Home Malware Programs Rogue Anti-Spyware Programs Total Vista Security

Total Vista Security

Posted: March 16, 2010

Total Vista Security is a rogue antispyware program which uses Trojans and browser hijacking tricks to enter a targeted computer system. Once active Total Vista Security will produce a misleading scanner that claims your computer is infected. Total Vista Security will then try to convince you to click on a button to get the alleged infections terminated. Instead you will be redirected to a rogue website which sells its licensed copy. Total Vista Security may prevent you from opening your browser by hijacking your Internet navigation to make sure you visit only sites that recommend the purchase of Total Vista Security. Do not become another victim of cybercrime. Remove Total Vista Security and all related threats using a proven antispyware program.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\AppData\Local\av.exe
    2 %UserProfile%\AppData\Local\WRblt8464P

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1" %*

One Comment

  • system tool virus removal windows xp says:

    It also says that admin deactivated taskmgr. How could I activate same?

Loading...