Vista Antispyware 2012

By ESGI Advisor in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 8
First Seen: December 5, 2011
Last Seen: February 2, 2021
OS(es) Affected: Windows

Vista Antispyware 2012 Image

Vista Anti-Spyware 2012 is thought to have been created in the Russian Federation. The first instances of this rogue anti-spyware infection started appearing in early June of 2011. Vista Anti-Spyware is one of the dozens of possible clones of the Ppn.exe process, a harmful file that attempts to blackmail users into giving up their credit card information. This application is unique in that Vista Anti-Spyware 2012 uses different names and skins depending on the user's operating system. This is a unique development that has caused security specialists from all over the world to start paying attention.

How Did Ppn.exe Get on My Computer?

Ppn.exe is usually delivered through a Trojan, a piece of code that exploits a weakness in your computer's security to deliver harmful software. This Trojan was probably acquired by visiting infected websites or using fake computer scans online. Apart from these, other ways of downloading this and other harmful software are: clicking on banners and pop-up adds on adult websites and file sharing networks, downloading fake video codecs and applications from adult video sites, and opening attachments in suspicious spam emails. The first sign of the Trojan is a notification from Windows Automatic Update that, although realistic looking, is completely fake. This fake update will download one of dozens of different skins and names for Ppn.exe, in this case Vista Anti-Spyware 2012. There are three different possible groups of skins, corresponding to the operating systems Windows XP, Windows Vista, and Windows 7. Vista Anti-Spyware 2012 is one of dozens of possible Ppn.exe themes for computer users running the Windows Vista operating system.

What Does Vista Anti-Spyware 2012 Do?

Once Vista Anti-Spyware is installed in a computer system, Vista Anti-Spyware 2012 will alter the registry so that Vista Anti-Spyware 2012 will run when Windows starts up. Upon entering Windows, the user will be greeted by the Vista Anti-Spyware 2012 screen, claiming that Vista Anti-Spyware 2012 is running a system scan. This scan is not real. The Vista Anti-Spyware 2012 fake scan will claim that there are numerous infected files on the user's system, and then will prompt the user to enter his credit card information to buy a license, so the supposed infection can be removed. Entering the credit card information into Vista Anti-Spyware 2012 does nothing, since Vista Anti-Spyware 2012 is the infection on the system. Vista Anti-Spyware 2012 uses Trojans or rootkits to block certain essential system folders and files, and to affect browsing habits. Trojans and rootkits can change the user's homepage and constantly redirect the user to websites asking for payment on a rogue anti-spyware program like Vista Anti-Spyware 2012 or may also block access to the Internet altogether. All of Vista Anti-Spyware 2012 tricks are used to scare computer users into thinking that their system is infected by numerous viruses. Blocking access to the Internet, Task Manager, and other system folders also has the result of turning it a lot more difficult to remove Vista Anti-Spyware 2012 and similar fake security programs.

How to Avoid Being Infected with Vista Anti-Spyware 2012

There are some simple steps that any user can take to avoid being infected by Vista Anti-Spyware 2012 and similar rogue anti-spyware programs.

- Use a trustworthy anti-virus or anti-malware application and scan your system regularly.

- Avoid visiting suspicious websites, especially adult video websites and file sharing networks.

- If you cannot avoid visiting these websites, do not click on banner advertisements, pop-up windows, or download any files.

- Keep your system protected with a regularly updated firewall.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Vista Antispyware 2012 Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Vista Antispyware 2012 may create the following file(s):
# File Name Detections
1. %AppData%\Local\[RANDOM CHARACTERS].exe
2. %Temp%\[RANDOM CHARACTERS]
3. %AllUsersProfile%\[RANDOM CHARACTERS]
4. %UserProfile%\Start Menu\Programs\Vista Antispyware 2012.lnk
5. %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
6. %UserProfile%\Desktop\Vista Antispyware 2012.lnk
7. %AppData%\Local\[RANDOM CHARACTERS]

Registry Details

Vista Antispyware 2012 may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’

Messages

The following messages associated with Vista Antispyware 2012 were found:

"Privacy threat! Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair"
"Stealth intrusion! Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now"
"System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here"

Trending

Most Viewed

Loading...