Vista Internet Security 2013

Vista Internet Security 2013 Description

Type: Possibly Unwanted Program

ESG security analysts have received various reports of malware attacks involving Vista Internet Security 2013 and other fake security applications belonging to the FakeRean family of rogue security software. These fake security applications are known for attacking specific versions of Windows. According to ESG malware analysts, clones of Vista Internet Security 2013 have been active since at least 2009 and Vista Internet Security 2013 is just the latest in a long line of fake security applications that are renamed every year to include the current year in their name. It is important to realize that Vista Internet Security 2013 is not an actual anti-malware application. Rather than protecting your computer from malware, Vista Internet Security 2013 is a malware infection itself that will try to steal your money using a well known online scam.

Fake security applications like Vista Internet Security 2013 use numerous error messages to convince computer users that it is necessary to remove a nonexistent malware infection from their computer. Although Vista Internet Security 2013 is disguised as an anti-malware application, trying to remove this supposed malware infection using Vista Internet Security 2013 results in more error messages, urging the victim to upgrade their version of Vista Internet Security 2013 to an expensive (and equally useless) full version of this fake security tool. Apart from numerous error messages, Vista Internet Security 2013 can cause other problems on the infected computer. Vista Internet Security 2013 has the ability to block access to the victim's files, cause browser redirects and negatively affect system performance. It is not uncommon for Vista Internet Security 2013 to cause a computer to become slow, unresponsive, and to crash frequently.

Vista Internet Security 2013 is installed by a Trojan infection. This Trojan detects the operating system being used on the infected computer. Then, it installs a version of Vista Internet Security 2013 that corresponds to that operating system. While Vista Internet Security 2013 is installed on computers using Windows Vista, other versions of this fake security program are installed on other versions of Windows using names such as Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

Technical Information

File System Details

Vista Internet Security 2013 creates the following file(s):
# File Name Detection Count
1 %AppData%\[RANDOM 3 CHARACTERS].exe N/A

Registry Details

Vista Internet Security 2013 creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS.exe].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type” = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.