Threat Database Rogue Anti-Spyware Program Vista Smart Defender Pro

Vista Smart Defender Pro

Threat Scorecard

Ranking: 5,568
Threat Level: 20 % (Normal)
Infected Computers: 3,721
First Seen: March 4, 2013
Last Seen: September 18, 2023
OS(es) Affected: Windows

Vista Smart Defender Pro is a fraudulent anti-spyware program that looks like an authentic security tool but, in reality, it cannot find and uninstall any type of malware infections. Vista Smart Defender Pro is delivered through the use of Trojans and other malware infections that use security vulnerabilities detected to download and install Vista Smart Defender Pro without a computer user's permission and knowledge. When Vista Smart Defender Pro is installed on the targeted PC, it will load automatically when you start Windows and then initiate a phony system scan on the computer. Vista Smart Defender Pro will return false PC scan results in order to scare the affected PC user into thinking that his/her computer has been affected by numerous malware threats. Vista Smart Defender Pro will display fabricated pop-up security alerts, which also announce about imaginary computer problems and security issues. Vista Smart Defender Pro will recommend the victim to purchase the pseudo full version of its counterfeit software, which is worthless just like the trial version, in order to remove all the allegedly detected security infections. ESG's malware analysts highly recommend you not to spend money on Vista Smart Defender Pro as it is a useless security tool. You should use a reputable anti-malware program in order to rid your PC of Vista Smart Defender Pro.

File System Details

Vista Smart Defender Pro may create the following file(s):
# File Name Detections
1. %AppData%\Local\[RANDOM CHARACTERS].exe
2. %AppData%\Local\[RANDOM CHARACTERS]
3. %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
4. %Temp%\[RANDOM CHARACTERS]
5. %AllUsersProfile%\[RANDOM CHARACTERS]

Registry Details

Vista Smart Defender Pro may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = '%1' = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'

URLs

Vista Smart Defender Pro may call the following URLs:

my-live-videos.com

Messages

The following messages associated with Vista Smart Defender Pro were found:

Vista Smart Defender Pro - Unregistered Version Attention: Danger! Alert! System scan for spyware, adware, Trojans and viruses is complete. Vista Smart Defender Pro detected 30 critical system objects. These security breaches may be exploited and lead to the following: Your system becomes a target for spam and bulky, intruding ads; Browser crashes frequently and web access speed decreases; Your personal files, photos, documents and passwords get stolen; Your computer is used for criminal activity behind your back; Bank details and credit card information gets disclosed; Click REGISTER to register your copy of Vista Smart Defender Pro and perform threat removal on your system. The list of infections and vulnerabilities detected will become available after registration

Trending

Most Viewed

Loading...