Vista Security 2012 Removal Process (remove VistaSecurity2012)

June 9, 2011

These days, it would not be wise to surf the Internet without having some sort of protection for your computer against malware threats. There are millions of malware that can infect your computer every time it is connected to the Internet, so purchasing a good security application is certainly a good investment for the security of your personal information. However, be aware that not all security applications being marketed on the Internet are actually legitimate ones. This is why PCHubs malware researchers are constantly on the lookout for these bogus security applications in order to warn computer users against buying these bogus security programs. One of the most recent applications discovered to be a fraudulent security application is known as Vista Security 2012.

Vista Security 2012 Cannot Secure Your Computer from Malware

Despite its name, Vista Security 2012 has been confirmed to have no capability at all in being able to protect your computer against viruses and other forms of malware. It was created by cybercriminals with the purpose of stealing money, but Vista Security 2012 is actually a useless program that is unable to detect and remove malware infections. PCHubs security analysts have noted that it is part of the FakeRean family, which is known for being the creator of other rogueware variants such as Win7 Security 2012, XP Security 2012, Vista Internet Security 2011, and others with similar sounding names. It can be noted that the rogue anti-spyware programs of this family are typically the same and only change the year label (for example, 2012 in the end) and prefix, depending on the operating system of the computer that it has infected. So, it can be noted that Vista Security 2012 would infect a computer that runs on Windows Vista, but if the target computer happens to run with Windows XP, the rogueware's name on the computer would change to XP Security 2012.

Like other rogueware in its family, Vista Security 2012 infects your computer through a Trojan acquired from fake online scanners or by pretending to be a fake security update which can be any random executable file such as kdn.exe. Once installed on your PC, it would start doing its dirty work of convincing you to purchase the full version of Vista Security 2012 by making you believe that your computer is infected with several malware infections. Vista Security 2012 would perform fake system scans with fabricated results showing that your computer is infected with several kinds of viruses. Vista Security 2012 would display several fake alerts and notifications to entice your to divulge your credit card information.

What to Do When Vista Security 2012 has Infected Your PC

Vista Security 2012 doesn't do anything at all in increasing the security of your computer. Therefore, you must never purchase it or else you are surely just going to waste your money. It is strongly encouraged to remove Vista Security 2012 from your computer upon detection.

Removal can be done by restarting your computer in Safe Mode. From there, you should scan your computer using a legitimate security application and delete all infections that were detected.

Are you getting popups from Vista Security 2012? Have you identified that you have Vista Security 2012 installed on your computer? Do you wish to remove Vista Security 2012 completely from your computer?

Why should you remove Vista Security 2012?

If Vista Security 2012 resides on your computer, it can potentially damage your personal files or you may end up losing data stored on your system. Research has shown that Vista Security 2012 may have the ability to make your computer vulnerable to remote attacks which could result, initially, in loss of money, possibly identity theft, and, eventually, a painstaking Vista Security 2012 removal process.

How can you manually remove Vista Security 2012

Manual removal of Vista Security 2012 may not be for everyone. Each manual Vista Security 2012 removal step must be followed delicately to completely remove all related files and registry entries from your computer. If you are unsure or have doubts about editing your system registry, then we recommend that you use the automatic Vista Security 2012 removal process.

Vista Security 2012 can be removed manually by following the steps below.

  1. With all programs closed, click the Start Menu and go to the Control Panel.
  2. Locate the Add/Remove Programs icon and double click it.
  3. Locate Vista Security 2012 in the list of programs. If you find it, select it and remove it. If you cannot find Vista Security 2012, you can continue to step 5.
  4. Restart your computer.
  5. Close all open programs and windows on your desktop.
  6. Open your registry editor (regedit) program by going to Start Menu, type in regedit, and click OK.
  7. Find all of the following registry entries and delete them. If you do not know how to do this, then you can read how to edit the registry in Windows.

    HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
    HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
    HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
    HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
    HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
    HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
    HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
    HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
    HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1"
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
    HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'
  8. You may need to return to this removal process for removing Vista Security 2012. You can do this easily by bookmarking or adding a favorite to this page by clicking here. If you are using the FireFox web browser you can press the keys Ctrl and D simultaneously to bookmark this page.

    Image 1. Bookmark PCHubs removal process


  9. Delete all of the following files that are associated with Vista Security 2012 from your computer.

    %AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h

    If you need a better understanding on how to search for these files then you can read how to find and search for files and folders here.

    If you have issues deleting any of the previously listed files that are associated with Vista Security 2012, you can try rebooting your computer into safe mode. Booting into safe mode may allow certain malicious files to be deleted. If you are wondering how to boot into safe mode, you can read our process for starting a computer in safe mode here.

    Image 2. Select "Safe Mode with Networking"


  10. After locating and deleting the previous files you must remove all directories associated with Vista Security 2012 by going to the C:\ProgramFiles\Vista Security 2012 folder, select it, and delete it. In some cases you may not be able to find this directory. You can still continue to the next step.

  11. Restart your computer. You do not need to boot into safe mode at this point. You should have removed Vista Security 2012 completely from your computer. If you find that Vista Security 2012 is still on your computer, you can repeat the steps again or go to the automatic Vista Security 2012 removal process.


  • Remigio says:

    Go into safe mode with networking. Right click your aiinvtrus icon and choose run as administrator . You should be able to access your virus scanner this way. Do a full scan. It should detect and remove it. After this, it’s a good idea to run a spyware/malware detector like spybot search and destroy or IObit Security. I also used cleaner to do a registry cleanup .My aiinvtrus (AVG 9 full) caught everything but I did the rest just to be safe. 4 days now, and no problems since.

  • Joe says:

    I tried task manager but it blocks it i also tried control panel but do not see the start up progarams tab i have windows 7 may be it different can any one give me any suggestions. thanks

  • Dennis P. says:

    My friend has gotten the rogue program trojan on his computer, and even though I can access google, I am unable to open any of the download removal tools for this problem. Is there a possibility I can download it to my computer, burn the downloaded program and then run it on his computer. Or is the only way to do this is manually? Please respond as soon as possible.

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 4 + 2 ?