Vista Internet Security 2013

Posted: November 6, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	16,811
Threat Level:	1/10
Infected PCs:	52

First Seen:	November 6, 2012
Last Seen:	August 18, 2023
OS(es) Affected:	Windows

Vista Internet Security 2013 is a fake anti-malware program that displays inaccurate messages about attacks against your PC to bully you into buying its software registration. Like other rogue anti-malware programs that SpywareRemove.com malware researchers have identified to hail from the FakeRean family, Vista Internet Security 2013 can be used to block websites, block programs and change your Registry system settings without your permission. Given that Vista Internet Security 2013 can't protect your PC from anything and is an active threat to its safety, you should remove Vista Internet Security 2013 with real anti-malware software as soon as you notice the typical symptoms of a Vista Internet Security 2013 or other FakeRean infection.

Vista Internet Security 2013 and the Scam that's for All Years and Versions of Windows

Vista Internet Security 2013 looks like a little-known brand of anti-malware scanner, but its firewall, 'proactive security,' system scans and other features are entirely fake and are unable to identify infections or attacks with any degree of accuracy. Infection routes for Vista Internet Security 2013 have been known to include spam links that redirect victims to malicious or compromised sites that host drive-by-download exploits like the well-known Blackhole Exploit Kit.

SpywareRemove.com security analysts have discovered that standard installation methods for FakeRean scamware like Vista Internet Security 2013 infections attempt to detect the attacked PC's operating system. With that knowledge in hand, it's used to select an appropriate FakeRean variant. Vista Internet Security 2013 only will appear on Windows Vista PCs, but samples of other FakeRean variants include Antivirus 2008 Pro, Antivirus XP 2008, Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, Rogue.Vista Antivirus 2008, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, XP Security 2012, XP Home Security 2012 and AntiVirus PRO 2015.

Due to the large number of individual variants of FakeRean, this list should be considered exemplary rather than conclusive. The two major branches of FakeRean that SpywareRemove.com malware researchers have found to be in active distribution include Multi-rogue 2012 and Multi-rogue 2013 (scamware using the annual suffixes of 2012 or 2013 in their names, respectively). Differences between these modern variants of FakeRean largely are cosmetic.

Why Vista Internet Security 2013's Fake Security Has a Real Bite to It

Vista Internet Security 2013 includes a broad range of fraudulent security features that are typical for security software suites. Accordingly, the most prominent symptom of a Vista Internet Security 2013 infection is various pop-up alerts that can appear either randomly or when you try to use unrelated applications that are blocked by Vista Internet Security 2013. SpywareRemove.com malware experts have determined that program-blocking attacks can be implemented in multiple ways and are likely to center on disabling default security features for Windows (such as its update manager, firewall or anti-malware scanner).

Vista Internet Security 2013 also may redirect your browser away from normal websites and display fake browser alerts. All of these attacks are Vista Internet Security 2013's attempt to convince you of its viability as an anti-malware program, but Vista Internet Security 2013 isn't able to remove any sort of malicious content from your computer and never should be considered a legal, purchasable product.

While using competent anti-malware software to delete Vista Internet Security 2013 is, obviously, advisable, SpywareRemove.com malware research team has found that additional steps often are needed to remove FakeRean infections like Vista Internet Security 2013 from compromised PCs. Booting your computer into Safe Mode or booting your computer from a USB device can launch Windows without also launching Vista Internet Security 2013, which could block any attempts at anti-malware system scans that you might make.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\[RANDOM 3 CHARACTERS].exe

File name: %AppData%\[RANDOM 3 CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS.exe].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type” = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'

Additional Information

The following URL's were detected:

https://feed.streamsearchly.com/?q=