Threat Database Rogue Anti-Spyware Program Vista Total Security 2012

Vista Total Security 2012

By Domesticus in Rogue Anti-Spyware Program

To understand how Vista Total Security 2012 works, imagine that a strange man dressed as a policeman enters your home. He'll say something like: "There's a burglar in your house, I'm going to stay here to protect you from him." This strange man then proceeds to sit down in your living room and start eating your food, use your furniture and appliances, and take up space in general. Each time you want to go out, he'll say "Sorry, sir. I can't let you leave your house, it may be too dangerous" and every time you try to get him to leave, he'll refuse to go, and ask you to pay him, so that he can get rid of the burglar. What would you do in a situation like this? Rogue anti-spyware programs, like Vista Total Security 2012 work in much the same way. All of a sudden they'll show up on your computer claiming that it is infected by a virus or a Trojan. They'll resemble legitimate security programs, but will not allow you to use your computer normally, delete them, or get rid of them in any way. Worst of all, they'll demand that you inform your credit card details to get rid of all of the supposed viruses.

What Makes Vista Total Security 2012 Different from Other Rogue Anti-Spyware Programs?

Vista Total Security 2012 is part of a family of rogue anti-spyware programs that have a unique feature. They will adapt to your operating system. Vista Internet Security 2012 will change its name and look, to match the operating system you are running, be it Windows 7, Windows XP, or in this case Windows Vista. This gives Vista Internet Security 2012 a legitimate look that makes Vista Internet Security 2012 much more dangerous than other kinds of rogue security programs.

Getting Infected by Vista Total Security 2012

Vista Total Security 2012 uses the most common infection routes, like hidden executable files that are downloaded into a user's computer on suspicious websites, like those dedicated to pornography or file sharing. Vista Internet Security 2012 can also be acquired from a website that hijacks your web browser, or from corrupted Flash applications. One of the most common ways of getting Vista Total Security is through malware that comes from fake online computer scans and banners that warn the user that their computer is infected. Most of the time, Vista Total Security 2012 is not downloaded directly, but in the background, without the user's knowledge. This means that once the user realizes that Vista Total Security 2012 is on his/hers computer, the program has often already had time to install itself and become entrenched in the computer.

How Vista Total Security 2012 Scares Users

Vista Total Security 2012 will often start up with a user's computer, showing a fake scan with numerous fake results. Vista Internet Security 2012 will also constantly show security warnings and alerts claiming that the system is in danger or infected by a virus. However, Vista Total Security 2012 will not stop there. To scare the user further, Vista Internet Security 2012 uses a Trojan to block access to the Internet, or to the web browser, and block essential system folders. A panicked user will mistake these signs for a real virus infection, not realizing that they are caused by Vista Total Security 2012 itself.

File System Details

Vista Total Security 2012 may create the following file(s):
# File Name Detections
1. %UserProfile%\Local Settings\Application Data\pw.exe
2. %UserProfile%\AppDataLocal\vz.exe
3. %UserProfile%\Local Settings\Application Data\MSASCui.exe
4. %UserProfile%\AppDataLocal\pw.exe
5. %UserProfile%\AppDataLocal\MSASCui.exe
6. %UserProfile%\Local Settings\Application Data\vz.exe
7. %%AppData%\Roaming\Microsoft\Windows\Templates\67sdh53ygdhilutew20ijnbgc
8. %AppData%\Local\67sdh53ygdhilutew20ijnbgc
9. %UserProfile%\Local Settings\Application Data\opRSK
10. %AllUsersProfile%\67sdh53ygdhilutew20ijnbgc
11. %UserProfile%\AppDataLocal\opRSK

Registry Details

Vista Total Security 2012 may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1"
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'

Messages

The following messages associated with Vista Total Security 2012 were found:

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc.
Security Alert!
Your computer is being attacked from a remote machine!
Block Internet access to your computer to prevent system infection.
System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Trending

Most Viewed

Loading...