Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Rogue Anti-Spyware Program Vista Internet Security 2013

Vista Internet Security 2013

By ESGI Advisor in Rogue Anti-Spyware Program
Translate To:
English

Threat Scorecard

Ranking: 16,432
Threat Level: 10 % (Normal)
Infected Computers: 22
First Seen: November 6, 2012
Last Seen: August 18, 2023
OS(es) Affected: Windows

ESG security analysts have received various reports of malware attacks involving Vista Internet Security 2013 and other fake security applications belonging to the FakeRean family of rogue security software. These fake security applications are known for attacking specific versions of Windows. According to ESG malware analysts, clones of Vista Internet Security 2013 have been active since at least 2009 and Vista Internet Security 2013 is just the latest in a long line of fake security applications that are renamed every year to include the current year in their name. It is important to realize that Vista Internet Security 2013 is not an actual anti-malware application. Rather than protecting your computer from malware, Vista Internet Security 2013 is a malware infection itself that will try to steal your money using a well known online scam.

Fake security applications like Vista Internet Security 2013 use numerous error messages to convince computer users that it is necessary to remove a nonexistent malware infection from their computer. Although Vista Internet Security 2013 is disguised as an anti-malware application, trying to remove this supposed malware infection using Vista Internet Security 2013 results in more error messages, urging the victim to upgrade their version of Vista Internet Security 2013 to an expensive (and equally useless) full version of this fake security tool. Apart from numerous error messages, Vista Internet Security 2013 can cause other problems on the infected computer. Vista Internet Security 2013 has the ability to block access to the victim's files, cause browser redirects and negatively affect system performance. It is not uncommon for Vista Internet Security 2013 to cause a computer to become slow, unresponsive, and to crash frequently.

Vista Internet Security 2013 is installed by a Trojan infection. This Trojan detects the operating system being used on the infected computer. Then, it installs a version of Vista Internet Security 2013 that corresponds to that operating system. While Vista Internet Security 2013 is installed on computers using Windows Vista, other versions of this fake security program are installed on other versions of Windows using names such as Antivirus 2008, Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

File System Details

Vista Internet Security 2013 may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %AppData%\[RANDOM 3 CHARACTERS].exe

Registry Details

Vista Internet Security 2013 may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS.exe].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type” = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'

URLs

Vista Internet Security 2013 may call the following URLs:

https://feed.streamsearchly.com/?q=

Trending

Most Viewed

Loading...