Vista Internet Security Pro 2013

Vista Internet Security Pro 2013 Description

Type: Adware

As the New Year approaches, ESG security researchers have observed new variants of known rogue security programs being released. The Vista Internet Security Pro 2013 fake security program specifically belongs to the FakeRean family of malware, which is also known as Braviax. These fake security programs tend to target specific operating systems and, as its name indicates, Vista Internet Security Pro 2013 infects computers running Windows Vista. Apart from this detail, Vista Internet Security Pro 2013 and its clones carry out a version of an online scam that has been repeated with little variation since at least 2009. Vista Internet Security Pro 2013 will attempt to convince the victim that this is actually a real security program that has detected numerous viruses and Trojans on the infected computer. It will then try to convince the victim to download an expensive (and useless) upgrade for Vista Internet Security Pro 2013. To do this, Vista Internet Security Pro 2013 resorts to the following tactics:

  • Vista Internet Security Pro 2013 is designed to display numerous fake error messages intended to alarm the victim.
  • Vista Internet Security Pro 2013 starts up when the infected computer loads Windows. Vista Internet Security Pro 2013 prevents the victim from doing anything until Vista Internet Security Pro 2013 runs a fake system scan which will always show that the infected computer is severely infected.
  • Vista Internet Security Pro 2013 can interfere with the infected computer in more direct ways. ESG malware researchers have observed that computers infected with Vista Internet Security Pro 2013 become slow, unresponsive and plagued with problems such as browser redirects and blocked access to files and applications.

Identifying Vista Internet Security Pro 2013 and other Braviax Malware

Vista Internet Security Pro 2013 and its clones are characterized by a very specific naming pattern. These names will typically be composed of three parts:

  1. A term indicating the infected computer's operating system, which changes during installation in order to match the victim's computer.
  2. A generic 'security' term in order to make the victim believe that this is a real security program (in this case 'Internet Security Pro').
  3. The release date. In this case, it is '2013' although there are versions of this fake security program dating back to 2009. It is crucial to notice that there are basically no differences between one version of this fake security program and another.

Some examples of other members of the FakeRean family and clones of Win 7 Home Security Pro 2013 are Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

Technical Information

File System Details

Vista Internet Security Pro 2013 creates the following file(s):
# File Name Detection Count
1 %CommonApplData%\[RANDOM CHARACTERS_2] N/A
2 %LocalAppData%\[RANDOM CHARACTERS_2] N/A
3 RANDOM CHARACTERS_2] N/A
4 %Temp%\[RANDOM CHARACTERS_2] N/A
5 %UserProfile%\Templates\[ N/A

Registry Details

Vista Internet Security Pro 2013 creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1""%*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ Application
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.