Remove Vista Antivirus 2012. Removal instructions

Also known as: VistaAntivirus2012, VistaAntivirus 2012

Severity scale:  (71 / 100)

Vista Antivirus 2012 is a rogue security program that is promoted through the use of Trojans. When this fake program is running, it will simulate a system scan and display a list of false system security threats. Vista Antivirus 2012 will display fake security warnings and impersonate Windows Security Center to make this scam look more realistic. It will also hijack your web browser and block antivirus and anti-spyware programs. Finally the rogue program will ask you to pay for a full version of the program to remove the non-existing infections. Don't purchase it and remove Vista Antivirus 2012 from your computer upon detection.

Vista Antivirus 2012 protects itself quite effectively. It blocks legitimate security software and hijack web browsers. In some cases it blocks all programs, not only anti-virus or anti-spyware software. What is more, it will detect many of well known and reputable websites as harmful and display fake security alert stating that you may infect your PC if you open a particular website. And of course, it disables certain Windows functions such as Task Manager.

To make its victims scared, it will state:

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

It's possible to remove it manually, but you have to re-enable those Windows functions at first. You may also download an automatic removal tool, but again have to fix some registry entries and terminate the main process of Vista Antivirus 2012 to be able to use malware removal tool. As you can see, Vista Antivirus 2012 is nothing more but a scam. If you have already purchased this rogue program then contact your credit card company and dispute the charges. In addition, if you find difficulties in running your anti-spyware, please follow these special tips you should know:

1. Try launching as administrator by right-clicking on executable and choosing from menu

2. Try renaming the executable to something else, like iexplore.exe so Vista Antivirus 2012 will not block it.

3. From another user account on Vista system

4. Launch anti-malware programs from safe mode with networking.

5. Stop Vista Antivirus 2012 processes with task manager or other utility.

6. Using codes like 3425-814615-3990 or 9443-077673-5028 to disable malware.

This will allow running legitimate anti-malware programs and completely clean your PC from Vista Antivirus 2012. 

Automatic Vista Antivirus 2012 removal:

Malwarebytes Anti Malware

download | review

Tested and Confirmed! Malwarebytes Anti Malware removes Vista Antivirus 2012 (2011-06-09 11:28:33)

STOPzilla

download | review

We are testing STOPzilla's efficiency at removing Vista Antivirus 2012 (2012-01-18 10:47:36)

Spyware Doctor

download | review | tutorial

We are testing Spyware Doctor's efficiency at removing Vista Antivirus 2012 (2012-01-18 10:47:36)

XoftSpySE Anti Spyware

download | review

Vista Antivirus 2012 manual removal:

FORUM:
Discuss Vista Antivirus 2012 in
spyware removal forum

Kill processes:
ppn.exe

HELP:
how to kill malicious processes

Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'

HELP:
how to remove registry entries

Delete files:
%AllUsersProfile%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\ppn.exe %Temp%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\U3F7PNVFNCSJK2E86ABFBJ5H %AppData%\TEMPLATES\U3F7PNVFNCSJK2E86ABFBJ5H

HELP:
how to remove harmful files

Additional resources related to Vista Antivirus 2012:

1

1

AJH

UPDATE! They renamed it to uqr.exe instead of kdn.exe on one I am repairing right now

Reply »

2011 06 20

0

0

Markos

Update! They renamed it to oeq.exe....

Reply »

2011 06 29

0

1

CC

Found mine named as tvy.exe

Reply »

2011 06 29

1

1

Jeremy Preet

The easiest, quickest and safest way to delete any malware is to do a SYSTEM RESTORE on your computer. It is part of Microsoft Operating system software so you know it is not a fake answer that will corrupt your computer. Hit the Start button. In the search cell, write, "system restore" then follow the instructions. Choose a restore time that is the most recent before your computer was infected. System Restore will restore the OS to that time -- without the malware. I just did it on my computer to delete malware that took over my internet--Ran System Restore, clicked on internet, no problem -- and the program is gone from the system tray.

Reply »

2011 07 09

0

0

Ashley

Whenever I do a system restore it comes back--even though I know damn well it wasnt there then.

Reply »

2011 12 13

0

0

ryu

what os were you using when this happened?

Reply »

2011 12 15

2

3

Ronnie

Thank you very much for this info. I performed all the steps as you said and I ran PC Tools Spyware doctor and everything is now back to normal.

Reply »

2011 07 12

1

0

Ronnie

Found mine as cbb.exe

Reply »

2011 07 12

0

0

Anon

I found it as kik.exe

Reply »

2011 07 15

0

0

scott penton

I found it as qto.exe, thanks for this

Reply »

2011 07 15

1

0

anon

I found i as AYN.exe

Reply »

2011 07 17

3

0

anon

Actually this virus randomly names its process as a three letter name (not just ppn.exe). It will be different on any infected computer you look at.

Reply »

2011 07 22

3

2

Martin Graham

Its pretty simple to remove this virus. Dont attempt to remove it manually or with the help of anti-virus software. I have had this infection twice, and this is what you do:

1. Shutdown your computer as soon as you recognize the virus. Force a shutdown if necessary with the power button.
2. Start it up and keep hitting the F8 key while it is restarting until you get the boot menu. Choose Safe Mode with Networking.
3. Find System Restore from the Safe Mode Popup that appears. Start the System Restore wizard and choose to restore to the checkpoint it recommends.

Thats it. The only thing you will lose are any system changes since the last system checkpoint. Your data files, pictures, music, etc will not be affected.

I have done this twice with good results.

Reply »

2011 08 01

2

0

Red Thurman

I sys restored once and it worked. Got it again - you cant do F2, F8 (like you said above) any more. Now when you go to any Safe Mode including including Networking the scum bastards have control of that too.

Microsoft and Microsoft Corp is all over it why cant one of those wizards track these morlocks down, have them arrested, prosecuted or slowly and painfully execute them and help cleanse the gene pool.

Any other suggestions how to fix problem or kill them or both???

Reply »

2011 11 28

0

0

DGFreeman

Nothing has worked for me so far, currently in the process of factory image restore. Well see if that takes car if it, I think it should. I have to say I have two Dell machines and both of them are having trouble lately. Don know if it is Dell or windows or what, but Im think of going all Mac!

Reply »

2011 08 08

0

1

pe_fontes

THANK YOU SO MUCH THANK YOU THANK YOU THANK YOU, i cannot give you anythign to trade but i will spam this url over the net :D THANK YOU

Reply »

2011 08 17

0

0

L rayfield

when i got the virus i couldnt even do the system restore, even in safe mode i couldnt, but i did put in the vista os disc restarted computer and pressed f12 to choose to boot from disc then i was able to do the restore from the disc

Reply »

2011 11 28

1

0

pissed off

I rebooted in safe mode just now with networking, I opened up my device manager. I searched for three letter. EXE files and found VJH.EXE. I cancelled it and it turned off the malware per say. I tried to start up system restore which soon opened up the file again. I kept on ending procress once i saw VJH start up.....after a few tries and being offline, i was finally able to open system restore. seems all is good... phew...thanks for the tips!!!

P.S. I had to hard shutdown the computer, removed the battery just in case, and disconnected any lead wifi/cable for internet.

Reply »

2011 11 30

0

0

tOM

I just ended all the processes that had three letters. It was a battle to keep them closed long enough to get the System Restore window up, but eventually I won out. Thanks for the tips everyone!

Reply »

2011 12 04

0

0

Mike Blake

Just wanted to pass along a quick tip that makes eliminating this must faster if you already had the freeware version of Malwarebytes installed, but are unable to run it because the infection redirects starting most .EXE files to itself.

Boot to Safe Mode, Command Prompt Only. From the c: drive change directories to the programs home directory and rename the main programs executable from MBAM.EXE to MBAM.COM. Yes, they forgot that .com files are executables too. Once it starts you can update it and itll clean the system up.

On most PCs Ive cleaned up, the path is "C:Program FilesMalwarebytesmbam.exe". But if youd rather not type all that, remember the old DOS folder names...you can cd to progra~1 and malwar~1 instead!

Reply »

2011 12 04

0

0

Cerena

Obviously this virus/malware/spyware has gotten even more advanced. I couldnt access internet at all, couldnt use any antivirus or antispyware programs, and I couldnt even do a system restore from the main menu, from any of the safe modes, and not even from the OS disk! Im left with having to reformat and reinstall my entire system. :( Beware of any sites you download from. If there are comments about things you are downloading, read them! People will leave comments if a site or link downloads a virus instead of what they wanted, cause theyll be pissed and range about it. Take precautions. If you dont have an antivirus and antispyware, you can download AVG for free, and it does a wonderful job at protecting your computer.

Reply »

2011 12 04

0

0

RC

I got this virus twice. First time, I clicked on it, not realizing it was a virus. Today, I went to task manager, right clicked on whatever was popping up (the fake Vista anti-Virus and the fake Windows Manager) and clicked on "go to process." It takes you to the process with the name to delete. Had to do that twice. Hope it worked. And I had AVG free. Didnt pick a thing up.

Reply »

2011 12 05

0

0

Virus Slayer

This worked for me... Even being computer illiterate and all. Thanks to you guys of great wisdom.

Reply »

2011 12 06

0

0

DennyDIep

HELP I HATE THIS VIRUS D:

Reply »

2011 12 06

0

0

oepix

I found it as vef.exe, removed it twice in 10hrs via spybot, dono how my pc got infected and antivirus didnt even blink...crap

Reply »

2011 12 07

1

0

Cerena

Heres some added info I just learned that will help many of you. This Vista Anti-Virus/Spyware is actually located and ran from your cookies. You have to commonly remove and delete your temporary internet files (cache and cookies) to keep it from taking over your computer. This program/file will sit in your temp files until a later date and time, and then spring on you when you least expect it.

As well, if you want to be prepared for this virus attacking again, you can create a Bit Defender CD (you can download this program free from online, a simple bitdefender search on google or yahoo will bring it up). Once your computer is taken over, you can pop in this CD and it will run a program directly from that CD to scan for the infections. This may not get all the infection out, but it WILL give you control over your computer again, to go and run whatever adware/malware antivirus/antispyware program you have. One of the better programs for catching this infection, is with MalwareBytes (once again, downloaded for free).

Oh, and for those of you who have more than one user account on your computer, be happy. This infection can only infect one account. So log out of that one, log into your other account, and then run malwarebytes to get rid of it. I hope this helps.

Reply »

2011 12 07

2

0

Will

**** Oh, and for those of you who have more than one user account on your computer, be happy. This infection can only infect one account. So log out of that one, log into your other account, and then run malwarebytes to get rid of it. I hope this helps.****

You can also create a new user account, make it the administrator, boot up and then get to system restore to get your computer at least back running minus the pain in the arse Vista security screen and being able to get online... Im now going to run MalwareBytes and other cleaners from sites to see if I can get rid of it where ever it might be sleeping...

Reply »

2011 12 08

0

0

Steve

Update: Found my Process as adv.exe

Reply »

2011 12 10

0

0

Neil

It popped up on me even when I started in safe mode wouldnt let me run system restore. I eventually opened up the windows folder on my computer, found the system restore icon (rather than the shortcuts from the start menu or control panel) right clicked on it and selected "run as admin", and that worked. Thanks fortheheads up on deleting cookies. Will go do that now.

Reply »

2011 12 10

0

0

wisernow

As reported above, the rogue program disabled most avenues to recover -- I presume the jackasses follow this thread and others on the same subject in order to "enhance" their product to make it even harder to clean off your PC. I was finally able to get my System Recovery CD to boot (the Trojan program seemed to be able to override the boot options, but I finally was fast enough on the keyboard to boot from CD).

Once I did a quick System Repair on the boot partition, I was able to create a second admin account, bring up Task Manager and kill the 3-letter process running, and then run the real system restore (which had also been disabled by the Trojan). Nasty business, this "Vista Antivirus 2012"

Reply »

2011 12 11

0

0

bonezy

i removed this virus by creating a restore point! this virus blocked internet explorer, and others!

Reply »

2011 12 11

0

2

Doing this Too Long

Just start in regular Safe Mode. No Networking. it takes a min but system restore will come up. Regular safe mode keeps the virus from opening. Then your home free from there.

Reply »

2011 12 12

0

0

bert

well i followed the steps opened in safe mode and it popped up anyway i went to system restore and just befor ei could make a selection the power shut off.. so i tried again and it goes to the system restore page and shut off.. i ve tried now 5times to hard start and do something but it keeps shutting down..what do i try now..?

Reply »

2011 12 12

0

0

Tyler

Ran into the 2011 version of this virus and still have Malware bytes on my computer from it, I ran it 3 different times, and 3 different times it failed to get rid of 2012. Downloaded STOPZilla, started scan, and it caused my computer to crash (either the virus or STOPZilla) Did a system restore to a few days ago, was fine all day today, then around 1:20 A.M. CMT, I got the virus again. Downloading STOPZilla again, and also downloading Spyware Doctor, and going to run all 3 (malware, STOP, and Spyware) I hope THIS gets rid of it...

Reply »

2011 12 13

0

0

Ian

I tried to run system restore and couldnt but I right clicked and ran as admin and it got around it that way. Hope that helps.

Reply »

2011 12 13

0

0

vudoo-

I just acquired and spent all afternoon fighting it.

the executable was qep.exe

i followed the instructions at the top of the page. some of the values were missing or different.

basically get to a point where it isnt running and cant start, then system restore. it sucks. i was lucky that i downloaded a windows update yesterday, so I didnt lose too much.

hope this helps.

Reply »

2011 12 13

0

0

Hate Malware

Since the name keeps changing, I suggest doing this (Vista):
Boot in safe mode
Open the task manager
Find the "Antivirus" application
Right click it and press "Go to Process"
Right click the highlighted process and press "Go to file location"
End the Process in the task manager
Delete the executable with the same name of the process in the newly opened folder

After doing this, I did have some issues opening executable files. I got around it by trying to open some random file using Firefox (dont know if you can do it with Chrome) and went to this page "http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html" in order to fix the file association issues

Good luck

Reply »

2011 12 17

0

0

%^&*!!!

I was attacked with this mother today, december 19th, and successfully removed it by doing a forced shutdown, rebooting in safe mode with networking, and doing a system restore. Everythings running just fine now.

Reply »

2011 12 19

0

0

vq5

I thought I removed this several times thinking alls well only for it to come back again. You will see you think its gone for couple days then its back. Hopefully someone finds a permanent fix soon.

Reply »

2011 12 19

0

0

Alternative Way

If you create a new "Admin" account and delete the infected account, everything will be back to normal. HOWEVER, there is a risk that some of the files are infected. With the newly created account, run a legit anti-virus program. Voila!

Reply »

2011 12 20

1

0

Randall

If its intercepting all of your executables, then what you do to safely run them is right click the exe (or its shortcut) and select "Run as Administrator". It doesnt seem to be able to intercept exe files when you run them like that. Thats how I got my anti-virus software to run, otherwise it would intercept it and not let it run.

Reply »

2011 12 21

0

0

Joe Mama

This is a very nasty little virus, but luckily I was able to remove it from two computers within a couple days of each other. Both times it showed up, I was browsing the internet, the first time with MS Internet Explorer, and the second with Firefox. I use Avast antivirus, and both times it popped up with a warning about an attempted malicious script. I figured that Avast would block them, and both times I closed the warning popup. After that is when the virus started. I dont know if the virus was spoofing Avast warning popups so that when you click on it it installed the program, or if it was somehow able to attack Avast to the point where it took it over. This first time it was called Vista internet security 2012. On the first computer, the problem was fixed pretty easily, and after a virus scan and malware scan using Spybot S&D, it showed the computer clean with no more problems.

Two days later, the second attack occurred. The same thing happened as before, I was online and Avast popped up with a warning. I clicked to close it, and then the Vista Antivirus 2012 virus popped up. This time it was a bit trickier to get rid of, since the first version still allowed me to open executables, but this version wouldnt. I did manage to finally remove it, however it did something to Avast which wouldnt allow it to use real-time protection and disabled a few other components. It also screwed with Windows firewall, Windows Defender, and Windows Security center even after the virus was removed. Some residual component was still left which wouldnt allow me to remove and reinstall Avast. I had to do a system restore on the computer which took care of the problem, and after a reinstall of Avast and scanned for viruses and malware, it now has a clean bill of health.

I really would like to know how this virus got on two of our computers. I didnt click on any suspicious links or download any strange files. Im computer-savvy enough to know not to do that. In fact, the second time it happened I was reading an article online when the virus popped up and I dont think I was even touching the mouse. Now I only use Firefox with the Noscript addon to prevent this from happening again.

Reply »

2011 12 22

0

0

Joe Mama

Yeah I think somehow theyve designed it to get in through hostile scripts or something. It popped up on two of my work computers (see below) when I wasnt clicking on links or downloading programs.

Reply »

2011 12 22

0

0

Nick

Just got it again. I had it a few weeks ago but I was able to System Restore and get rid of it. Now when I try to System Restore it just restarts before it can finish. Also its throwing in a bluescreen now. Any tips on where to go from here? Im thinking of justing spending the money to get it fixed.

Reply »

2011 12 22

0

0

John

You might have to reset the winsock in order have browser to display pages again, when the problem is not firewall settings or IE lan settings. Run cmd.exe with administrator privileges an then:
c:>netsh winsock reset

your browsers should be working again.

Reply »

2011 12 22

0

0

marky

thank you so much! worked like a charm. merry Christmas to all

Reply »

2011 12 24

0

0

Slolem66

Tried system restore 2 times and it has failed to restore? Is any software free and safe to use?

Reply »

2011 12 25

0

0

omni

because of the attack on the user profile, you need to force the RESTORE to run as administrator . . . right click, not left click.

Reply »

2012 01 05

0

0

mmontgomery

I did a system restore and then used my PC Spyware program to scan and then rescan and so far so good. I deleted all my cookies and cleaned out the cache. I actually went back three weeks to restore. I have made sure everything is up-to-date.

Reply »

2011 12 25

0

0

Virginia

i just got this viruas the day before christmas...could not even play free cell let alone get on line..after reading up on it yesterday i was not able to restore my computer to an earlier date but i was able to make a new administrator account and delete my old one which did the trick..now i guess i need to get some new security andf hope it does not come back!

Reply »

2011 12 27

0

0

nhbird

I have a HP laptop, running Windows Vista. I hit F11 on the restart, which allowed me to create a restore point to before this POS showed up. It was that easy...hope this helps out!!! Happy New Year!!!

Reply »

2011 12 28

0

0

jack rich

ok i found a bug around this to get your internet running to download malwarebytes run scan and remove....just open internet explorer or any other browser and open it 20+ times really fast it confuses the malware it caint keep up and you will get one open successfully

Reply »

2011 12 28

0

0

sprnrice

This was very helpful!

Reply »

2011 12 31

0

0

spuno

This worked for me, thanks

Reply »

2011 12 31

0

0

Brookline19

Im having issues with this virus also. I think I have removed the virus but it has damaged a driver and is now giving me a BSOD: IRQL_Equal_OR_LESS error. Anyone else have this issue?

Reply »

2012 01 03

0

0

kman

This thing ran even in safe mode. Had to run FixNCR.reg to shut the thing down in safe mode. Malwarebytes then found two trojans and got rid of those. MSSE would not run and had to remove it from the startup folder in order to uninstall and reinstall. Also had to reinstall Spywareblaster. File was listed as ibn.exe in the user profile and the users application data file.

Reply »

2012 01 14

Post Comment:

Attention: Use this form only if you have additional information about Vista Antivirus 2012 parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«


* All field required