Vista Total Security

Vista Total Security Description

ScreenshotIf a program called Vista Total Security is telling you that your computer is infected with all kinds of malware, don't believe it. Vista Total Security is malware, and Vista Total Security is incapable of doing anything to protect your computer from threats.

Symptoms of Vista Total Security

Vista Total Security is a rogue security application that only infects computers using Windows Vista. Although that may sound obvious, it isn't, for reasons which we will come to later. The purpose of Vista Total Security is to scare you into believing your computer to be infected with malware, and Vista Total Security does a variety of things to convince you. The first time you see Vista Total Security will likely be when you start Windows after the malware has installed itself, because Vista Total Security will show a fake user interface at startup. The interface uses the Windows name and logo, and Vista Total Security has some other Windows logos that are supposed to represent different aspects of your PC's security.
Every time this screen loads, Vista Total Security will use it to run a fake system scan. The scans will always turn up results, and the lists of results may even include the names of real threats – but because Vista Total Security can't scan for threats, the list is completely bogus. None of those threats is actually on your computer, and if you attempt to remove the files that Vista Total Security labels as malicious, you risk deleting ordinary Windows files. Vista Total Security will use this falsified list of threats to prompt you to pay to “activate” its software, in order to remove them. If you agree and follow the prompts, you will find yourself at a payment site, where you can enter your credit card number to pay for Vista Total Security. However, because the software is fake, that is where it ends; you will not get anything for your money.

Vista Total Security has several other tricks up its sleeve in order to get you to do what its scam-artist creators want. While you use your computer, Vista Total Security will generate frequent alerts that claim that some kind of threat has just been detected. Some of the common alerts say that Internet Explorer is infected with a keylogger, or that some kind of hijacking attempt has just been detected. These alerts will always prompt you to agree to a scan or the removal of the threats, and clicking through the prompts will take you to the Vista Total Security payment site.

Vista Total Security is reportedly capable of much more damaging interference than just fake scans and alerts. Vista Total Security can prevent other programs from running and completely prevent you from being able to access the Internet. Vista Total Security also prevents itself from being uninstalled using the choices on Add/Remove Programs in the Control Panel, either by not listing itself at all as an installed program or by creating a dummy listing that can be removed without uninstalling Vista Total Security.  So in effect, Vista Total Security holds your computer hostage, and Vista Total Security frequently demands that you pay a ransom. Be warned, however, that if you pay the money that Vista Total Security demands, nothing will change. No amount of money will cause Vista Total Security to relinquish its control of your PC.

How Vista Total Security Infects a Computer

The reason that Vista Total Security only infects computers running Windows Vista has nothing to do with malware created specifically to attack Windows Vista; rather, it has to do with the way that this particular malware spreads and causes infections. In actuality, there is only one piece of malware, one rogue anti-virus program, behind Vista Total Security and a long list of other computer parasites. When this malware downloads onto a system, Vista Total Security checks to see which Windows product you're using, and then names itself accordingly. Vista Total Security chooses some other words to use as name components, from a list, and combines these with the name of your Windows product to create the name of the rogue anti-virus program that you will see on your computer. So Vista Total Security is literally identical to dozens of other rogue anti-virus applications, because, at bottom, they are all the result of a single Trojan called Win32/FakeRean.

Win32/FakeRean will typically be hidden in a file that you download. Its purpose is to get into your computer quietly and then download and set up the fake anti-virus software. Win32/FakeRean will try to make it look like your computer is downloading some kind of malware protection as an ordinary Windows update, when what is being downloaded actually is malicious and part of a scam. Vista Total Security is far from the first rogue anti-virus program to be promoted by Win32/FakeRean, since Vista Total Security is just one of the recent names for a Russian malware scam that has been around since 2008. Over time, new words and names of Windows products have been added to the lists that the malware uses to name itself, but the fact remains that the malware in the family of Vista Total Security represents one continuous scam.

If Vista Total Security has such a hold on your computer that you can't find a way to remove the malware, there is a code that reportedly can temporarily deactivate Vista Total Security. The code must be entered into the Vista Total Security interface as if it is a product key, and it is 1147-175591-6550. Keep in mind that if this code is effective, it can only temporarily disable Vista Total Security; it will not remove the malware or permanently resolve any security issues. Also, remember that Vista Total Security is not a Microsoft product, and Vista Total Security has no legitimate association with Windows. No real security application would behave in the way that Vista Total Security does.

Technical Information

File System Details

Vista Total Security creates the following file(s):
# File Name Detection Count
1 %UserProfile%\AppData\Local\av.exe N/A
2 %UserProfile%\AppData\Local\WRblt8464P N/A

Registry Details

Vista Total Security creates the following registry entry or registry entries:
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1?
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"

Related Posts