Vista Internet Security 2012

Vista Internet Security 2012 Description

Type: Trojan

ScreenshotVista Internet Security 2012 is one of the manifestations of a family of rogue anti-spyware programs. These rogue anti-spyware programs have a high threat level and pose a significant security risk. If a user finds one of these programs on his computer, it is important to remove the program manually or with a legitimate anti-malware tool, and then scan the computer for additional harmful threats infecting the machine.

What Exactly is Vista Internet Security 2012?

This harmful program has Vista Internet Security 2012's origins in the Russian Federation, a country that has produced many of the world's most dangerous and insidious viruses and malware. As the name of the program implies, Vista Internet Security 2012 goes under the guise it wascreated in 2012, and as an evolution of previous similar programs that lacked the ability to change, according to the user's operating system. The actual name of the file which makes possible the name changing is Ppn.exe. This file can also show up as Kdn.exe or with another three-letter name. This file can have dozens of different names. Ppn's main feature is that it changes names and skins according to the user's operating system. Therefore, it created three main sets of names and themes for Vista Internet Security 2012, corresponding to Windows 7, Windows XP, and Windows Vista. As can be seen from Vista Internet Security 2012's name, Vista Internet Security 2012 is the name that it takes when attacking PCs running Windows Vista.

Detecting a Vista Internet Security 2012 Infection

The way this family of harmful security applications installs is by a Trojan that mimics a Windows Automatic Update. A fake Windows Update notification is often the first sign that the computer is infected. This happens before the program is actually installed, and the name and theme customized to the user's particular operating system. The authors designed the notification to be very similar, and practically identical to a real Windows Automatic Update, making the user believe that his operating system is simply downloading a normal update. Here is where the Trojan detects the operating system being used and downloads the appropriate theme for the program. There have been cases in which the program downloads the wrong skin, resulting in a Vista Internet Security 2012 infection on an operating system that is not Windows Vista. However, these cases are rare. Once the program is installed, the rest of the warning signs are similar to other rogue anti-spyware applications. Some of these are:

- A fake system scan.

- Internet and file browsing problems.

- Constant misleading security alerts.

Things to Avoid When Dealing with Vista Internet Security 2012

When dealing with Vista Internet Security 2012, or similar rogue anti-spyware programs, there are several things which are important to avoid. Pay attention to these indications, to prevent you from becoming a victim of a scam, or irreparably damaging your computer.

- Do not enter your credit card number, under any circumstances. This will do nothing to stop the annoying security alerts and will not restore your computer's full operation.

- Do not delete the files showing up as infected in the fake system scan. These are often harmless files that are not infected at all. Some of them may be essential to your system's correct operation, and deleting them may irreparably corrupt your system.

-Do not enter personal or sensitive information into your computer, if you are concerned about being infected by Vista Internet Security 2012. These kinds of programs often reveal your personal information to third parties and follow your browsing habits on the Internet.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

File System Details

Vista Internet Security 2012 creates the following file(s):
# File Name Detection Count
1 %AppData%\Local\(random 3 letters).exe N/A
2 %AllUsersProfile%\wrdgt6knnhg8qwxst6hfljs11 N/A
3 %Temp%\wrdgt6knnhg8qwxst6hfljs11 N/A
4 %AppData%\Roaming\Microsoft\Windows\Templates\wrdgt6knnhg8qwxst6hfljs11 N/A
5 %AppData%\Local\wrdgt6knnhg8qwxst6hfljs11 N/A

Registry Details

Vista Internet Security 2012 creates the following registry entry or registry entries:
Registry key
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1?
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘

More Details on Vista Internet Security 2012

The following messages associated with Vista Internet Security 2012 were found:
Malware Intrusion!
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.
Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Severe System Damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
Threat Detected!
Security Alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan.
Virus Intrusion!
Your computer security is at risk. Spyware, worms, and Trojans were detected in the background. Prevent data corruption and credit card information theft. Safeguard your system and perform a free security scan now.
Vista Internet Security 2012 Alert
Security hole detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen!
Threat: Trojan-Downloader.BAT.Ftp.ab
Vista Internet Security 2012 Alert
System Hacked!
Unknown program is scanning your system registry right now! Identity theft detected!
Threat: Backdoor.Perl.AEI.16
Vista Internet Security 2012 Alert
System Integrity Check
Warning! Sensitive data may be sent over your internet connection right now!
Threat: Trojan-PSW.Win32.Antigen.A
Vista Internet Security 2012 Firewall Alert
Vista Internet Security 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.