Vista Home Security 2012
Posted: June 7, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 62 |
| First Seen: | August 9, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Vista Home Security 2012 is a clone of other rogue security programs such as System Smart Security. Like its clones, Vista Home Security 2012 will block programs and hijack your web browser, to make it look like your PC is being attacked by multiple threats. Vista Home Security 2012 will also create fake errors that falsely indicate infections in uninfected programs. Since Vista Home Security 2012 has no security or anti-virus functions, you should feel no regret about deleting Vista Home Security 2012 from your computer, right away, with an anti-malware scanner.
Vista Home Security 2012: a Year-Early Threat to Your Computer's Safety
Despite the chronologically premature name, Vista Home Security 2012 copies both the look and functionality of older rogue security programs like System Smart Security, Internet Security, Internet Security 2010 and Internet Security 2011. Vista Home Security 2012 pretends to be an anti-virus and security program, but lacks the functions of such software. Instead, Vista Home Security 2012 makes up for this by alerting you about Trojans, keyloggers and other threats that aren't actually attacking your computer.
Samples of fake errors that Vista Home Security 2012 uses for this purpose include:
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.
Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.
Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
You may also see these warnings when Vista Home Security 2012 blocks applications under the pretense of these programs being infected. These program blocks are solely due to Vista Home Security 2012 wanting to prevent your applications from working properly, and it will be resolved once you deactivate and remove Vista Home Security 2012.
Beware of Your Browser While Vista Home Security 2012 is Around
In addition to outright preventing you from using various programs, Vista Home Security 2012 and related threats may also take over your web browser. These browser hijacks are typically achieved by altering proxy server settings or changing the Windows Registry to link popular URLs and IP addresses to malicious destinations.
Vista Home Security 2012 hijacks may change your homepage to the Vista Home Security 2012 website, alter your online destination after you click on a link, change the contents of your search results, or even create content like advertisements or fake error message screens.
Hijacks don't permanently harm your web browser, although they do make your PC more vulnerable to being attacked by other threats. You can regain unhindered use of your browser by deleting Vista Home Security 2012 with anti-malware programs. It's strongly recommended that you run these programs in Safe Mode, and update all threat definition databases before attempting to remove Vista Home Security 2012.
Aliases
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:sys.exe
File name: sys.exeSize: 339.96 KB (339968 bytes)
MD5: 3591cad46f9689df8bbc0f655f6b4d68
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
4.exe
File name: 4.exeSize: 335.87 KB (335872 bytes)
MD5: 3414baf3798a863f1a7ad5374734c38d
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
3.exe
File name: 3.exeSize: 334.29 KB (334296 bytes)
MD5: 02819e7f6bc7484576beba460040ae25
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
2.exe
File name: 2.exeSize: 344.06 KB (344064 bytes)
MD5: 4b03718e290ee47b5b06e0a49ccdf86e
Detection count: 78
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
1.exe
File name: 1.exeSize: 344.06 KB (344064 bytes)
MD5: 86ddd5aaf8c3d1e5b789adf88fd1bb0f
Detection count: 77
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
%AppData%\Local\[RANDOM CHARACTERS]
File name: %AppData%\Local\[RANDOM CHARACTERS]Group: Malware file
%AppData%\Local\[RANDOM CHARACTERS].exe
File name: %AppData%\Local\[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
File name: %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]Group: Malware file
%AllUsersProfile%\[RANDOM CHARACTERS]
File name: %AllUsersProfile%\[RANDOM CHARACTERS]Group: Malware file
%Temp%\[RANDOM CHARACTERS]
File name: %Temp%\[RANDOM CHARACTERS]Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
Additional Information
| # | Message |
|---|---|
| 1 | Critical Warning! Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended) |
| 2 | Security Alert! Your computer is being attacked from a remote machine ! Block Internet access to your computer to prevent system infection. |
| 3 | System warning! Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer. |
| 4 | System warning! Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start. |
This Vista Home Security 2012 is a complete joke. I messed up by buying it. Now these jerks have charged my credit card TWO TIMES!!!! Unbelievable!!! How do i get those charges taken off. Visa said I must file a report via my credit union instead of with them. What a crock! Good that you are looking into my best interest here. Thanks for letting me know it is a fake but they got me. too late. Will keep you posted with update on my refund from Vista home Security 2012 jerks. Thanks
Pete, I would just cancel that credit cars NOW before they start to charge more on it. Also, try working in Safe Mode (F8) to remove Vista Home Security 2012.
AV Security Suite Registry File Names and Locations I personally found and removed from my sisters computer through desktop sharing.
Are you aware of any standalone antivirus and anti-spyware application that work well together. It seems like most companies are trying to combine each into one item and to me it feels like one is constantly compromised. I'd rather run 2 good software products that work well together.