Vista Antispyware 2012
Posted: June 8, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 19 |
| First Seen: | December 5, 2011 |
|---|---|
| Last Seen: | February 2, 2021 |
| OS(es) Affected: | Windows |
Vista Anti-Spyware 2012 is a rogue anti-spyware program that pretends to find threats on your PC, while not actually trying to detect real threats in the first place. Along with using this to scam you out of your money for an equally fake threat-removal function, Vista Anti-Spyware 2012 can also prevent other programs from running, and hijack your web browser to redirect you to harmful websites. Vista Anti-Spyware 2012 should be considered a serious security threat to be deleted, as soon as you have access to anti-malware software that's capable of removing Vista Anti-Spyware 2012.
Vista Anti-Spyware 2012's Dysfunctional Anti-Spyware Features
Like many other rogue security programs, Vista Anti-Spyware 2012 looks like a standard security program that could detect or delete keyloggers, worms and other threats to your PC. However, the proliferation of infection alerts, system scans and other security-related services that Vista Anti-Spyware 2012 offers are all in name only. Vista Anti-Spyware 2012 can only detect fake threats that it's preprogrammed to find, rather than finding real threats to your PC's safety.
Some of the fake warnings that Vista Anti-Spyware 2012 creates look like the following:
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.
Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.
Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
As you might guess, all warning pop-ups and other infection-detecting features are faked to make you purchase Vista Anti-Spyware 2012. It's highly likely that Vista Anti-Spyware 2012 will attempt to block some or almost all of your programs while claiming that they're infected, but the real reason these programs won't run is Vista Anti-Spyware 2012 itself.
What You Can Do to Snatch Your PC Back from Vista Anti-Spyware 2012
Visiting websites related to Vista Anti-Spyware 2012 may cause other threats to attack your PC, but this can be difficult to avoid while Vista Anti-Spyware 2012 remains active. Vista Anti-Spyware 2012 will hijack your web browser to force you away from websites that it doesn't want you to visit, like anti-malware and security sites. Vista Anti-Spyware 2012 may also change your homepage, create pop-ups, alter the results of search engines, and even create fake unsafe website warnings, all to lure you to malicious websites.
You can put a stop to Vista Anti-Spyware 2012's browser hijacks by using Safe Mode, or booting Windows from a CD. Either method will prevent Vista Anti-Spyware 2012's Registry-based startup routine from triggering, which will allow you to use any security program you like to delete Vista Anti-Spyware 2012 and any other threats.
Since Vista Anti-Spyware 2012 is a recently-emerged threat as of June 2011, you should update threat definitions for all anti-virus and security software to limit Vista Anti-Spyware 2012's chances of attacking your PC. Browser updates and limited use of scripts like JavaScript and Flash may also help prevent Vista Anti-Spyware 2012 from being installed by browser exploits.
File System Modifications
- The following files were created in the system:
# File Name 1 %AllUsersProfile%\[RANDOM CHARACTERS] 2 %AppData%\Local\[RANDOM CHARACTERS] 3 %AppData%\Local\[RANDOM CHARACTERS].exe 4 %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS] 5 %Temp%\[RANDOM CHARACTERS] 6 %UserProfile%\Desktop\Vista Antispyware 2012.lnk 7 %UserProfile%\Start Menu\Programs\Vista Antispyware 2012.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
Additional Information on Vista Antispyware 2012
- The following messages's were detected:
# Message 1 "Stealth intrusion! Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now" 2 "System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here" 3 "Privacy threat! Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair"
This is what I was looking for and I'm glad you posted this to help others. Thanks.
I just had this vista antispyware on my computer also and found a simple way to get rid of it.
1. Shut down the computer and start it in safe mode.
2. Do a ctrl+alt+delete , open the task manager and stop the process \"vista antispyware.\"
3. Now you can do a system restore without the virus blocking it.
4. Restart your computer normally, and it\'s gone! YAY! Run your normally antivirus and/or cleaner to make sure it is completely gone. 🙂
I hate viruses so much, but this solution works for the majority of the ones I\'ve encountered.
I tried this and couldnt find that process listed so wouldnt work for me
I got this once, but I ran my McAffee antivirus and restarted my computer and now I'm fine. I got something like this in the past, so I knew just what to do before it got too late. Now I have to figure out how to get rid of xmlprw32.dll any tips?
Just ctrl+alt+del and let it the vista antispyware program open it's window and select it and end program. This will buy you enough time to open system restore and restore it to an earlier date. But just as Meghan says it has to be done in safe mode. I just did it. Thanks Meghan.
What happens when you system restore? Will you lose all of your existing files?