Monday, June 27, 2011

Get rid of Vista Antivirus 2012 destructive adware

Vista Antivirus 2012 is a combined infection. On the surface, it is a fake system security suite. However, its hidden destructive potential is worth mentioning and is even greater reason to be alert of the infection.
It is a matter of ongoing discussion between malware experts whether the rogue in question destroys intentionally and for the purpose of attaching some credibility for its empty detections or that is just because of the malware developers indifference to their product compatibility with computer systems the adware affects computer systems badly.
The fake security tool is, though badly, but compatible with all Windows versions and some other operating systems. However, because it is a bad kind of compatibility both computer systems compromised by the rogue and the malware itself fails to run at full capacity. In particular, users often report the adware identification issues as the adware’s popups may be blocked partially and mainly those are shown which do not contain occurrences of its name.
To remove Vista Antivirus 2012 and other infections, click here to start free scan applying solution which guarantees Vista Antivirus 2012 removal, if you do have the infection on your PC, as well as extermination of other infections. 

Vista Antivirus 2012 interface snapshot:


Spyware Doctor download:

Manual removal guide:
Delete infected files:
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h
%LocalAppData%\kdn.exe

%LocalAppData%\u3f7pnvfncsjk2e86abfbj5h

%Temp%\u3f7pnvfncsjk2e86abfbj5h

%UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h

Delete infected registry entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ‘1′
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’

HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’

HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”‘

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ‘1′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ‘1′

No comments: