Tuesday, June 14, 2011

Remove Vista Antispyware 2012 self-authorizing virus

Vista Antispyware 2012 violates custom’s rules of computer systems as it  obtains more authorities than a security program should have. It obtains such authorities using tricks inherent to viruses.
The delivery of this program is always somewhat a trickery. Even if a user has agreed on its installation, that has happened because the user was unaware of real features of the program installed. Needless to say, in case of backdoor infiltration of the program with trojans employed as the infection carriers, it was a totally tricky way.
The purpose of all those deceptive procedures is to sell copies of the product, which should be forbidden as totally useless, misinforming, linked with computer infections program,  and an infection itself. Even if the program has convinced you to buy it, the annoyance it makes is not eliminated and new requests for paid activations are to follow, without adding a bit of useful features to the malicious program, neither its maliciousness is reduced.
Click here to run free scan and eliminate maliciousness of the program completely removing Vista Antispyware 2012 rogueware.

Vista Antispyware 2012 snapshot:

Vista Antispyware 2012 uninstaller download:

Manual removal guide: 
Delete infected files:
%Documents and Settings%\All Users\Application Data\[random]
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random]
%Documents and Settings%\[UserName]\Local Settings\Temp\[random]
%Documents and Settings%\[UserName]\Templates\[random]
Delete infected registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’

HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’

HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee” -a “%Program Files%\Internet Explorer\iexplore.exe”‘

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ’1′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ’1′

No comments: