Vista Internet Security Pro 2013

Vista Internet Security Pro 2013 Description

As the New Year approaches, ESG security researchers have observed new variants of known rogue security programs being released. The Vista Internet Security Pro 2013 fake security program specifically belongs to the family of malware, which is also known as Braviax. These fake security programs tend to target specific operating systems and, as its name indicates, Vista Internet Security Pro 2013 infects computers running Windows Vista. Apart from this detail, Vista Internet Security Pro 2013 and its clones carry out a version of an online scam that has been repeated with little variation since at least 2009. Vista Internet Security Pro 2013 will attempt to convince the victim that this is actually a real security program that has detected numerous viruses and Trojans on the infected computer. It will then try to convince the victim to download an expensive (and useless) upgrade for Vista Internet Security Pro 2013. To do this, Vista Internet Security Pro 2013 resorts to the following tactics:

  • Vista Internet Security Pro 2013 is designed to display numerous fake error messages intended to alarm the victim.
  • Vista Internet Security Pro 2013 starts up when the infected computer loads Windows. Vista Internet Security Pro 2013 prevents the victim from doing anything until Vista Internet Security Pro 2013 runs a fake system scan which will always show that the infected computer is severely infected.
  • Vista Internet Security Pro 2013 can interfere with the infected computer in more direct ways. ESG malware researchers have observed that computers infected with Vista Internet Security Pro 2013 become slow, unresponsive and plagued with problems such as browser redirects and blocked access to files and applications.

Identifying Vista Internet Security Pro 2013 and other Braviax Malware

Vista Internet Security Pro 2013 and its clones are characterized by a very specific naming pattern. These names will typically be composed of three parts:

  1. A term indicating the infected computer's operating system, which changes during installation in order to match the victim's computer.
  2. A generic 'security' term in order to make the victim believe that this is a real security program (in this case 'Internet Security Pro').
  3. The release date. In this case, it is '2013' although there are versions of this fake security program dating back to 2009. It is crucial to notice that there are basically no differences between one version of this fake security program and another.

Some examples of other members of the FakeRean family and clones of Win 7 Home Security Pro 2013 are

Technical Information

Registry Details

Vista Internet Security Pro 2013 creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1""%*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ Application
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ "%1" %*
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ "[RANDOM CHARACTERS_1].exe" -a "%1" %*

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.