Vista Antivirus 2012 is a rogue security program that is promoted through the use of Trojans. When this fake program is running, it will simulate a system scan and display a list of false system security threats. Vista Antivirus 2012 will display fake security warnings and impersonate Windows Security Center to make this scam look more realistic. It will also hijack your web browser and block antivirus and anti-spyware programs. Finally the rogue program will ask you to pay for a full version of the program to remove the non-existing infections. Don't purchase it and remove Vista Antivirus 2012 from your computer upon detection.
Vista Antivirus 2012 protects itself quite effectively. It blocks legitimate security software and hijack web browsers. In some cases it blocks all programs, not only anti-virus or anti-spyware software. What is more, it will detect many of well known and reputable websites as harmful and display fake security alert stating that you may infect your PC if you open a particular website. And of course, it disables certain Windows functions such as Task Manager.
To make its victims scared, it will state:
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
It's possible to remove it manually, but you have to re-enable those Windows functions at first. You may also download an automatic removal tool, but again have to fix some registry entries and terminate the main process of Vista Antivirus 2012 to be able to use malware removal tool. As you can see, Vista Antivirus 2012 is nothing more but a scam. If you have already purchased this rogue program then contact your credit card company and dispute the charges. In addition, if you find difficulties in running your anti-spyware, please follow these special tips you should know:
1. Try launching as administrator by right-clicking on executable and choosing from menu
2. Try renaming the executable to something else, like iexplore.exe so Vista Antivirus 2012 will not block it.
3. From another user account on Vista system
4. Launch anti-malware programs from safe mode with networking.
5. Stop Vista Antivirus 2012 processes with task manager or other utility.
6. Using codes like 3425-814615-3990 or 9443-077673-5028 to disable malware.
This will allow running legitimate anti-malware programs and completely clean your PC from Vista Antivirus 2012.
Vista Antivirus 2012 manual removal:
Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe"'
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesInternet Exploreriexplore.exe"'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = '1'