Vista Security 2012
Posted: June 9, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | August 9, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Vista Security 2012 is a rogue security application that can't provide real threat detection, but instead, Vista Security 2012 uses false positives in its pop-ups and system scans to fake usefulness. While serving as a fake security product, Vista Security 2012 will also attack your browser and other programs directly to control your website content, and prevent you from using security-related software. Since Vista Security 2012 is an active threat to any computer's security, you should delete Vista Security 2012 by making use of any high-quality anti-malware product that's available.
The Real Vista Security 2012 Features to Worry About
Vista Security 2012 looks like a standard anti-virus program, and, in fact, shares the majority of its appearance with other recent threats like Win 7 Security 2012, XP Security 2012, Win 7 Anti-Virus 2012, XP Anti-Spyware 2012 and XP Internet Security 2012. Beneath Vista Security 2012's appearance, however, lies a series of concealed traps that attack different programs to make it feel like countless infections are infesting your PC.
Vista Security 2012 and related threats can hijack your web browser, an attack that seeks to control which websites you can visit whenever you use a well-known browser. Vista Security 2012 hijacks can change your search engine results or homepage, create fake error pages, spawn countless pop-up windows and redirect you to or from various sites.
A secondary Vista Security 2012 attack is its ability to prevent you from using other programs. Vista Security 2012 is particularly likely to prevent you from using real security software or programs that can help you remove Vista Security 2012, but programs that don't fit the above descriptions can also be blocked.
The Fake Features That Vista Security 2012 Uses to Hide Its Tracks
The above attacks are just part of an overall campaign that Vista Security 2012 implements, to make you give your credit card information over to its fraudulent website. Vista Security 2012 makes this more desirable by creating fake alerts about infections, implying that the only way to get rid of them is to purchase a Vista Security 2012 registration key.
Vista Security 2012 may create system scans that automatically detect fake infections on your PC, as well as use pop-up windows. The latter can appear at random, or Vista Security 2012 may create them when it blocks a program to make you believe that Vista Security 2012 isn't the guilty culprit.
Examples of Vista Security 2012 fake warnings can include:
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.
Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.
Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
As noted before, Vista Security 2012 can't detect threats on your PC, and you can ignore these warnings without any harm coming to your computer. However, Vista Security 2012 itself should be removed as soon as possible, although manual removal methods may have undesired side effects. For this reason, it's suggested that you use updated security software to scan your PC while in Safe Mode. This will prevent Vista Security 2012 from being able to run automatically, which would let it interfere with your ability to delete Vista Security 2012 for good.
Aliases
More aliases (54)
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Vista Security 2012 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
* See Free Trial offer below. EULA and Privacy/Cookie Policy.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%LOCALAPPDATA%\opf.exe
File name: opf.exeSize: 348.16 KB (348160 bytes)
MD5: 8afe2278f2a8fe1d97f1bc3ac982d1a7
Detection count: 94
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011
%LOCALAPPDATA%\ssp.exe
File name: ssp.exeSize: 344.06 KB (344064 bytes)
MD5: 5c991c7ded7060d69e4844d54f42eaef
Detection count: 77
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011
%LOCALAPPDATA%\vxp.exe
File name: vxp.exeSize: 544.76 KB (544768 bytes)
MD5: 2de65fde22d7ed7082f6ae2a3f1c8224
Detection count: 57
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011
%LOCALAPPDATA%\nlu.exe
File name: nlu.exeSize: 344.06 KB (344064 bytes)
MD5: c40c11b255169ea9a2a96419aa89b63e
Detection count: 29
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011
%LOCALAPPDATA%\ggw.exe
File name: ggw.exeSize: 331.77 KB (331776 bytes)
MD5: dbdd0edf3fae9e277b7245f2a570cb53
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: August 9, 2011
%AppData%\Roaming\Microsoft\Windows\Templates\67sdh53ygdhilutew20ijnbgc
File name: %AppData%\Roaming\Microsoft\Windows\Templates\67sdh53ygdhilutew20ijnbgcGroup: Malware file
%AllUsersProfile%\67sdh53ygdhilutew20ijnbgc
File name: %AllUsersProfile%\67sdh53ygdhilutew20ijnbgcGroup: Malware file
%AppData%\Local\67sdh53ygdhilutew20ijnbgc
File name: %AppData%\Local\67sdh53ygdhilutew20ijnbgcGroup: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" β '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
Additional Information
| # | Message |
|---|---|
| 1 | Critical Warning! Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended) |
| 2 | Security Alert! Your computer is being attacked from a remote machine! Block Internet access to your computer to prevent system infection. |
| 3 | System warning! Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer. |
| 4 | System warning! Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start. |
Great try, But Vista Security still runs in safe mode. Try to kill it and it comes right back. Also, it DOES NOT allow you to open Chrome of Firefox either, it doesn\\\'t effect just IE.
Try physically disconnecting the modem and rebooting the computer. I know it sounds odd, but we did this and for whatever reason it not only let us use Firefox, it also let us even use our legit anti- virus program.
just do this guys. 1. boot into safe mode by pressing F8 before Windows fully loads (before splash screen)
2. use windows restore to restore your pc back to the latest restore point.
3. restart.
4. look at your happy face because vista security 2012 is gone.
Need your help. I cannot use my internet as Vista Internet Security 2012 Firewall Alerts are blocking. Please show me how to remove Vista Internet Security 2012 from my computer.
Thanks
ok everyone i have sucessfully removed the virus what you need to do is download this program it will stap all malware and virus functions its called rkill if you cant access the computers internet use a flash drive and download from another computer once its on ur computer run it and you can access the internet and to remove the virus go on google and search stinger download its a free macafe progrom and it will find and remove the virus i hope this helps all of you good luck
Thank you cody gerarden, you rock your fix worked like a charm my neighbor called me all freaked out because of what one of his kids did on his PC . did what you advised as your fix and now have one happy neighbor. thanks so much......
khgman
To Cody Gerarden, than you for the tip on stinger. It did the trick.
Thank you Cody Gerarden for posting this information for everyone to utilize. That is one frustrating virus.
Great, cannot access the internet. using my friends laptop now. What do I do to load up my PC to access the internet. My friend said use Safe Mode but I have no clue what that is. I am not computer savvy so please ENGLISH!
Tried the restore method and think it worked...keeping my fingers crossed.
Also unplugged the modem like Kevin suggested...Thanks
cody gerarden, you are a LIFE SAVER!!
im ok wit computers but anti-virus stuff im not good wit i was playing games on me computer then i woke my dad screaming at me saying i got 27 viruses then i saw it was vista i.s. 2012 it looked suspicious so i ran webroot then quarantined viruses then ran the scan on vista totaly the same number so i did sum research found this website no other method works but i hope this one does ): im using a different computer right now
Thank you cody! It did the trick! I really appreciate it.
Thank you cody gerarden, works good, I removed this bastard :))
I have tried to delete the program, but every time I try to do a system restore I am not allowed because Vista security still blocks it! I have tried to download the link as well. and NOTHING works! I don't know what to do anymore. This is all done through Safe mode as well. How do I fix my computer?? please help!
Guys, It works. Went to safe mode and ran restore. Its gone. Yeah. Thanks BoPeep
Everytime I try to download the stinger program onto my computer, the vista thing blocks it and wont allow me. π I need to access my computer..
I\'ve installed SpyHunter4 and it is scanning my files now. Question...should I purchase the full registered version? It\'s only $40 but I am wondering if anyone found it to be worthwhile. We\'ve just been using the free avast anti-virus software, which obviously didn\'t catch the Vista Security 2012 virus. Any advice?
Allyson,
All I can say is use your own judgment. I happen to have purchased SPyHunter and love it. Some have said they did not like it but I suspect that after purchasing they were able to remove the malware program. In my case, I had so much other garbage on my PC in addition to Vista Security 2012 that SpyHunter found and removed. After doing so my PC runs faster and boots faster. For now I will continue to use it as it has proved itself worthy so far. I cannot speak for others or long-term. I have only been using it for 2 months now. Hope this helps you.
Watch out even if you do a system restore this thing is nasty. I've been using Microsoft Security Essentials and it catches it after the restore- but it comes back. I'm going to try Spy Hunter and see how that works.
if you have windows vista or higher and you computer is already infected with this crap windows vista security 2012 virus/scam and you want to know how to run applications first right click on the then select run as administrator and it should run. worked for me so far. after this I won't trust ANY software that doesn't come from microsoft. i suggest the same for all you PC users
CODY YOU R MY HERO!!!!!!
I used the suggestion posted by Cody Gerarden in this thread and it worked for me. Thanks Cody!!!
thank you very much cody
Kudos to Cody! Worked and worked well, thanks!
Oh my gosh.. I'm retarded! I actually fell for this thing! π Does anyone know how I can get my money back? I called & left a message with my bank to have it blocked, but they're closed for the night! UGH! I feel like such a sucker!
I have the vista internet security 2012 problem and have tried what Cody said but it interrupts every time I go into rkill? Should I try to go to Stinger download now or keep trying the rkill first of all? HELP PLEASE?
Cody Gerarden: All I can say is " YOU DA MAN" Thank you, thank you, thank you. It worked like a champ
Thanks to Cody!!! I appreciate this post. You have saved me many hours of headaches. Thanks again!!
worked great, thanks!
"cody gerarden says:
July 10, 2011 at 11:37 pm
ok everyone i have sucessfully removed the virus what you need to do is download this program it will stap all malware and virus functions its called rkill if you cant access the computers internet use a flash drive and download from another computer once its on ur computer run it and you can access the internet and to remove the virus go on google and search stinger download its a free macafe progrom and it will find and remove the virus i hope this helps all of you good luck"
Download SPYHUNTER on a clean pc. Put it on usb. Place it on infected pc at desktop. Rename .exe to .com Because V.I.S blocks all exe. Run SPYHUNTER, and done. It works 100%
I deleted the virus by deleting the file that was the causes when the virus spamed me the file Pwb.exe was one my process list than I' ve made a research one my computer found the file and deleated it BUT!!! there's the problem now virus look to be gone but each time I start a processus like firefox, msn, Ccleaner it always ask me to search the program to open it like if I uses firefox I need to find the program firefox wich piss me⦠Does any one know what to do to solves this???
you are genius. It worked.
All I can say is thank you to the people who actually take the time to post the fixes for these nightmares. Mr. Cody Gerarden...Hats off to you! I worked like a charm! Note to all who does it; it works! But you MUST run Stinger in Safe Mode because the virus will not allow you to remove an .exe file in regular mode. Thanks again Cody.
I did the same thing, with the same success. Definitely worth the purchase.
I have to join the chorus of people singing Cody Gerarden's praises. His fix worked and I appreciate the post.
Do you feel that getting rid of malware and viruses will make your personal computer operate faster. Isn't it actually a matter of security more than computer speed? I am aware there may be some speed enhancement but for many personal computers today having a program like that running doesn't really effect speed much.