Windows Vista Internet Security 2012

Windows Vista Internet Security 2012 Description

Type: Adware

Windows Vista Internet Security 2012 is a fake security program that is part of a huge family of rogue anti-spyware programs. Some clones of Windows Vista Internet Security 2012 include Windows 7 Internet Security 2012, Windows XP Internet Security 2012, Windows Vista Antivirus 2011 and many others. According to ESG security researchers, Windows Vista Internet Security 2012 is nothing more than a clone of previous incarnations of the FakeRean family, the malware infection behind this dangerous rogue anti-spyware application. Criminals have simply made slight tweaks to this program's interface and design in order to add '2012' to its name, fooling users into thinking that there was some kind of update to a previous security program. However, since no version of Windows Vista Internet Security 2012 has legitimate anti-malware capabilities, it makes no difference whether the program is supposedly designed for Windows XP, Vista or Windows 7, or whether Windows Vista Internet Security 2012 is the supposed 2010, 2011, or 2012 version; all versions of Windows Vista Internet Security 2012 are fake and designed to prey on inexperienced computer users.

FakeRean is a big family of rogues security programs. Among its members we can mention Windows Antivirus 2008, Vista Antivirus 2008, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, PC Clean Pro, XP Home Security 2012, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

How Windows Vista Internet Security 2012 Steals Its Victims' Money

Like most rogue security applications, Windows Vista Internet Security 2012 pretends that the victim's computer system is severely infected with malware and then attempts to charge the victim for a useless 'license' in order to remove the imaginary problems. In fact, there is a malware infection on the victim's computer, but not the ones that Windows Vista Internet Security 2012 supposedly detects. Rather, it is Windows Vista Internet Security 2012 itself that is infecting the victim's computer system and causing a series of problems. Some symptoms of a Windows Vista Internet Security 2012 infection include a constant stream of error messages and fake system alerts, a noticeable system slowdown and constant crashes and problems connecting to the Internet or accessing certain files and applications. ESG security researchers strongly advice against falling for Windows Vista Internet Security 2012's scam. Instead of paying attention to the claims that Windows Vista Internet Security 2012 makes, ESG malware analysts recommend using a legitimate (and real, of course) anti-malware program to remove Windows Vista Internet Security 2012 and all other malware that may be accompanying this infection. Do not become a victim and do not let the criminals behind Windows Vista Internet Security 2012 profit from infecting your computer. Fight back by using a reliable anti-malware program and following basic online security guidelines when browsing the Internet.

Technical Information

File System Details

Windows Vista Internet Security 2012 creates the following file(s):
# File Name Detection Count
1 %AppData%\Local\[RANDOM CHARACTERS].exe N/A
4 %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS] N/A
5 %AllUsersProfile%\[RANDOM CHARACTERS] N/A

Registry Details

Windows Vista Internet Security 2012 creates the following registry entry or registry entries:
Registry key
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1?
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment