Vista Antivirus 2012

Threat Scorecard

Ranking: 12,052
Threat Level: 80 % (High)
Infected Computers: 99
First Seen: August 22, 2011
Last Seen: September 17, 2023
OS(es) Affected: Windows

Vista Antivirus 2012 Image

Vista Antivirus 2012 is a rogue anti-virus program that comes from the FakeRean family and mainly attacks computers with the Windows Vista operating system. Vista Antivirus 2012 is one of the disguises of Ppn.exe, a harmful executable file. Ppn.exe has a feature that makes it unique; it can disguise itself to match the infected computer. If the computer being attacked has the Windows XP operating system, this program may take a name with some variation of Windows XP in the title. Its layout and skins will also match the style of Windows XP system applications. Vista Antivirus 2012 is a disguise Ppn.exe wears when it infects computers running Windows Vista. Vista Antivirus 2012 and other versions of Ppn.exe first started appearing toward the end of 2010. It is thought that this group of rogue security programs comes from the Russian Federation.

Vista Antivirus 2012 has a big list of clones that include Antivirus 2008, Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

Alternate Versions of Vista Antivirus 2012

Ppn.exe has a very large number of possible names and skins. Every day, new disguises for this harmful rogueware file are released. One should remember that whatever name it takes, it is still the Ppn.exe file process underneath. Occasionally, it will also appear on the Task Manager as Kdn.exe. It puts on the Vista Antivirus 2012 disguise when it is installing. The Trojan that delivered this dangerous rogue anti-virus program will confirm the operating system it is infecting. Then, it will download a skin from the corresponding group of skins. For each of the major Windows operating systems, there are three possible groups; Windows Vista, Windows 7 and Windows XP. Vista Antivirus 2012 comes from the group of Windows Vista skins. If it were to infect a computer with Windows XP, it would be named something like XP Anti-Virus 2012. The same principle applies for Windows 7.

How Vista Antivirus 2012 Attempts to Get Your Credit Card Information

There are several things Vista Antivirus 2012 does once Vista Antivirus 2012 is infecting your computer system. Vista Antivirus 2012 does these things to scare you. Vista Antivirus 2012 wants to frighten you so that you think your computer is in danger. Vista Antivirus 2012 will then pester you to enter your credit card information to purchase a Vista Antivirus 2012 license. Vista Antivirus 2012 will claim that it is the solution for the problems Vista Antivirus 2012 caused on your computer. There are many disruptive symptoms caused by Vista Antivirus 2012. Some of these include:

  • Terrible system performance.
  • A computer that is slow and unresponsive.
  • Constant alerts, notifications and pop-up warnings about a possible system infection.
  • Internet browsing that is completely disabled or that constantly redirects to Vista Antivirus 2012 websites.
  • Blocked access to your files and to your computer's programs.

What to Do if Your Computer System is Infected with Vista Antivirus 2012

There are two ways to remove Vista Antivirus 2012 from your machine. This could have been accomplished either manually or using a real security application. It is recommended that you use an authentic anti-virus program to get rid of Vista Antivirus 2012. However, if you cannot manage to exit Vista Antivirus 2012 to have access to any other applications there are a few things you can do.

  • Try booting in Safe Mode so that Vista Antivirus 2012 cannot start up along with Windows.
  • Use a known registration code of Vista Antivirus 2012 (try 3425-814615-3990 or 2233-298080-3424) to disable most of the alerts and the start-up splash screen.
  • Try changing your system date to shift it ahead by one week.


Vista Antivirus 2012 Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Vista Antivirus 2012 may create the following file(s):
# File Name Detections
1. %AppData%\Local\.exe
2. %UserProfile%\Local Settings\Application Data\.exe
3. %UserProfile%\Templates\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
4. %AppData%\Roaming\Microsoft\Windows\Templates\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
5. %AppData%\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
6. %AppData%\Local\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
7. %AllUsersProfile%\9olpq2xnc6yhnjeuwnjIUks1k (or any random)
8. %Temp%\9olpq2xnc6yhnjeuwnjIUks1k (or any random)

Registry Details

Vista Antivirus 2012 may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\(random 3 letters).exe" /START "C:\Program Files\Internet Explorer\iexplore.exe


The following messages associated with Vista Antivirus 2012 were found:

Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
Vista Antivirus 2012 detected 26 critical system objects.
Computer security is at risk! Your PC is still under
malware attack. Dangerous programs were found to be
running in the background. System crash and identify
theft are likely.
Privacy threat!
Spyware intrusion detected. Your system is infected.
System integrity is at risk. Private data can be stolen by
third parties including credit card details and passwords.
Click here to perform a security repair.
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Vista Antivirus 2012 Firewall Alert
Vista Antivirus 2012 has blocked a program from accessing
the internet
Firefox is infected with Trojan-BNK.Win32.Keylogger.gen

Related Posts


Most Viewed