Sunday, June 19, 2011

Get rid of Vista Home Security 2012 deceptive scanner

Alongside with a content available as free updates to popular software, free movies and other media files etc., something unwanted may slip onto your computer system. That something is not even necessarily undeclared, but users often fail to take time for checking the list of  files downloaded.
In most of the cases, users are infected with Vista Home Security 2012 in the above or similar way. It also happens quite often that users download the badware from its website dressed up as online scanner. The online scanner is but another deception. Even if to make an assumption that the online scanner is genuine, the speed of  detecting threats it  manifests is unrealizable for any kind of connection. To remove Vista Home Security 2012 fake security system, click here to run free scan of your PC in order to resolve this and other security issues on your PC.

Vista Home Security 2012 snapshot:



Free-scan uninstaller download:


Manual removal guide:
Delete infected files:

%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h
%LocalAppData%\kdn.exe
%LocalAppData%\u3f7pnvfncsjk2e86abfbj5h
%Temp%\u3f7pnvfncsjk2e86abfbj5h
%UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h
Delete infected registry entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ‘1′
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ‘1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ‘1′

No comments: