Home Malware Programs Rogue Anti-Spyware Programs Vista Total Security

Vista Total Security

Posted: February 28, 2011

ScreenshotVista Total Security is a rogue anti-virus program partially distributed through social networking links. This rogue product will interfere with your browser's functions and generate false infection alerts designed to frighten you into giving Vista Total Security's creators your credit card number. Vista Total Security may also change your network settings without permission; this can cause increased vulnerability to malware attacks. Standard methods of uninstalling or closing this rogue anti-virus infection typically will not work, requiring you to use anti-malware programs and tactics if you want to remove Vista Total Security completely.

Facebook is Sometimes Roguebook for the Incautious

The criminals behind Vista Total Security have indicated some basic level of competency with social networking; some reports have indicated Vista Total Security being spread through links in comments on Facebook. Since rogue anti-virus programs like Vista Total Security are often installed by Trojans and drive by download methods, even just clicking on a bad link can be hazardous. Don't assume that a link is trustworthy even if you know the person who sent it, since accounts can easily be compromised.

Vista Total Security has been noted to target Firefox and Internet Explorer browsers, but may also be able to infiltrate systems using more obscure web browser programs. Initial installation may be followed by the browser crashing.

What Happens When Vista Total Security Clambers onto Your System

As with the majority of rogue products, Vista Total Security will immediately display itself prominently once Vista Total Security is installed. The most plain to see sign of Vista Total Security's presence is various alerts of infection, particularly when you start up your web browser. These alerts and warnings don't have a jot of accuracy, and, in fact, they're a threat since Vista Total Security's erroneous alerts can cover up real OS warning cues.

Even if you try to shut down the Vista Total Security process directly through Task Manager, Vista Total Security will usually reappear unless further measures are taken. Vista Total Security will also change your network settings without permission. These network changes can be a security hole for other malware to slink through onto your computer and may disable your Internet access entirely.

Since it's a general nuisance as well as a security hazard, Vista Total Security should be removed by trusted anti-malware programs if you see its brazen presence displayed on your system. Leaving Vista Total Security alone will, at best, result in your putting up with far too many needless error messages that have no basis in reality.


File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\AppData\Local\av.exe
    2 %UserProfile%\AppData\Local\WRblt8464P

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*

Related Posts