Vista Antivirus 2012 is a name-changing fake anti-virus application that has a number of versions with different interfaces in accordance with the Windows version of every targeted computer.

There are two ways in which Vista Antivirus 2012 sneaks into vulnerable computers. The first one employs fake online scanners placed on malicious websites. If the user clicks on the scanner, it states that the PC is infected and then prompts the user to download a file, which is, in fact, the infection – Vista Antivirus 2012. Though this program is promoted by the scanner as a legitimate AV tool, it is nothing more but a virus. Unfortunately, the second method for transmitting the Vista Antivirus 2012 does not involve any user-authorization. It is realized with the help of Trojans, which lie in hide in compromised websites. When the user clicks through one such website, the Trojans enter the computer without asking for permission, through loopholes in its security.

If the Trojans sneak into a machine, they immediately bring Vista Antivirus 2012 inside. After Vista Antivirus 2012 settles into the system, it first starts appearing as a security update for Windows that is downloaded via Automatic Updates. Then, an executable is installed that is named with three random characters only, so that you cannot notice it. Vista Antivirus 2012 configures itself in such a malignant way that regardless of what executable you attempt to run, the rogue appears on the screen. Meanwhile, it goes through the programs and permanently blocks the ones that may threaten it.

What this counterfeit program also does is to change certain registry keys. As a result, when the user tries to launch Firefox or Internet Explorer from the Windows Start Menu, Vista Antivirus 2012 pop-up is displayed instead, claiming that the program you are trying to start is corrupted.

As soon as the rogue is done making configurations, Vista Antivirus 2012 starts a fake scan of the PC, at the end of which a bogus list of viruses is shown. The truth is, all the files it has labeled as security threats are legitimate Windows files, which – if removed, can lead to serious system crashes. After each scan, Vista Antivirus 2012 urges the victim to purchase its phony “licenced” version, by promoting it as a really efficient anti-virus tool. In fact, the so-called “licenced” version of the product is just as fake as the trial one – it is not capable of detecting or removing any viruses, since it is malware itself.

In addition to the fraudulent scans, the program also displays a variety of phony alerts and notifications. Some of them are:

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Just like the scan results, the text of these warnings is completely bogus. It aims at scaring the victims even more and making them decide to purchase the fake anti-virus application. If clicked on, each of the alerts prompts the user to buy Vista Antivirus 2012. However, the list of mischeif of the rogue does not end here. It also hijacks Internet Explorer and thus blocks some websites from being viewed by the victim. Instead of the wanted website, it displays the following bogus alert:

Vista Antivirus 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site’s pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.

Things you can do:
- Get a copy of Vista Antivirus 2012 to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)

In conclusion, all Vista Antivirus 2012 does is part of its malicious plan to force through its fraudulent full version and to expose your private and financial data to cyber criminals. Therefor, you should remove Vista Antivirus 2012 as soon as you see it working on your computer! You can manually kill this infection by deleting its malicious entries:

Delete Vista Antivirus 2012 files and folders:

%AllUsersProfile%\[random]
%AppData%\Local\[random].exe
%AppData%\Local\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%Temp%\[random]

Delete Vista Antivirus 2012 registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘

*SpyHunter’s free scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware suite to remove the malware threats.