Monday, June 20, 2011

Remove Vista Internet Security 2012 Combined Threats

Vista Internet Security 2012 is a combined infection, which predominating part is identified as a counterfeited security tool.
Roughly, here is the evolution of bad quality security suites for computer systems: poor quality program (1) – programs imitating security activities (virus detection, deletion, firewall) (2) – counterfeited programs supported by viruses and incorporating viruses (3).
Get rid of Vista Internet Security 2012 as a striking example of the third stage in malware evolution. It consists of a virus and a poor quality imitator of security activities. Needless to say, not a single threat reported by the program is a true detection. However, the program is quite complicated because of its malicious part, which is in charge of ensuring uninterrupted flow of popups by the annoying component. Remove Vista Internet Security 2012 and other infections as detected by free system examination and disinfection software available here.


Vista Internet Security 2012 snapshot:


Vista Internet Security 2012 remover:


Manual removal guide:
Delete infected files:
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h
%LocalAppData%\kdn.exe
%LocalAppData%\u3f7pnvfncsjk2e86abfbj5h
%Temp%\u3f7pnvfncsjk2e86abfbj5h
%UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h
Delete infected registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ‘1′
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ‘1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ‘1′

No comments: