Vista Antivirus 2012 malware attack

Vista Antivirus 2012

Vista Antivirus 2012

In this article we are going to pay attention to the way of behavior of one well-known rogue security application bearing the name of Vista Antivirus 2012. Now it is quite obvious that this scam tool is becoming more and more convincing in attacking such a large number of PCs worldwide. Understanding the need to warn you not to become its victim, we have decided to issue this post to let you know the whole truth about Vista Antivirus 2012malware. This program is not really different from its forerunners. Just like its other family members from the Braviax malware group, this rogueware does not care at all whether you would like to see it in front of your screen or not. So, it gets installed onto your machine without your consent or approval. As soon as its malicious files and registry entries are successfully brought inside of your machine this hoax would immediately decide to arrange the housewarming party inside of your computer. It starts the celebration by first arranging the bogus system scan of your PC followed by the horrifying report telling about very many types of infections, viruses and other threats allegedly identified by this malware during its fabricated system scan.

One thing you need to realize once and for all is this – any information presented by rogue security programs like Vista Antivirus 2012 is totally fictitious. This means that whatever it tells you is a total pack of lies. All the fake statements about various kinds of viruses detected on your system should not be trusted by you. The only truth probably is that Vista Antivirus 2012 is the only virus available so far. Be careful with this scam and fake security program. Do not buy it. Purchasing its so-called full version is a total waste of your money. Make sure and properly delete this infection as described here – .

Vista Antivirus 2012 system amendments:

Vista Antivirus 2012 files added:

  • %UserProfile%\Local Settings\Application Data\opRSK
  • %UserProfile%\Local Settings\Application Data\pw.exe
  • %UserProfile%\Local Settings\Application Data\vz.exe
  • %UserProfile%\Local Settings\Application Data\MSASCui.exe
  • %UserProfile%\AppData\Local\opRSK
  • %UserProfile%\AppData\Local\pw.exe
  • %UserProfile%\AppData\Local\vz.exe
  • %UserProfile%\AppData\Local\MSASCui.exe

Vista Antivirus 2012 registry entries added:

  • HKCU\Software\Classes\pezfile
  • HKCR\pezfile
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1”
  • HKLM\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1”

Leave a Reply

Your email address will not be published. Required fields are marked *