Vista AntiVirus

Vista AntiVirus is not what it seems. Not only Vista AntiVirus is not anti-virus software, but Vista AntiVirus also is a more complicated rogue anti-virus application than it might appear to be at first. There is much more to Vista AntiVirus than meets the eye.

How Vista AntiVirus Gets in Your Computer

Let's start with the assumption that if you have this rogue program on your computer, it is calling itself Vista AntiVirus. The name doesn't matter much, because the entire weird family behaves in the same way, for reasons that we'll get to later. Vista AntiVirus is a scam; Vista AntiVirus is fake anti-virus software that poses as actual anti-virus software or a Windows product, in order to scare you and hold your computer hostage, so that you will pay the money that Vista AntiVirus demands.

The first time you see Vista AntiVirus will be when you start Windows, and Vista AntiVirus loads its phony home screen. This home screen will have the Windows Security Center shield logo at the top, along with the name of the rogue antivirus application. Vista AntiVirus will also have a bunch of stolen Windows logos down the side, which are supposed to represent different functions of the software, and Vista AntiVirus will state that the software is unregistered. On this interface, Vista AntiVirus will display a little status screen showing different aspects of your PC's security, and Vista AntiVirus will claim that your PC lacks security features or is in danger. Vista AntiVirus will also run its fake system scans from this fake home screen, and the scans will always turn up results. However, the files that Vista AntiVirus claims are threats are actually Windows components, and if you delete them, you risk crippling your computer.

Vista AntiVirus is known to generate a large number of fake system security alerts, which will pop-up with headers like "Stealth intrusion," "Privacy threat," "System Hijack," and "System danger." These alerts will urge you to pay for and "register" Vista AntiVirus in order to avoid the threats it has claimed to detect. Vista AntiVirus will also display alerts when you try to go online, and when you try to run any actual anti-virus software. The alerts that appear in Internet Explorer will say that you have been prevented from navigating to a website because Vista AntiVirus has found the site to be malicious, and you will get this kind of alert for any real website that you try to view. The alert that appears when you try to run anti-virus software (and sometimes other programs, as well) will claim that it is a Firewall alert and that the program in question was just found to be doing something malicious.

An Overview of Vista AntiVirus

Now we come to the interesting part. As it turns out, Vista AntiVirus is just one of many names that are used to describe the same malware – not just related malware, not malware that is just in the same "family," but the same malware. The crooks behind this malware have given Vista AntiVirus the capability to change its name (and the name Vista AntiVirus displays in its windows and alerts) according to the system Vista AntiVirus infects. There is only one infection, and when Vista AntiVirus infects a computer, Vista AntiVirus checks to see which Windows product you have, and then Vista AntiVirus chooses a name, Mad-Libs style. These names have three components, with several options for each component, which results in a huge number of possible combinations:

1. Windows product name: XP, Vista, Win 7. If the malware is unable to detect your Windows version, it may go with "Desktop" "PC," or "Smart."
2. Security word or word pair: Defender, Security, AntiVirus, Antimalware, Antispyware, Security Tool, Internet Security, Guardian, Antivirus Pro, Home Security, Total Security.
3. Year or version (not always present): 2010, 2011, etc.

Using just the options listed here, keeping in mind that the year portion of the name may be included or left off, this makes for 264 possible combinations! Given the way that these rogue anti-virus applications rapidly adapt and change in order to avoid detection, it is likely that there are other, additional name component options, which would make for an even larger number of combinations. It's not hard to see how the abundance of names could confuse people into thinking that all of these names refer to different threats – but actually, it all comes down to one:
Trojan.Win32/FakeRean is sometimes classified as a Trojan downloader, and sometimes Trojan.Win32/FakeRean is classified as a rogue application. Trojan.Win32/FakeRean has been around since 2008, and the Russian scam artists behind it have been updating Trojan.Win32/FakeRean to include more recent years and more recent Windows products as potential name components. Trojan.Win32/FakeRean is typically hidden in something else that you download, and then once Trojan.Win32/FakeRean is on the system, it downloads the files Trojan.Win32/FakeRean needs to set up the rogue security software. Trojan.Win32/FakeRean will try to give the impression that whatever rogue anti-virus application is being downloaded (such as Vista AntiVirus) is being downloaded as part of a Windows update, in order to avoid suspicion. In fact, it is a defining characteristic of the Trojan.Win32/FakeRean rogue anti-virus applications that they will almost always claim an association with Microsoft or Windows.

Vista AntiVirus, along with all the other rogue security applications that are the same malware under different names, has no connection to Microsoft or Windows. Clones of Vista AntiVirus include Vista AntiVirus is not capable of performing any beneficial functions, and Vista AntiVirus is considered a severe threat to PC security.