Wednesday, June 8, 2011

Vista Internet Security 2012 Removal Guide

Vista Internet Security 2012 Removal Guide
Vista Internet Security 2012 is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which Vista Internet Security 2012 is installed. Vista Internet Security 2012 installs into the computer and will configure itself to start automatically (in registry) when Windows boot. Vista Internet Security 2012 will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of Vista Internet Security 2012 is to urge the user to register Vista Internet Security 2012 by purchasing the full version of Vista Internet Security 2012 so that to earn some money from the user. Vista Internet Security 2012 cannot detect and remove any malware / virus / trojan. Vista Internet Security 2012 will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.

Vista Internet Security 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Vista Internet Security 2012 shown in the removal guide below. All files related to Vista Internet Security 2012 must be deleted.

Vista Internet Security 2012 should be removed immediately!

Vista Internet Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\.exe” /START “%1? %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1?

Remove Folders and Files
%AppData%\Local\wrdgt6knnhg8qwxst6hfljs11
%AppData%\Local\[random].exe
%AllUsersProfile%\wrdgt6knnhg8qwxst6hfljs11
%Temp%\wrdgt6knnhg8qwxst6hfljs11
%AppData%\Roaming\Microsoft\Windows\Templates\wrdgt6knnhg8qwxst6hfljs11

No comments:

Post a Comment