Threat Database Rogue Anti-Virus Program Vista Antivirus Pro 2013

Vista Antivirus Pro 2013

Threat Scorecard

Ranking: 3,737
Threat Level: 10 % (Normal)
Infected Computers: 6,438
First Seen: September 22, 2014
Last Seen: September 20, 2023
OS(es) Affected: Windows

Vista Antivirus Pro 2013 Image

Vista Antivirus Pro 2013 is one of the many rogue security applications that are part of a notorious family of malware known as FakeRean or Braviax. Fake security programs like Vista Antivirus Pro 2013 are used to carry out a well known online scam that is used to steal money from inexperienced computer users. Every year updated versions of malware in this family are released. Vista Antivirus Pro 2013 is part of a large batch of rogue security software released in October of 2012. Although the programs themselves are essentially the same from year to year, their names are updated with the current year – as 2013 approaches, ESG security researchers have started to observe the '2013' versions of these fake security programs being released.

Vista Antivirus Pro 2013 and its clones are typically quite easy to detect. These fake security programs use identical interfaces and use a naming pattern that is probably generated automatically. As can be observed in Vista Antivirus Pro 2013, these fake security programs tend to use names that are made up of three distinct elements:

  1. These fake security programs' names typically being with the targeted operating system's name. While Vista Antivirus Pro 2013 targets computers running Windows Vista, there are variants of Vista Antivirus Pro 2013 named XP Antivirus Pro 2013, Win 7 Antivirus Pro 2013 or Win 8 Antivirus Pro 2013, installed on the operating system that corresponds to each fake security program's name.
  2. After the targeted operating system's name, these fake security applications will typically use a misleading generic term that is commonly used to name security software. Examples of this include words like antivirus, antimalware, antivirus pro or home security.
  3. To make it appear as if these fake security programs are newly released with current technology, they will often have the current year added to the end of each program's name, as is the case of Vista Antivirus Pro 2013. There are versions of Vista Antivirus Pro 2013 ending with 2009, 2010, 2011 and 2012 which correspond to previous releases of this rogue security application.

There are also versions with different names such as Antivirus 2008, Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

The Vista Antivirus Pro 2013 scam is not sophisticated. These fake security programs cause problems on the infected computer deliberately and then claim that it is necessary to purchase an upgrade in order to stop these problems. Instead, ESG malware researchers advise removing Vista Antivirus Pro 2013 with the help of real anti-malware program.

Vista Antivirus Pro 2013 Technical Report

As new Vista Antivirus Pro 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.
ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Fake message for Vista Antivirus Pro 2013:

The following fake error message(s) appears for Vista Antivirus Pro 2013:

Vista Antivirus Pro 2013 Firewall Alert
Vista Antivirus Pro 2013 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords

Vista Antivirus Pro 2013 creates the following files in the system:

%CommonApplData%\[RANDOM CHARACTERS_2]
%LocalAppData%\[RANDOM CHARACTERS_2]
%Temp%\[RANDOM CHARACTERS_2]
%UserProfile%\Templates\[RANDOM CHARACTERS_2]

Vista Antivirus Pro 2013 creates the following registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ Application
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1

File System Details

Vista Antivirus Pro 2013 may create the following file(s):
# File Name Detections
1. %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM NUMBERS AND CHARACTERS]
2. %CommonAppData%\[RANDOM NUMBERS AND CHARACTERS]
3. %LocalAppData%\[RANDOM 3 CHARACTERS].exe
4. %LocalAppData%\[RANDOM NUMBERS AND CHARACTERS]
5. %Temp%\[RANDOM NUMBERS AND CHARACTERS]
6. %UserProfile%\Templates\[RANDOM NUMBERS AND CHARACTERS]

Registry Details

Vista Antivirus Pro 2013 may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*
HKEY_CLASSES_ROOT\ah\shell\open\command "IsolatedCommand"
HKEY_CLASSES_ROOT\[RANDOM]
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = '[RANDOM]'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM] "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\[RANDOM]\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\[RANDOM]\shell\open\command "(Default)" = "%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe -a "C:\Program Files\Mozilla Firefox\firefox.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = ""%LocalAppData%\[RANDOM 3 CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe""

URLs

Vista Antivirus Pro 2013 may call the following URLs:

onlinestreamsearch.com

Messages

The following messages associated with Vista Antivirus Pro 2013 were found:

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
Tracking software found!
Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing a security scan.
Vista Antivirus Pro 2013 Firewall Alert
Vista Antivirus Pro 2013 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Trending

Most Viewed

Loading...