Thursday, June 23, 2011

Removal of Vista Security 2012 unwanted deceptive scan

Vista Security 2012 is known to be chiefly distributed through its website, which, in its turn, is popularized by means of spam ads, flood ads, browser hijacking, online ads.
Hackers do not spare effort to draw visitors to the pages dedicated to the program.  As a rule, the very process of attracting visitors to websites advertising the software is tricky and should make potential downloader of the scamware alert.
However, the number of victims that installed the program with their own hands is great and keeps growing.
For those refusing to manually install the unwanted program there is another trap, namely backdoor introduction of the software. The backdoor introduction is performed by special program of trojan or worm type.
Whether installed by users or by trojan or worm carrier, remove Vista Security 2012, for it performs virtually the same set of actions in both cases. That is, the software pretends to scan computer system and draws user’s attention to inexistent threats.
Click here to start free scan in order to detect infections that do exist and get rid of Vista Security 2012 as one of such threats.

Vista Security 2012 interface snapshot:

Uninstaller download:

Manual removal guide:
Delete infected files:

%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h



Delete infected registry entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ‘1′
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’

HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’

HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”‘

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ‘1′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ‘1′

No comments: