Vista Antivirus 2013 Description

[+] Click Image to Enlarge

• 

There has been a recent wave of attacks involving fake security programs with the ‘2013′ string appended to the end of each fake security application’s name. In fact, these are recently released versions of previous malware programs such as Vista Antivirus 2012, Vista Antivirus 2011 and Vista Antivirus 2010, all consisting in the same fake security program released with a new name and interface design each year. All versions of Vista Antivirus 2013 are considered malware and will cause disruptions in your computer as well as attempting to steal your money.

While most fake security programs carry out variants of what is essentially the same scam, one feature of Vista Antivirus 2013 sets it apart from other rogue security applications: Vista Antivirus 2013 can change its name and appearance depending on the victim’s operating system. While Vista Antivirus 2013 is used to target computers with the Windows Vista operating system, computer users with the Windows XP or Windows 7 operating system will find that XP Antivirus 2013 and Win 7 Antivirus 2013 are installed on their computer respectively. Apart from this slight change to each program’s name, Vista Antivirus 2013 and its clones are the same in all other aspects.

The Vista Antivirus 2013 scam is not particularly sophisticated. Basically, criminals will use Vista Antivirus 2013 to convince inexperienced computer users that they need to waste their money on a useless, fake security program. To do this, Vista Antivirus 2013 displays numerous error messages with alarming implications, claiming that the victim’s computer has been invaded by Trojans, viruses, spyware and other malware threats. Vista Antivirus 2013 can also cause problems directly, such as causing the infected computer to become slower and to crash frequently, as well as blocking access to the victim’s files or to the Internet. If the victim tries to use Vista Antivirus 2013 to fix these supposed malware problems, Vista Antivirus 2013 will display an error message claiming that they can only be removed by upgrading to a premium version of Vista Antivirus 2013. This ‘full version’ is, of course, not free, despite not having any real anti-malware capabilities.

Type: Rogue Anti-Virus Program

How Can You Detect Vista Antivirus 2013?

Vista Antivirus 2013 Technical Report

As new Vista Antivirus 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Vista Antivirus 2013:

The following fake error message(s) appears for Vista Antivirus 2013:

Vista Antivirus 2013 Firewall Alert
Vista Antivirus 2013 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

System hacked!
Unknown program is scanning your system registry right now! Identity theft detected!

Privacy alert!
Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an
in-depth scan and removal now, click here.

Critical System Alert!
Unknown software is try to take control over your system!

Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Malware intrusion!
Sensitive areas of your system ware found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

Vista Antivirus 2013 Removal Details

Vista Antivirus 2013 has typically the following processes in memory:

• %Temp%\[RANDOM CHARACTERS].exe
• %CommonAppData%\[RANDOM CHARACTERS].exe
• %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS].exe
• %LocalAppData%\[RANDOM CHARACTERS].exe

Vista Antivirus 2013 creates the following registry entries:

• HKEY_CURRENT_USER\Software\Classes\ “(Default)” = ‘Application’
• HKEY_CURRENT_USER\Software\Classes\\DefaultIcon “(Default)” = ‘%1′
• HKEY_CLASSES_ROOT\ah\shell\open\command “IsolatedCommand”
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe -a “C:\Program Files\Mozilla Firefox\firefox.exe”"
• HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ”
• HKEY_CURRENT_USER\Software\Classes\\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode”
• HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_CLASSES_ROOT\
• HKEY_CLASSES_ROOT\ah\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “”%LocalAppData%\.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”"

Important Article Disclaimer