Get Rid of Vista Security 2012 as another Variant of Fake AV Trojan
Vista Security 2012 is another malware concealed under the denomination that induces trust of users. The level of trust still increases when the rogue program displays alerts decorated with images reminding Windows logo.
The above name is one of several variants available for selection of the trojan which is integrated into targeted machine to install fake security application. The choice of names is limited only to those variants which contain the name of Vista operating system.
Delivery of the trojan is performed either through the website which exploit system breach to secretly inject the undeclared content or through the websites by user that are invited to download the software for Windows security. In the latter case, the main remedy of persuading user into downloading the fake is online animation impersonating remote examination of computer system. The remote examination fakes detection of numerous threats, which users are prompted to get rid of applying the software product which turns out to be the above malware or the same program under slightly different name.
Below you will find available for updates guide for the removal of Vista Security 2012, which is also applicable to other tools of the family and enables users to manually get rid of the counterfeit.
Vista Security 2012 Removal Manual
Incomplete or incorrect extermination of files and registry values constituting the infection, e.g. deletion of harmless files and registry entries instead of those specified below due to mistyping, is quite possible. Furthermore, resent observations on fake security tools have shown that this kind of malware might strike back, i.e. make harm to computer system in response to attempt of deleting its components.
If you are a Windows user, secure your computer system before proceeding to the adware extermination by means of system and registry backup prior to launching deletion of the adware components.
4 easy steps to remove fake antivirus:
Step1. System Backup
Step2. Killing Processes (in Windows)
You must kill Vista Security 2012 processes:
Once system and registry backup is complete, make sure the infection you want to get rid of is not currently running any processes; otherwise kill its processes in the Task Manager.
Step3. Exposure and Detection and Deletion of Vista Security 2012 Files
Once the targeted infection is idle, you need to find its relevant entries. Some of them might be hidden as the malware often attributes such value to its files in order to reduce the risk of their deletion.
For Win XP:
For Win VISTA and Win7:
*This malicious software creates the folders and files with random names, most likely you will not find in their files and folders with names such as in the example above, but they will look something like this.
Step4. Delete System Registry Values
Edit System Registry deleting the following entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'