Wednesday, 8 June 2011

Remove Vista Antispyware 2012, Win 7 Internet Security 2012 (Uninstall Guide)

Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 are only a few names of the rogue security program that pretends to scan your computer for viruses and then claims to find a bunch of malicious files that aren’t really there. It will prompt you to register the fake antivirus application for a fee in order to remove the non-existent threats and to make the incessant malware warnings disappear. It can be quite persistent in its attempts to convince you into buying the full version of the program. If you have accidentally installed this fake antivirus, go ahead and uninstall it. To remove Vista Antispyware 2012, Win 7 Internet Security 2012 and other variants of this scareware from your computer, please follow the steps in the removal guide below.

This rogue security application goes by many different program names listed below.

Windows Vista rogue names:
  Windows 7 rogue names:
Vista Antispyware 2012   Win 7 Antispyware 2012
Vista Antivirus 2012   Win 7 Antivirus 2012
Vista Security 2012   Win 7 Security 2012
Vista Home Security 2012   Win 7 Home Security 2012
Vista Internet Security 2012   Win 7 Internet Security 2012
Vista Total Security 2012   Win 7 Total Security 2012



Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 is one of many fake antivirus applications just like the '11 version of this malware described on this page Vista Antispyware 2011, Vista Security 2011 and Vista Antimalware 2011. If you take a closer look at these fake antivirus applications you'll see that they are almost identical. While running, the fake antivirus will launch pop-up windows with false or misleading alerts. It states that your computer is under attack from a remote server and that there is a piece of malware running on your computer that may steal your sensitive information.





It also displays this fake Windows Security Center which looks quite convincing and professional.



Vista Antispyware 2012, Win 7 Internet Security 2012 prevents you from visiting antivirus vendor websites, it may disable certain Windows utilities and block legitimate software. Actually, it hijacks Internet Explorer and other browsers and it might be that you won't be able to visit any website. The fake alert states: Visiting this site may pose a security threat to your system!



Here's another fake security alert which is displayed every time you attempt to run legitimate software:
Vista Antivirus 2012 Firewall Alert
Vista Antivirus 2012 has blocked a program from accessing the
internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen


And probably the most annoying thing about this malware, is that Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 hijacks a file association for executable (.EXE) files.

Quick removal:

1. In the worst case scenario, if can't reboot your computer in safe mode and install anti-malware software to remove Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012, you can use this debugged serial key 9443-077673-5028 or 3425-814615-3990 to register the rogue application in order to stop the fake security alerts. Just click the Registration button and then select "Activate manually". Don't worry, this is completely legal. If the reg keys do not work anymore, please follow the removal instructions below.



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

Without a doubt, this security application is nothing more but a scam. Don't end up handing your credit card information over to the people most likely to defraud you. If you need help in removing this annoying malware from your computer, please leave a comment below or follow the alternate removal instructions. Good luck and be safe online.

Alternate Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 removal instructions:

Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
  • Hide extensions for know file types
  • Hide protected operating system files
Click OK to save the changes.


1. Go into C:\Users\[UserName]\AppData\Local\ folder.

For example: C:\Users\Michael\AppData\Local\


2. Find hidden executable file(s) in this folder. In our case it was called vkl.exe, but I'm sure that the file name will be different in your case. Rename vkl.exe to vkl.vir and click "Yes" to confirm file rename. Then restart your computer.



3. After a restart, copy all the text in bold below and paste to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.

6. Open Internet Explorer. Download exefix.reg and save it to your Desktop. Double-click on exefix.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.

7. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

Associated Vista Antispyware 2012, Win 7 Internet Security 2012, Win 7 Security 2012 and registry values:

Files:
  • C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe
  • C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
  • C:\Users\[UserName]\AppData\Local\[SET OF RANDOM CHARACTERS]
  • C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS]
Registry values:
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "%1" %*'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"C:\Users\[UserName]\AppData\Local\[3 RANDOM CHARACTERS].exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
Share this information with other people:
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)