Don't Copy From This Blog...
Vista Antispyware 2011, Vista Security 2011 and Vista Antimalware 2011 are a few names of the same rogue security program that intentionally misrepresents the security status of your computer, pretends to scan your computer for malicious software and blocks certain executable files (.exe) from running. The scam is intended to frighten you into purchasing the fake program. Please do not purchase Vista Antispyware 2011, Vista Antimalware 2011 or any other rogue program from the list below. This rogue program is downloaded mostly by trojans that come from fake online scanners, infected websites or spam emails. The bad guys may also distribute their bogus products on Facebook, Twitter and other social networks. If you got hit by this rogue security program please follow the removal instructions below.This rogue program goes by many different program names listed below.
- Vista Antispyware
- Vista Antispyware 2011
- Vista Anti-Virus
- Vista Anti-Virus 2011
- Vista Home Security
- Vista Home Security 2011
- Vista Security
- Vista Security 2011
- Vista Internet Security
- Vista Internet Security 2011
- Vista Antimalware
- Vista Antimalware 2011
- Vista Guard
- Vista Total Security
- Vista Total Security 2011
A screen shot of Vista Security 2011 |
Vista Antispyware 2011 Firewall Alert
Vista Antispyware 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Privacy threat!The scan results and security warnings produced by the misleading application are entirely false and should be ignored. Last, but not least, this fake program will hijack Internet Explorer and Mozilla Firefox. It will display a fake alert message and block nearly all websites you attempt to visit. The message that you will see is:
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site's pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.
Things you can do:
- Get a copy of Vista Antispyware 2011 to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)
It goes without saying that you should remove this rogue program from your computer as soon as possible. It exaggerates the problems on the system and refuse to fix them until the vendor is paid. Please do not pay for a program that doesn't work. It will give you a false sense of security and may eve leads to potentially greater risks from more aggressive threats. If you have already purchased this bogus program then you should contact your credit card company and dispute the charges. We also recommend you to cancel your credit card. Finally, please follow the removal instructions below to remove Vista Antispyware 2011, Vista Security 2011 or Vista Antimalware 2011 from your computer for free using legitimate anti-malware applications. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!
Vista Antispyware 2011, Vista Security 2011 or Vista Antimalware 2011 removal instructions:
1. Click Start->Run or press WinKey+R. Type in "command" and press Enter key.
2. In the command prompt window type "notepad" and press Enter key. Notepad will come up.
3. Copy all the text in blue color below and paste to Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[-HKEY_CLASSES_ROOT\secfile]
4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)
5. Double-click on the fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
7. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus 4.
Associated Vista Antispyware 2011, Vista Security 2011 or Vista Antimalware 2011 files and registry values:
Files:
- C:\ProgramData\[SET OF RANDOM CHARACTERS]
- C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe
- C:\Users\AppData\Local\[SET OF RANDOM CHARACTERS]
- C:\Users\AppData\Roaming\Microsoft\Windows\Templates\[SET OF RANDOM CHARACTERS]
- C:\Users\[Username]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS]
[SET OF RANDOM CHARACTERS] = d6e3porotq7359g8rm1q286zx
[3 RANDOM CHARACTERS].exe = hyf.exe
Registry values:
- HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
- HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
- HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe.exe" /START "%1" %*'
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
- HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
- HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
- HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
- HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "%1" %*'
- HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
- HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
- HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
- HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
- HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "%1" %*'
- HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
- HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
- HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
- HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
- HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
- HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
- HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "%1" %*'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"C:\Users\AppData\Local\[3 RANDOM CHARACTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
0 comments:
Post a Comment