Home Malware Programs Rogue Anti-Spyware Programs Vista Protection 2011

Vista Protection 2011

Posted: April 6, 2011

Vista Protection 2011 is a rogue security program, and as such, has no beneficial features, although Vista Protection 2011 will pretend to alert you to system threats and scan your computer. Infection by Vista Protection 2011 is a harbinger of fake desktop error messages, web browser hijacks and blocked applications and downloads. Rather than giving in and paying a fraudulent registration charge to quiet Vista Protection 2011 down, you should remove Vista Protection 2011 by using reliable anti-malware software.

Vista Protection 2011 Shows Up Unmissable Infection Signs

Vista Protection 2011 is likely to be closely related to such known threats as XP Security 2011, Vista Security 2011, XP AntiSpyware 2011 and other rogue security programs that attempt to match their names to the operating system they infect. Rogue security programs similar to Vista Protection 2011 will infiltrate your PC primarily by being hidden in fake online scanners or through Trojans that have slipped into your system already by way of browser security exploits.

Infection will result in Vista Protection 2011 or a similar threat placing entries onto the Windows Registry that enables automatic startup launches. You will not have to worry about wondering whether or not Vista Protection 2011 is on your computer, however, because Vista Protection 2011 will tend to announce itself through these types of erroneous system alerts:

”Vista Protection 2011 reports that it is turned off. Antivirus software helps protect your computer against viruses and other security threats. Click Recommendations for suggested actions you can take.”

“Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.”

“Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.”

“Vista Protection 2011 Firewall Alert!
Vista Protection 2011 has blocked a program from accessing the Internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.”

“Windows Security Center
Vista Protection 2011 reports that it is currently turned off. A firewall helps to protect your computer from potentially harmful content on the Internet. Click Recommendations to learn how to fix this problem.”

Taking Vista Protection 2011's advice will only harm your PC even more, so you should ignore both these errors and any persuasions by Vista Protection 2011 to purchase a registration.

Vista Protection 2011 is More Than Just a Malware Scarecrow

Unfortunately, even if you get used to avoiding Vista Protection 2011's registration prompts, fake alerts and scans, you're still left with other attacks that are more difficult to ignore. Browser hijacks will change your homepage, redirect you to malicious sites and can even block off safe websites. Restricted website access is usually done with a fake error message like the one below:

Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site's pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.

Things you can do:
- Get a copy of Vista Protection 2011 to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)

Vista Protection 2011 may also stop you from downloading or launching security applications. In the former case, renaming the file to a generic permissible one may let you get the download onto your PC. To run your anti-malware programs and be rid of Vista Protection 2011, you should restart in Safe Mode.

A Safe Mode-based scanning environment, along with the latest threat database updates for your chosen scanner, will let you delete Vista Protection 2011 without undesirable side effects. If Vista Protection 2011 remains particularly stubborn, you might try using the code '1147-175591-6550.' to register Aviraprotect.com first. This may cause the malicious attacks to relax, and thus, allow for proper removal of Vista Protection 2011.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%t3e0ilfioi3684m2nt3ps2b6lru
    2 %AppData%Local[RANDOM CHARACTERS].exe
    3 %AppData%Localt3e0ilfioi3684m2nt3ps2b6lru
    4 %AppData%RoamingMicrosoftWindowsTemplatest3e0ilfioi3684m2nt3ps2b6lru
    5 %Temp%t3e0ilfioi3684m2nt3ps2b6lru
    6 HKEY_CLASSES_ROOT.exeDefaultIcon "(Default)" = '%1'
    7 HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data.exe" /START "%1" %*'
    8 HKEY_CLASSES_ROOT.exeshellopencommand "IsolatedCommand" = '"%1" %*'
    9 HKEY_CLASSES_ROOT.exeshellrunascommand "(Default)" = '"%1" %*'
    10 HKEY_CLASSES_ROOT.exeshellrunascommand “IsolatedCommand” = '"%1" %*'
    11 HKEY_CLASSES_ROOTexefile "Content Type" = 'application/x-msdownload'
    12 HKEY_CLASSES_ROOTexefileshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data.exe" /START "%1" %*'
    13 HKEY_CLASSES_ROOTexefileshellopencommand "IsolatedCommand" = '"%1" %*'
    14 HKEY_CLASSES_ROOTexefileshellrunascommand "IsolatedCommand" = '"%1" %*'
    15 HKEY_CURRENT_USERSoftwareClasses.exe "(Default)" = 'exefile'
    16 HKEY_CURRENT_USERSoftwareClasses.exe "Content Type" = 'application/x-msdownload'
    17 HKEY_CURRENT_USERSoftwareClasses.exeDefaultIcon "(Default)" = '%1' = '"%UserProfile%Local SettingsApplication Data[RANDOM 3 CHARACTERS].exe" /START "%1" %*'
    18 HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "IsolatedCommand" = '"%1" %*'
    19 HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand "(Default)" = '"%1" %*'
    20 HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand "IsolatedCommand" = '"%1" %*'
    21 HKEY_CURRENT_USERSoftwareClassesexefile "(Default)" = 'Application'
    22 HKEY_CURRENT_USERSoftwareClassesexefile "Content Type" = 'application/x-msdownload'
    23 HKEY_CURRENT_USERSoftwareClassesexefileDefaultIcon "(Default)" = '%1'
    24 HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data.exe" /START "%1" %*'
    25 HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "IsolatedCommand" = '"%1" %*'
    26 HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand "(Default)" = '"%1" %*'
    27 HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand "IsolatedCommand" – '"%1" %*'
    28 HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"'
    29 HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%UserProfile%Local SettingsApplication Data.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'
    30 HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data.exe" /START "C:Program FilesInternet Exploreriexplore.exe"'

One Comment

  • walter garrett says:

    Geek Squad is rarely correct. The spyware may give you trouble trying to download and install programs that remove it. That's how they work. They disable the programs that can be used to removed them. But there's ALWAYS a way around it. This usually involves starting in Safe Mode and doing malware and virus scans from there. Don't waste your money with Geek Squad.

Loading...