Vista Security 2012

Posted: June 9, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	12

First Seen:	August 9, 2011
OS(es) Affected:	Windows

Vista Security 2012 is a rogue security application that can't provide real threat detection, but instead, Vista Security 2012 uses false positives in its pop-ups and system scans to fake usefulness. While serving as a fake security product, Vista Security 2012 will also attack your browser and other programs directly to control your website content, and prevent you from using security-related software. Since Vista Security 2012 is an active threat to any computer's security, you should delete Vista Security 2012 by making use of any high-quality anti-malware product that's available.

The Real Vista Security 2012 Features to Worry About

Vista Security 2012 looks like a standard anti-virus program, and, in fact, shares the majority of its appearance with other recent threats like Win 7 Security 2012, XP Security 2012, Win 7 Anti-Virus 2012, XP Anti-Spyware 2012 and XP Internet Security 2012. Beneath Vista Security 2012's appearance, however, lies a series of concealed traps that attack different programs to make it feel like countless infections are infesting your PC.

Vista Security 2012 and related threats can hijack your web browser, an attack that seeks to control which websites you can visit whenever you use a well-known browser. Vista Security 2012 hijacks can change your search engine results or homepage, create fake error pages, spawn countless pop-up windows and redirect you to or from various sites.

A secondary Vista Security 2012 attack is its ability to prevent you from using other programs. Vista Security 2012 is particularly likely to prevent you from using real security software or programs that can help you remove Vista Security 2012, but programs that don't fit the above descriptions can also be blocked.

The Fake Features That Vista Security 2012 Uses to Hide Its Tracks

The above attacks are just part of an overall campaign that Vista Security 2012 implements, to make you give your credit card information over to its fraudulent website. Vista Security 2012 makes this more desirable by creating fake alerts about infections, implying that the only way to get rid of them is to purchase a Vista Security 2012 registration key.

Vista Security 2012 may create system scans that automatically detect fake infections on your PC, as well as use pop-up windows. The latter can appear at random, or Vista Security 2012 may create them when it blocks a program to make you believe that Vista Security 2012 isn't the guilty culprit.

Examples of Vista Security 2012 fake warnings can include:

System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.

System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)

As noted before, Vista Security 2012 can't detect threats on your PC, and you can ignore these warnings without any harm coming to your computer. However, Vista Security 2012 itself should be removed as soon as possible, although manual removal methods may have undesired side effects. For this reason, it's suggested that you use updated security software to scan your PC while in Safe Mode. This will prevent Vista Security 2012 from being able to run automatically, which would let it interfere with your ability to delete Vista Security 2012 for good.

Aliases

Trj/CI.A [Panda]Generic23.ALZH [AVG]Mal/Generic-L [Sophos]Trojan.Generic.KDV.275958 [BitDefender]a variant of Win32/Kryptik.PUI [NOD32]UDS:DangerousObject.Multi.Generic [Kaspersky]Adware/XPSecurity2011 [Panda]Hoax.Win32.ExpProc [Ikarus]Trojan.FakeAV.7824 [DrWeb]Trojan.Generic.KD.265174 [BitDefender]Hoax.Win32.ExpProc.acxb [Kaspersky]Unvirex!gen1 [Symantec]a variant of Win32/Kryptik.PKH [NOD32]FakeAlert-Rena.p [McAfee]Adware/XPAntivirus2011 [Panda]
More aliases (54)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%LOCALAPPDATA%\opf.exe

File name: opf.exe
Size: 348.16 KB (348160 bytes)
MD5: 8afe2278f2a8fe1d97f1bc3ac982d1a7
Detection count: 94
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011

%LOCALAPPDATA%\ssp.exe

File name: ssp.exe
Size: 344.06 KB (344064 bytes)
MD5: 5c991c7ded7060d69e4844d54f42eaef
Detection count: 77
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011

%LOCALAPPDATA%\vxp.exe

File name: vxp.exe
Size: 544.76 KB (544768 bytes)
MD5: 2de65fde22d7ed7082f6ae2a3f1c8224
Detection count: 57
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011

%LOCALAPPDATA%\nlu.exe

File name: nlu.exe
Size: 344.06 KB (344064 bytes)
MD5: c40c11b255169ea9a2a96419aa89b63e
Detection count: 29
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011

%LOCALAPPDATA%\ggw.exe

File name: ggw.exe
Size: 331.77 KB (331776 bytes)
MD5: dbdd0edf3fae9e277b7245f2a570cb53
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011

%AppData%\Roaming\Microsoft\Windows\Templates\67sdh53ygdhilutew20ijnbgc

File name: %AppData%\Roaming\Microsoft\Windows\Templates\67sdh53ygdhilutew20ijnbgc
Group: Malware file

%AllUsersProfile%\67sdh53ygdhilutew20ijnbgc

File name: %AllUsersProfile%\67sdh53ygdhilutew20ijnbgc
Group: Malware file

%AppData%\Local\67sdh53ygdhilutew20ijnbgc

File name: %AppData%\Local\67sdh53ygdhilutew20ijnbgc
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'

Additional Information

The following messages's were detected:

#	Message
1	Critical Warning! Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
2	Security Alert! Your computer is being attacked from a remote machine! Block Internet access to your computer to prevent system infection.
3	System warning! Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
4	System warning! Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Windows Vista Security 2012

37 Comments

Dionne says:

June 27, 2011 at 9:10 am

Great try, But Vista Security still runs in safe mode. Try to kill it and it comes right back. Also, it DOES NOT allow you to open Chrome of Firefox either, it doesn\\\'t effect just IE.
Kevin says:

June 28, 2011 at 10:40 pm

Try physically disconnecting the modem and rebooting the computer. I know it sounds odd, but we did this and for whatever reason it not only let us use Firefox, it also let us even use our legit anti- virus program.
BoPeep says:

June 29, 2011 at 9:22 am

just do this guys. 1. boot into safe mode by pressing F8 before Windows fully loads (before splash screen)
2. use windows restore to restore your pc back to the latest restore point.
3. restart.
4. look at your happy face because vista security 2012 is gone.
Siva says:

June 29, 2011 at 4:51 pm

Need your help. I cannot use my internet as Vista Internet Security 2012 Firewall Alerts are blocking. Please show me how to remove Vista Internet Security 2012 from my computer.

Thanks
cody gerarden says:

July 10, 2011 at 11:37 pm

ok everyone i have sucessfully removed the virus what you need to do is download this program it will stap all malware and virus functions its called rkill if you cant access the computers internet use a flash drive and download from another computer once its on ur computer run it and you can access the internet and to remove the virus go on google and search stinger download its a free macafe progrom and it will find and remove the virus i hope this helps all of you good luck
kyleg says:

July 11, 2011 at 9:33 pm

Thank you cody gerarden, you rock your fix worked like a charm my neighbor called me all freaked out because of what one of his kids did on his PC . did what you advised as your fix and now have one happy neighbor. thanks so much......
khgman
hunt211 says:

July 19, 2011 at 12:36 am

To Cody Gerarden, than you for the tip on stinger. It did the trick.
L.D. says:

July 22, 2011 at 2:39 pm

Thank you Cody Gerarden for posting this information for everyone to utilize. That is one frustrating virus.
Nicky says:

August 12, 2011 at 9:28 am

Great, cannot access the internet. using my friends laptop now. What do I do to load up my PC to access the internet. My friend said use Safe Mode but I have no clue what that is. I am not computer savvy so please ENGLISH!
mr2beav says:

August 17, 2011 at 6:40 pm

Tried the restore method and think it worked...keeping my fingers crossed.
Also unplugged the modem like Kevin suggested...Thanks
Tina says:

November 26, 2011 at 8:23 pm

cody gerarden, you are a LIFE SAVER!!
chris says:

November 28, 2011 at 7:26 pm

im ok wit computers but anti-virus stuff im not good wit i was playing games on me computer then i woke my dad screaming at me saying i got 27 viruses then i saw it was vista i.s. 2012 it looked suspicious so i ran webroot then quarantined viruses then ran the scan on vista totaly the same number so i did sum research found this website no other method works but i hope this one does ): im using a different computer right now
Aaron says:

November 29, 2011 at 4:25 am

Thank you cody! It did the trick! I really appreciate it.
Viktor says:

November 30, 2011 at 1:35 am

Thank you cody gerarden, works good, I removed this bastard :))
Cathy says:

December 4, 2011 at 2:51 pm

I have tried to delete the program, but every time I try to do a system restore I am not allowed because Vista security still blocks it! I have tried to download the link as well. and NOTHING works! I don't know what to do anymore. This is all done through Safe mode as well. How do I fix my computer?? please help!
john page says:

December 5, 2011 at 12:18 pm

Guys, It works. Went to safe mode and ran restore. Its gone. Yeah. Thanks BoPeep
kristen says:

December 5, 2011 at 12:25 pm

Everytime I try to download the stinger program onto my computer, the vista thing blocks it and wont allow me. 🙁 I need to access my computer..
Allyson says:

December 6, 2011 at 2:50 pm

I\'ve installed SpyHunter4 and it is scanning my files now. Question...should I purchase the full registered version? It\'s only $40 but I am wondering if anyone found it to be worthwhile. We\'ve just been using the free avast anti-virus software, which obviously didn\'t catch the Vista Security 2012 virus. Any advice?
Sue Lewis says:

December 7, 2011 at 11:33 am

Allyson,

All I can say is use your own judgment. I happen to have purchased SPyHunter and love it. Some have said they did not like it but I suspect that after purchasing they were able to remove the malware program. In my case, I had so much other garbage on my PC in addition to Vista Security 2012 that SpyHunter found and removed. After doing so my PC runs faster and boots faster. For now I will continue to use it as it has proved itself worthy so far. I cannot speak for others or long-term. I have only been using it for 2 months now. Hope this helps you.
Becky says:

December 12, 2011 at 2:48 pm

Watch out even if you do a system restore this thing is nasty. I've been using Microsoft Security Essentials and it catches it after the restore- but it comes back. I'm going to try Spy Hunter and see how that works.
Dan the Man says:

December 14, 2011 at 1:56 am

if you have windows vista or higher and you computer is already infected with this crap windows vista security 2012 virus/scam and you want to know how to run applications first right click on the then select run as administrator and it should run. worked for me so far. after this I won't trust ANY software that doesn't come from microsoft. i suggest the same for all you PC users
lynn says:

December 17, 2011 at 1:38 pm

CODY YOU R MY HERO!!!!!!
gmanphotos says:

December 19, 2011 at 3:48 am

I used the suggestion posted by Cody Gerarden in this thread and it worked for me. Thanks Cody!!!
Dylan says:

December 24, 2011 at 5:27 pm

thank you very much cody
Russell says:

December 26, 2011 at 11:06 am

Kudos to Cody! Worked and worked well, thanks!
Barb H says:

December 26, 2011 at 5:57 pm

Oh my gosh.. I'm retarded! I actually fell for this thing! 🙁 Does anyone know how I can get my money back? I called & left a message with my bank to have it blocked, but they're closed for the night! UGH! I feel like such a sucker!
Anne says:

December 29, 2011 at 6:06 pm

I have the vista internet security 2012 problem and have tried what Cody said but it interrupts every time I go into rkill? Should I try to go to Stinger download now or keep trying the rkill first of all? HELP PLEASE?
Chris C says:

December 30, 2011 at 12:08 am

Cody Gerarden: All I can say is " YOU DA MAN" Thank you, thank you, thank you. It worked like a champ
Maria says:

January 2, 2012 at 10:55 am

Thanks to Cody!!! I appreciate this post. You have saved me many hours of headaches. Thanks again!!
josh says:

January 3, 2012 at 9:37 am

worked great, thanks!

"cody gerarden says:
July 10, 2011 at 11:37 pm
ok everyone i have sucessfully removed the virus what you need to do is download this program it will stap all malware and virus functions its called rkill if you cant access the computers internet use a flash drive and download from another computer once its on ur computer run it and you can access the internet and to remove the virus go on google and search stinger download its a free macafe progrom and it will find and remove the virus i hope this helps all of you good luck"
Peter says:

January 5, 2012 at 4:38 pm

Download SPYHUNTER on a clean pc. Put it on usb. Place it on infected pc at desktop. Rename .exe to .com Because V.I.S blocks all exe. Run SPYHUNTER, and done. It works 100%
Dave... says:

January 9, 2012 at 4:49 pm

I deleted the virus by deleting the file that was the causes when the virus spamed me the file Pwb.exe was one my process list than I' ve made a research one my computer found the file and deleated it BUT!!! there's the problem now virus look to be gone but each time I start a processus like firefox, msn, Ccleaner it always ask me to search the program to open it like if I uses firefox I need to find the program firefox wich piss me… Does any one know what to do to solves this???
Neeraj says:

January 10, 2012 at 10:29 pm

you are genius. It worked.
Princess says:

January 11, 2012 at 3:16 am

All I can say is thank you to the people who actually take the time to post the fixes for these nightmares. Mr. Cody Gerarden...Hats off to you! I worked like a charm! Note to all who does it; it works! But you MUST run Stinger in Safe Mode because the virus will not allow you to remove an .exe file in regular mode. Thanks again Cody.
Keith says:

January 11, 2012 at 4:47 pm

I did the same thing, with the same success. Definitely worth the purchase.
James w. says:

January 14, 2012 at 11:41 pm

I have to join the chorus of people singing Cody Gerarden's praises. His fix worked and I appreciate the post.
Stephnie Niziol says:

March 25, 2012 at 3:19 am

Do you feel that getting rid of malware and viruses will make your personal computer operate faster. Isn't it actually a matter of security more than computer speed? I am aware there may be some speed enhancement but for many personal computers today having a program like that running doesn't really effect speed much.