Sunday, December 18, 2011

Get rid of Windows Vista Security 2012 self-announced and self-awarded (fake) AV tool

Windows Vista Security 2012 is a self-proclaimed security solution. Its downloads and installations into targeted machines are based on fraud and shadowed injection.
There are countless sites extolling virtues of the program, including providing awards certificates. The awards are all fabricated by the same rascals who have concocted the scamware.
Perhaps the most persuasive effect is generated by showing online scanner. The so called scanner almost instantly informs that the computer connected to it has been found to swarm with viruses, worms, trojans. Of course, the offer comes along to download worldwide best security tool, which, as the unhappy downloader later figures out, is not that easy to uninstall. Removal of Windows Vista Security 2012 as a fake security solution is the only way to uninstall it.
Click here to remove Windows Vista Security 2012 upon free-scanning your PC whether you have fallen victims of fraudulent reasoning or the rogue has made its way into your computer systems through its security breaches.

Windows Vista Security 2012 screenshot:


Manual removal directions:
Delete infected files:
%AllUsersProfile%\
%Temp%\
%LocalAppData%\
%LocalAppData%\.exe
%AppData%\Microsoft\Windows\Templates\
Delete infected registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'ah'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah
HKEY_CURRENT_USER\Software\Classes\ah "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\ah "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\ah\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

No comments: