How To: Remove Vista AntiVirus 2012

How To: Remove Vista AntiVirus 2012

Vista AntiVirus 2012, also known as Windows XP Home Security 2012 is one of the viruses/malware programs running around that masquerades as an anti-virus program.

Unfortunately it’s not. It uses various browser holes to install itself and then pretty much disables the computer until the user puts their credit card number in. Once the program is “bought” it goes idle and pretends to scan for viruses, but as far as I can tell never actually finds anything.

Caution, these directions have you editing the Registry. They do not tell you how to do so, but tell you what keys to delete. Deleting the wrong keys can severely mess up your computer! If you are not comfortable doing this, take your computer to someone who is.

First Step is to go into Task Manager and kill ppn.exe

Then in your registry delete the following keys:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation “TLDUpdates” = ‘1’
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “%1” %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “%1” %*’
HKEY_CLASSES_ROOT.exeshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “%1” %*’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “C:Program FilesMozilla Firefoxfirefox.exe”‘
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “C:Program FilesMozilla Firefoxfirefox.exe” -safe-mode’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “C:Program FilesInternet Exploreriexplore.exe”‘
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center “AntiVirusOverride” = ‘1’
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center “FirewallOverride” = ‘1’

Lastly delete the following files:
%AllUsersProfile%Application Datau3f7pnvfncsjk2e86abfbj5h
%LocalAppData%kdn.exe
%LocalAppData%u3f7pnvfncsjk2e86abfbj5h
%Temp%u3f7pnvfncsjk2e86abfbj5h
%UserProfile%Templatesu3f7pnvfncsjk2e86abfbj5h

Reboot your computer and everything should be gone.

Again, if you’re not comfortable editing registry files, please take the computer to someone who is.

Leave a Reply