Vista Antispyware 2013 Description

[+] Click Image to Enlarge

• 

ESG security researchers have received reports of new variants of Braviax family rogue security programs. These newest variants of this dangerous family of malware add the ‘2013′ string to each fake security program’s name. Vista Antispyware 2013 is one of dozens of fake security programs released in October of 2012 in anticipation of the coming New Year. The main feature of Vista Antispyware 2013’s family of malware is that these fake security programs have the ability to adapt to the operating system being used on the infected computer. Vista Antispyware 2013 and other malware in this fake security software family are installed with the aid of Trojans typically downloaded as part of social engineering scams.

How Vista Antispyware 2013 Adapts to Your Computer’s Operating System

Vista Antispyware 2013 attacks computers that are using the Windows Vista operating system. Vista Antispyware 2013 has the ability to adapt to the victim’s computer. If the Windows XP or Windows 7 operating systems are being used on the infected computer, then rather than installing Vista Antispyware 2013, the Trojan responsible for installing these fake security programs will install XP Antispyware 2013 or Win 7 Antispyware 2013 respectively for both of these two operating systems. ESG team of malware analysts considers that Vista Antispyware 2013 poses a severe threat to a computer’s security and that you should use a strong anti-malware solution to remove this bogus security program.

Vista Antispyware 2013 has no components that allow Vista Antispyware 2013 to detect or remove malware or spyware in a computer. Rather, Vista Antispyware 2013 is designed to display numerous fake alerts and system error messages that are designed to convince inexperienced computer users that their computer has become invaded with dangerous viruses, spyware and Trojans. Trying to use Vista Antispyware 2013 to remove these nonexistent malware threats from the infected computer is futile. Doing this leads to error messages that prompt the victim to pay for a nonexistent full version of this fake security program. Criminals do this to steal their victims’ money as well as to gain unauthorized access to a computer user’s credit card. ESG security researchers strongly advise against paying for Vista Antispyware 2013 supposed full version, even if only in an attempt to stop this bogus security program from displaying irritating error messages

Type: Rogue AntiSpyware Programs

How Can You Detect Vista Antispyware 2013?

Vista Antispyware 2013 Technical Report

As new Vista Antispyware 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Vista Antispyware 2013:

The following fake error message(s) appears for Vista Antispyware 2013:

Critical System Alert!
Unknown software is try to take control over your system!

System hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

System hacked!
Unknown program is scanning your system registry right now! Identity theft detected!

Privacy alert!
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.

Vista Antispyware 2013 Removal Details

Vista Antispyware 2013 has typically the following processes in memory:

• %LocalAppData%\[RANDOM CHARACTERS].exe

Vista Antispyware 2013 creates the following files in the system:

• %LocalAppData%\[RANDOM CHARACTERS]
• %Temp%\[RANDOM CHARACTERS]
• %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
• %CommonAppData%\[RANDOM CHARACTERS]

Vista Antispyware 2013 creates the following registry entries:

• HKEY_CURRENT_USER\Software\Classes\ “(Default)” = ‘Application’
• HKEY_CURRENT_USER\Software\Classes\\DefaultIcon “(Default)” = ‘%1′
• HKEY_CLASSES_ROOT\ah\shell\open\command “IsolatedCommand”
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe -a “C:\Program Files\Mozilla Firefox\firefox.exe”"
• HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ”
• HKEY_CURRENT_USER\Software\Classes\\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode”
• HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_CLASSES_ROOT\
• HKEY_CLASSES_ROOT\ah\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”"

Important Article Disclaimer