Vista Home Security 2011

Vista Home Security 2011 Description

Steer clear of Vista Home Security 2011. Vista Home Security 2011 is not a real security application, and Vista Home Security 2011 is not even a unique fake. Vista Home Security 2011 is just one of the thirty-plus names taken by a single piece of malware. No matter what it calls itself, this malware has the goal of scaring you into paying for a software license that you will never receive. There is no good reason to pay for Vista Home Security 2011.

Problems Caused by Vista Home Security 2011

When Vista Home Security 2011 has taken your PC hostage and is trying to squeeze you for money, you will see the following symptoms:

  • A phony Vista Home Security 2011 interface will load every time Windows starts, and Vista Home Security 2011 will run a fake scan of your computer. However, the scan results are fabricated, and the infections reported by Vista Home Security 2011 are not actually present on your machine. Nonetheless, Vista Home Security 2011 will tell you that the "threats" Vista Home Security 2011 has detected are very dangerous, and Vista Home Security 2011 will urge you to buy a software license for Vista Home Security 2011.
  • After the fake scan, and after Windows finishes starting up, Vista Home Security 2011 will cause alerts and error messages to pop-up almost constantly. Most of these alerts start with a header that says something scary, like "System hijack!" or "System danger!" Then, they say very vague, completely false things about threats to your PC security. If you click through the prompts or click on the buttons in the alerts, you will again be urged to purchase a Vista Home Security 2011 license.
  • You will be unable to start any program other than your web browser or Vista Home Security 2011. When you try to use another program, you will get a security alert from Vista Home Security 2011 that says that the program in question is infected and dangerous. This means that your real anti-virus software will be disabled, and you can't use it to remove Vista Home Security 2011.
  • Vista Home Security 2011 will hijack your web browser, preventing you from visiting most or all websites, and repeatedly redirect you to a payment site for Vista Home Security 2011. Occasionally, you will get fake browser security windows that claim that a site is blocked because it is dangerous; these ultimately will also try to redirect you to a Vista Home Security 2011 page.
  • Vista Home Security 2011 will make several changes to the Registry in order to carry out the above actions. Among its changes is an alteration of the file association for .exe files, causing Windows to try to run them with Vista Home Security 2011 instead of Explorer. This damage to the Registry may need to be fixed manually even after Vista Home Security 2011 has been removed.
  • Vista Home Security 2011 is known to be capable of running even while Windows is in Safe Mode, due to the fact that Vista Home Security 2011 is usually bundled with a rootkit. This can make Vista Home Security 2011 extremely difficult to remove.

So, How Did Vista Home Security 2011 Infect Your PC in the First Place?

Vista Home Security 2011 infects computers through a Trojan, and that Trojan is distributed in several different ways. That means that Vista Home Security 2011 is an easy infection to catch, which makes it extremely important to use real anti-virus software to prevent malware like Vista Home Security 2011 from infecting your computer. The Trojan that supports Vista Home Security 2011 (and the same malware under its other names) may be disguised as a .pdf attachment to a spam email or as a video codec on a sketchy website, bundled with a freeware download, or pushed to your PC as a drive-by download from pop-up advertisements or malicious websites. While the Trojan is doing the dirty work of dropping the files for Vista Home Security 2011 and setting things up, it often disguises itself as a Windows Update installation.

Vista Home Security 2011 is part of a "family" of fake security programs that aren't a family at all, because there is just one malicious program that names itself according to the computers that it infects. When it infects a computer running Windows Vista, it calls itself something that starts with "Vista." When it infects a computer running XP, it uses a name starting with "XP," and so on. The rest of its name consists of a phrase selected at random from a list. So, when the Trojan that drops Vista Home Security 2011 is downloaded to your computer, it checks which version of Windows you're using, and then it names itself accordingly. It also names its executable file at random, using a string of three letters. Then, the next time you start up Windows, the fake anti-virus application will be active, with an interface to match the appearance of the version of Windows for which it has named itself.

So, in the end, Vista Home Security 2011 isn't even a "clone" of the fake security programs Vista Home Security 2011 is related to – Vista Home Security 2011 is identical to them. The malware that takes on all of these different names is known as Win32/FakeRean, or the multi-rogue. It was originated in Russia, and it is the basis of a wide-spread Internet fraud. The malware responsible for Vista Home Security 2011 most likely appeared some time early in 2010, and it has become more and more prevalent and problematic with time.

Technical Information

Registry Details

Vista Home Security 2011 creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'

One Comment

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.