware 2012 sends is as follows:

Vista Antispyware 2012 Firewall Alert
Vista Antispyware 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Vista Antispyware 2012 fake system scan also “detects” such threats as IRC-Worm.DOS.Septic and IRC-Worm.DOS.Loa, which are actually worms which were designed to spread through mIRC channels and were released back in year 2000. Even though these threats are not made up, they do not exist in the affected computer and the only threat that the user must deal with is Vista Antispyware 2012 itself.

This rogue hinders the optimal performance of your computer at the same time trying to make you pay for the full version of it. Therefore, it is best to remove Vista Antispyware 2012 from your computer immediately by using a reliable antimalware program, because manual removal requires certain skills which you might not possess. Safeguard your computer against future threats and make sure that Vista Antispyware 2012 is gone from your system for good.

Update:

The rogue removal will be easier if you used these activation codes to “register” the rogue:

2233-298080-3424
3425-814615-3990
9443-077673-5028

This rogue is particularly annoying because right after the installation it blocks every single exe file and you can no longer run your computer. Then there is nothing else left to but to restart your computer. When you do, while it boots press F8 and select to load the Safe Mode with Networking, so that you could download SpyHunter from our website. Then restart again, and load your computer in Normal mode to install SpyHunter. Another way to install the program is to download it on another computer, rename the installer file from installer.exe to installer.com and then transfer the file into a USB flash drive. Plug the drive into the infected computer and use it to install the program.

Once SpyHunter is installed, it will scan your computer and detect the rogue, and kill it.

NOTE: Just because you can no longer see the rogue it does not mean that it doesn’t exist. Perform a full system scan to locate and terminate all of its components, because any file associated with the rogue can leave your computer’s door open for other malware.

Download Spyware Removal Tool to Remove* Vista Antispyware 2012
  • Quick & tested solution for Vista Antispyware 2012 removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Vista Antispyware 2012

Files associated with infection (Vista Antispyware 2012):

%AppData%\[random].exe

Processes to kill (Vista Antispyware 2012):

%AppData%\[random].exe

Remove registry entries (Vista Antispyware 2012):

HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee” -a “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ’1′
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.