Thursday, June 9, 2011

Vista Security 2012 Removal Guide

Vista Security 2012 Removal Guide
Vista Security 2012 is a fake antivirus program designed to pilfer money form hapless computer users. Vista Security 2012 reports bogus threats and displays fake security warnings on your computer to trick you into thinking that your PC is infected with malware. Vista Security 2012 uses Trojans, that come from fake online scanners or fake video sites, to do its dirty work. Once active, Vista Security 2012 do a fake system scan and displays a list of errors. Soon popups will prompt you to pay for a full version of the program to remove the alleged infections. Do not fall for this blatant scam and have Vista Security 2012 removed form your system immediately.

Vista Security 2012 can block websites, redirect your browser, prevent programs from functioning correctly, and create desktop alert messages with false information. It shouws pop-up alert messages on your desktop and browser such as Internet Explorer alert, Security breach, System danger, Privacy threat etc.

Vista Security 2012 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

Vista Security 2012 should be removed immediately!

Vista Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1"
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'

Remove Folders and Files
%%AppData%\Roaming\Microsoft\Windows\Templates\67sdh53ygdhilutew20ijnbgc
%AppData%\Local\67sdh53ygdhilutew20ijnbgc
%AllUsersProfile%\67sdh53ygdhilutew20ijnbgc

No comments:

Post a Comment