Threat Database Rogue Anti-Spyware Program Vista Internet Security Pro 2013

Vista Internet Security Pro 2013

Threat Scorecard

Ranking: 1,115
Threat Level: 20 % (Normal)
Infected Computers: 39,234
First Seen: December 11, 2012
Last Seen: September 20, 2023
OS(es) Affected: Windows

As the New Year approaches, ESG security researchers have observed new variants of known rogue security programs being released. The Vista Internet Security Pro 2013 fake security program specifically belongs to the FakeRean family of malware, which is also known as Braviax. These fake security programs tend to target specific operating systems and, as its name indicates, Vista Internet Security Pro 2013 infects computers running Windows Vista. Apart from this detail, Vista Internet Security Pro 2013 and its clones carry out a version of an online scam that has been repeated with little variation since at least 2009. Vista Internet Security Pro 2013 will attempt to convince the victim that this is actually a real security program that has detected numerous viruses and Trojans on the infected computer. It will then try to convince the victim to download an expensive (and useless) upgrade for Vista Internet Security Pro 2013. To do this, Vista Internet Security Pro 2013 resorts to the following tactics:

  • Vista Internet Security Pro 2013 is designed to display numerous fake error messages intended to alarm the victim.
  • Vista Internet Security Pro 2013 starts up when the infected computer loads Windows. Vista Internet Security Pro 2013 prevents the victim from doing anything until Vista Internet Security Pro 2013 runs a fake system scan which will always show that the infected computer is severely infected.
  • Vista Internet Security Pro 2013 can interfere with the infected computer in more direct ways. ESG malware researchers have observed that computers infected with Vista Internet Security Pro 2013 become slow, unresponsive and plagued with problems such as browser redirects and blocked access to files and applications.

Identifying Vista Internet Security Pro 2013 and other Braviax Malware

Vista Internet Security Pro 2013 and its clones are characterized by a very specific naming pattern. These names will typically be composed of three parts:

  1. A term indicating the infected computer's operating system, which changes during installation in order to match the victim's computer.
  2. A generic 'security' term in order to make the victim believe that this is a real security program (in this case 'Internet Security Pro').
  3. The release date. In this case, it is '2013' although there are versions of this fake security program dating back to 2009. It is crucial to notice that there are basically no differences between one version of this fake security program and another.

Some examples of other members of the FakeRean family and clones of Win 7 Home Security Pro 2013 are Antivirus 2008, Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

File System Details

Vista Internet Security Pro 2013 may create the following file(s):
# File Name Detections
1. %CommonApplData%\[RANDOM CHARACTERS_2]
2. %LocalAppData%\[RANDOM CHARACTERS_2]
5. %UserProfile%\Templates\[

Registry Details

Vista Internet Security Pro 2013 may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1""%*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ Application
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*


Vista Internet Security Pro 2013 may call the following URLs:


Most Viewed