Vista Security 2012

Vista Security 2012 Description

ScreenshotVista Security 2012 is one of the dozens of different clones of the Ppn.exe process that have flooded the Internet since the beginning of 2012. This rogue anti-spyware application has caught the attention of security experts worldwide, because Vista Security 2012 has a unique feature. Vista Security 2012 changes names and themes according to the user's operating system. That means that instead of there only being one piece of harmful spyware named Vista Security 2012, there are dozens of versions of the same program, which changes according to the computer they are infecting.

Understanding the Rogue Program Clones Brought by Ppn.exe

New rogueware clones brought by the Ppn.exe process are released every day. There are three main sets of clones. A set corresponding to Windows XP operating systems, a set for Windows 7 operating systems, and a Windows Vista set. Vista Security 2012 is one of the many clones corresponding to the set for Windows Vista. Vista Security 2012's counterparts in the other two sets would be named XP Security 2012 and Win 7 Security 2012 with themes or skins, corresponding to those operating systems. However, what makes the file Ppn.exe unique is that all of these are the same exact program, rather than different processes like previous rogue anti-spyware applications in the same family. After Ppn.exe enters a computer system, usually through a Trojan, part of the installation process is downloading the name and skins corresponding to the computer's operating system. This makes Ppn.exe harder to tell apart from the real thing than previous harmful software from the same family.

Special Considerations for Removing Vista Security 2012

Removing the Ppn.exe process can be done either manually, or with a legitimate anti-virus or anti-malware program. However, the scripts contained by Vista Security 2012 can block the Task Manager and certain system folders, making the removal of Vista Security 2012 much more difficult. Entering one's credit card information is completely useless and should not be done under any circumstances. However, entering the registration code 1147-175591-6550 can stop the constant system alerts and make removal easier. This will not remove Vista Security 2012 from a computer system, but will alleviate some of the symptoms.

Don't Fall for Vista Security 2012's Scam

Vista Security 2012 and similar malicious software are designed to prey on inexperienced users. Unlike traditional computer viruses that only attack a computer system, these programs also mess with your head. All of the disruptions caused by Vista Security 2012 and the Ppn.exe process are meant to frighten users into thinking that their system is infected by numerous viruses. Then Vista Security 2012 offers itself as a solution, if the user enters his credit card information. Don't fall for this; legitimate anti-virus applications will never block your computer or restrict your access to certain parts of your own system. They will also never change your browser settings or block access to the Internet. The point of Vista Security 2012 is to make you panic and get you to pay when you aren't thinking clearly. Stay calm, and don't make any hasty decisions. Use a legitimate security program or consult an expert to get rid of the Ppn.exe process. If you have already entered your credit card details, you should call your credit card provider and block the charges.

Aliases: Win32:Kryptik-DMG, Trj/CI.A [Panda], Generic23.ALZH [AVG], Trojan.Agent/Gen-RogueWare, Mal/Generic-L [Sophos], Trojan.Generic.KDV.275958 [BitDefender], Cryp_FakeAV-54, a variant of Win32/Kryptik.PUI [NOD32], Trojan.FakeRena.Gen!Pac.4, Trojan.Win32.Generic.pak!cobra, Trojan.Agent/Gen-RogueAS, UDS:DangerousObject.Multi.Generic [Kaspersky], Adware/XPSecurity2011 [Panda], Hoax.Win32.ExpProc [Ikarus] and RogueAntiSpyware.Unvirex!gen1.

Technical Information

Screenshots & Other Imagery

Vista Security 2012 Image 1

File System Details

Vista Security 2012 creates the following file(s):
# File Name Size MD5 Detection Count
1 %LOCALAPPDATA%ggw.exe 331,776 dbdd0edf3fae9e277b7245f2a570cb53 1
2 %LOCALAPPDATA%ssp.exe 344,064 5c991c7ded7060d69e4844d54f42eaef 1
3 %LOCALAPPDATA%nlu.exe 344,064 c40c11b255169ea9a2a96419aa89b63e 1
4 %LOCALAPPDATA%vxp.exe 544,768 2de65fde22d7ed7082f6ae2a3f1c8224 1
5 %LOCALAPPDATA%opf.exe 348,160 8afe2278f2a8fe1d97f1bc3ac982d1a7 1
6 %LocalAppData%\kdn.exe N/A
7 kdn.exe N/A
8 ppn.exe N/A
9 %%AppData%\Roaming\Microsoft\Windows\Templates\67sdh53ygdhilutew20ijnbgc N/A
10 %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h N/A
11 %AppData%\Local\67sdh53ygdhilutew20ijnbgc N/A
12 %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h N/A
13 %AllUsersProfile%\67sdh53ygdhilutew20ijnbgc N/A
14 %AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h N/A
15 %Temp%\u3f7pnvfncsjk2e86abfbj5h N/A

Registry Details

Vista Security 2012 creates the following registry entry or registry entries:
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1"
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'

More Details on Vista Security 2012

The following messages associated with Vista Security 2012 were found:
Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
Security Alert!
Your computer is being attacked from a remote machine!
Block Internet access to your computer to prevent system infection.
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.