Home Malware Programs Rogue Anti-Virus Programs Vista Antivirus Plus 2013

Vista Antivirus Plus 2013

Posted: December 5, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 82
First Seen: December 5, 2012
OS(es) Affected: Windows

Vista Antivirus Plus 2013 Screenshot 1Vista Antivirus Plus 2013 is a rogue anti-virus scanner that pretends to detect threats on your computer, but requests money to use its fictitious deletion feature if you try to use Vista Antivirus Plus 2013 to remove any malware. Other attacks that SpywareRemove.com malware experts also consider probable from Vista Antivirus Plus 2013 include negative changes to your system settings, attempts to block other programs and attempts to control which websites your browser can access. Since Vista Antivirus Plus 2013 isn't an actual security program and can't remove viruses or other types of malware, SpywareRemove.com malware researchers never recommend purchasing Vista Antivirus Plus 2013. Instead, the safest solution to a Vista Antivirus Plus 2013 infection is to disable Vista Antivirus Plus 2013 (via methods described in this article) and then remove Vista Antivirus Plus 2013 with a legitimate anti-malware product.

The Many Negatives to Vista Antivirus Plus 2013's 'Plus' Security

While Vista Antivirus Plus 2013 pretends to be a helpful anti-virus product, SpywareRemove.com malware experts easily identified Vista Antivirus Plus 2013 as being no better than scamware, that's derived from a lengthy ancestry of similar PC threats. Vista Antivirus Plus 2013's family, technically identified as FakeRean and referred to casually as Multirogue 2013, has been known to switch brand names and appearances with individual variants, although their definitive functions always take the form of fake security features. Some examples of these relatives of Vista Antivirus Plus 2013 include Antivirus 2008 Pro, Windows Antivirus 2008, Vista Antivirus 2008, Antivirus XP 2008, PC Clean Pro, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, Rogue.Vista Antivirus 2008, XP Home Security 2012, XP Security 2012 and AntiVirus PRO 2015.

Vista Antivirus Plus 2013's appearance as an anti-virus scanner is leveraged to create fake pop-up alerts and scanner results that detect nonexistent infections. Besides its fraudulent security features, Vista Antivirus Plus 2013 also may engage in attacks that SpywareRemove.com malware experts consider more serious than simple misleading pop-ups, such as:

  • Vista Antivirus Plus 2013 may alter your system settings to force every EXE (program executable) file to be filtered through itself. This allows Vista Antivirus Plus 2013 to block programs arbitrarily. Specific security-related programs also may be blocked by Vista Antivirus Plus 2013 through additional attacks.
  • Vista Antivirus Plus 2013 may monitor your web traffic when you try to use a popular web browser and block sites that Vista Antivirus Plus 2013 considers undesirable (by redirecting your browser to a fake error/warning page).
  • Other security-related Windows features also may be disabled, such as updates from the Windows Security Center.

Doing the Math that Makes Vista Antivirus Plus 2013 Equal a Big Zero

Through the aforementioned system changes, Vista Antivirus Plus 2013 will make it hard for you to use your machine, although Vista Antivirus Plus 2013's fake security functions will try to make these attacks look as though they're being caused by unrelated malware. Since Vista Antivirus Plus 2013's impact on your PC's security is significantly negative, SpywareRemove.com malware research team recommends that you act to remove Vista Antivirus Plus 2013 as quickly as is feasible.

Most competent brands of anti-malware programs should be capable of removing Vista Antivirus Plus 2013 and other members of the FakeRean family of rogue anti-malware scanners. If Vista Antivirus Plus 2013 attempts to block the anti-malware software you'd like to use, SpywareRemove.com malware experts recommend that you boot Windows into Safe Mode. This will disable Vista Antivirus Plus 2013 and make Vista Antivirus Plus 2013 ripe for deletion by appropriate methods.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Vista Antivirus Plus 2013 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS] File name: %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
Group: Malware file
%AppData%\Local\[RANDOM CHARACTERS].exe File name: %AppData%\Local\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Local\[RANDOM CHARACTERS] File name: %AppData%\Local\[RANDOM CHARACTERS]
Group: Malware file
%AllUsersProfile%\[RANDOM CHARACTERS] File name: %AllUsersProfile%\[RANDOM CHARACTERS]
Group: Malware file
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*"HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)"= '"%1" %*HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe' /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'

Additional Information

The following messages's were detected:
# Message
1Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
2Tracking software found!
Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen.
Prevent damage now by completing a security scan.
3Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.
4Vista Antivirus Plus 2013 Alert
Internet Connection alert!
Suspicious network activity detected!
Malware infection is possible!
5Vista Antivirus Plus 2013 Alert
System hacked!
Unknown programs is scanning your system registry right now! Identity theft detected!
6Vista Antivirus Plus 2013 Firewall Alert
Vista Antivirus Plus 2013 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.