Severity scale:  
  (70/100)

Vista Security 2012. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - -   Also known as VistaSecurity2012, VistaSecurity 2012 | Type: Rogue Antispyware
12

Vista Security 2012 is a fake computer security program that promises its victims to fix their computers and remove all viruses detected. However, you should know that these “viruses” won’t be found by any legitimate anti-spyware becauseVista Security 2012 fakes them trying to make you concerned. This scam hails from notorious malwares family which expects to steal users’ money.By changing its name according to the OS it finds, programs from Vista Security 2012 group infect computers unnoticeably with a help f Trojans. Vista Security 2012 is also distributed through fake online scanners, flash updates, misleading pop-ups that appear when you are browsing, so make sure that your anti-spyware is usually updated!

Having infiltrated the targeted computer, Vista Security 2012 will start causing numerous problems though it will try to convince you that it is extremely needed. Being quite hardly removable, this scam displays lots of false spyware detection reports and fabricated scanners that will announce the same thing:

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Vista Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

Vista Security 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site’s pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.

Things you can do:
– Get a copy of Vista Security 2012 to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)

This unpaid activity also includes continuous pop-up ads and takeover of your browser to interrupt into your normal work with PC. Going no further, Vista Security 2012 will say that for elimination of these problems, you firstly have to register its “full” version and now it should become obvious that it wants your money only. Vista Security 2012 should not be left inside your PC because it will let other scams to reach your machine and also starts fraudulent activity. Whenever you see it, don’t take seriously anything what it tells and stay away from it and its websites. Make sure that you remove Vista Security 2012 as soon as possible if it’s on your machine already. To disable it, try entering one of these registration codes: 2233-298080-3424, 3425-814615-3990 or 9443-077673-5028. In addition, run a full system scan.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Vista Security 2012 you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Vista Security 2012. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Vista Security 2012 (2012-04-10)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Vista Security 2012 (2012-04-10)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Vista Security 2012 (2012-04-10)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Vista Security 2012 (2012-04-10)

Vista Security 2012 manual removal:

Kill processes:
ppn.exe

Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = '1'

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe"'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesInternet Exploreriexplore.exe"'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = '1'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = '1'

Delete files:
%AllUsersProfile%U3F7PNVFNCSJK2E86ABFBJ5H

%LocalAppData%ppn.exe

%Temp%U3F7PNVFNCSJK2E86ABFBJ5H

%LocalAppData%U3F7PNVFNCSJK2E86ABFBJ5H

%AppData%TEMPLATESU3F7PNVFNCSJK2E86ABFBJ5H


  • satan

    i didnt have kdn.exe instead i had wie.exe

    I killed the wie.exe from task manager and deleted all registry by searchign wie.exe. And also deleted wie.exe from /local/wie.exe

    My computer is running smoothly again..yey

  • CrazyMo

    On my computer it was rmc.exe

  • Sam

    I had the ikq.exe. The instructions are very good. Thank you so much.

  • kevin

    how do I download anything if I cant get on the internet? Its hijacked everything!!

  • :(

    Mine was vep.exe, also stopped in task manager, deleted from local files. Pc now working well! Thanks for the tips

  • Hey

    I am not much of a computer person so I couldnt do this. I restored my computer back to a month before and that took care of the problem. I had tried to download malwarebytes which had worked for me in the past before against a similar virus but this time I couldnt get online. Restoring my pc took care of the problem for me.

  • D:

    How do I know which one it is?
    I have a few .exe that dont have a description.

  • Dionne

    Now, it is more powerfull, when you try to run an .exe it aske you with wich program d o you want to open it. The best way to get rid of it is to reboot all the computer. I got to a informatitian and he reinstalled all

  • Dionne

    Running in safe mode…program will not kill, or restart automatically. Impossible to use any web service to download any program fix. Mine was rak.exe and automatically restarts after killed.

  • ahhh

    This program is a beast. I got it killed it was GVK.exe, it was still attacking in safe mode!

  • Scott

    To remove this virus, I advice to do a system restore. Set it to before you think you may of got this virus. I did it and it has been running as normal.

  • sss

    Its fqu.exe for me

  • Ben

    Found on my friends laptop under JRC.exe

  • Johan

    Thanx, this was the best page. Ever.
    My file was named rtc.exe.

    It was tricky to find the file, I used command prompt and typed “cd %LocalAppData%” to view and delete the rtc.exe.

  • Anon

    It can go by the name of vim aswell

  • Joe

    Great post! Thank you very much for the info!
    My file was “iqx.exe”
    It will not allow you to install MalwareBytes (and possibly not allow you to connect to the Internet etc.). Instead, it will bring up a fake scan and maybe a fake Security Center window.
    It is very aggressive.
    Once you delete the reg keys, it wont disable the install.
    Hope this helps anyone.

  • alice

    mine was wtk.exe

  • Jornne

    Mine should be ylp.exe. There was no description for this process though so it is quite easy to identify it.

    It is very irritating cos it blocked my browsers when i tried to surf, alll of them!!

    Thanks for the post

  • Kin

    when this thing showed its ugly head, I did a system restore. It seemed to work just going that. I have run Spybot, Malwarebytes, Microsoft Security Essentials, and nothing has shown up in any of the scans. Can I consider this gone or should I try other removal methods? Because everything is working fine. But I would still, very much, any help or advice that can be offered. Thank you very much for your time.

    -Kin

    • cody

      nojust because you do a system restore might not take care of the virus i tried this before with an older versio of the virus and it did not work at all…

  • bill

    just did a restore and seems to be working ptl

  • Connor

    it wont let me access the system restore any other way to get rid of this?

  • Michael

    It sets any exe file to be opened with the malware .exe. After you delete that it will still have other exe to be opened by a certain program, but wig the file gone you can open exes with any program you like such as regedit to get the problem done.

  • Michael

    When I try to open Registry Edit it asks what program to open regedit.exe with. I select to open it using regedit and it starts normally with the Windows permission request and the small warning of Unintentional change then when I select continue it says Cannot Import regedit.exe The specified file is not. Registry script. You can only import binary register files from within the registry error

  • JD

    grm.exe on one system.

  • Mayhem

    Every time I download firefox browser from cnet I get that virus. Im forced to do a system restore prior the download. downloaded 3 times with.same result. Using malwarebytes to take care of it

  • bung

    Thank GOD I have an ultra-nerdy kotaku sidebar on my desktop. It has constant links to the internet (for articles), and for some reason wasnt hijacked by “vista security 2012.” Through it, I was able to do an online search and find this website. HAHAHA-HAHAAAAA! GO F*CK YOURSELF VISTA SECURITY!

  • ape

    I cant seem to get my omputer to download this. I have windows vista how do I correct this?

  • danu

    What youre saying is completely true. I know that everybody must say the same thing, but I just think that you put it in a way that everyone can understand. I also love the images you put in here.