Home Malware Programs Rogue Anti-Spyware Programs Vista Internet Security 2013

Vista Internet Security 2013

Posted: November 6, 2012

Threat Metric

Threat Level: 1/10
Infected PCs: 49
First Seen: November 6, 2012
Last Seen: February 25, 2022
OS(es) Affected: Windows

Vista Internet Security 2013 is a fake anti-malware program that displays inaccurate messages about attacks against your PC to bully you into buying its software registration. Like other rogue anti-malware programs that SpywareRemove.com malware researchers have identified to hail from the FakeRean family, Vista Internet Security 2013 can be used to block websites, block programs and change your Registry system settings without your permission. Given that Vista Internet Security 2013 can't protect your PC from anything and is an active threat to its safety, you should remove Vista Internet Security 2013 with real anti-malware software as soon as you notice the typical symptoms of a Vista Internet Security 2013 or other FakeRean infection.

Vista Internet Security 2013 and the Scam that's for All Years and Versions of Windows

Vista Internet Security 2013 looks like a little-known brand of anti-malware scanner, but its firewall, 'proactive security,' system scans and other features are entirely fake and are unable to identify infections or attacks with any degree of accuracy. Infection routes for Vista Internet Security 2013 have been known to include spam links that redirect victims to malicious or compromised sites that host drive-by-download exploits like the well-known Blackhole Exploit Kit.

SpywareRemove.com security analysts have discovered that standard installation methods for FakeRean scamware like Vista Internet Security 2013 infections attempt to detect the attacked PC's operating system. With that knowledge in hand, it's used to select an appropriate FakeRean variant. Vista Internet Security 2013 only will appear on Windows Vista PCs, but samples of other FakeRean variants include Antivirus 2008 Pro, Antivirus XP 2008, Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, Rogue.Vista Antivirus 2008, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, XP Security 2012, XP Home Security 2012 and AntiVirus PRO 2015.

Due to the large number of individual variants of FakeRean, this list should be considered exemplary rather than conclusive. The two major branches of FakeRean that SpywareRemove.com malware researchers have found to be in active distribution include Multi-rogue 2012 and Multi-rogue 2013 (scamware using the annual suffixes of 2012 or 2013 in their names, respectively). Differences between these modern variants of FakeRean largely are cosmetic.

Why Vista Internet Security 2013's Fake Security Has a Real Bite to It

Vista Internet Security 2013 includes a broad range of fraudulent security features that are typical for security software suites. Accordingly, the most prominent symptom of a Vista Internet Security 2013 infection is various pop-up alerts that can appear either randomly or when you try to use unrelated applications that are blocked by Vista Internet Security 2013. SpywareRemove.com malware experts have determined that program-blocking attacks can be implemented in multiple ways and are likely to center on disabling default security features for Windows (such as its update manager, firewall or anti-malware scanner).

Vista Internet Security 2013 also may redirect your browser away from normal websites and display fake browser alerts. All of these attacks are Vista Internet Security 2013's attempt to convince you of its viability as an anti-malware program, but Vista Internet Security 2013 isn't able to remove any sort of malicious content from your computer and never should be considered a legal, purchasable product.

While using competent anti-malware software to delete Vista Internet Security 2013 is, obviously, advisable, SpywareRemove.com malware research team has found that additional steps often are needed to remove FakeRean infections like Vista Internet Security 2013 from compromised PCs. Booting your computer into Safe Mode or booting your computer from a USB device can launch Windows without also launching Vista Internet Security 2013, which could block any attempts at anti-malware system scans that you might make.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Vista Internet Security 2013 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\[RANDOM 3 CHARACTERS].exe File name: %AppData%\[RANDOM 3 CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS.exe].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type” = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'