How To: Remove Vista AntiVirus 2012

How To: Remove Vista AntiVirus 2012

Vista AntiVirus 2012, also known as Windows XP Home Security 2012 is one of the viruses/malware programs running around that masquerades as an anti-virus program.

Unfortunately it’s not. It uses various browser holes to install itself and then pretty much disables the computer until the user puts their credit card number in. Once the program is “bought” it goes idle and pretends to scan for viruses, but as far as I can tell never actually finds anything.

Caution, these directions have you editing the Registry. They do not tell you how to do so, but tell you what keys to delete. Deleting the wrong keys can severely mess up your computer! If you are not comfortable doing this, take your computer to someone who is.

First Step is to go into Task Manager and kill ppn.exe

Then in your registry delete the following keys:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation “TLDUpdates” = ‘1’
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “%1” %*’
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “%1” %*’
HKEY_CLASSES_ROOT.exeshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “%1” %*’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “C:Program FilesMozilla Firefoxfirefox.exe”‘
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “C:Program FilesMozilla Firefoxfirefox.exe” -safe-mode’
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = ‘”%LocalAppData%kdn.exe” -a “C:Program FilesInternet Exploreriexplore.exe”‘
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center “AntiVirusOverride” = ‘1’
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center “FirewallOverride” = ‘1’

Lastly delete the following files:
%AllUsersProfile%Application Datau3f7pnvfncsjk2e86abfbj5h
%LocalAppData%kdn.exe
%LocalAppData%u3f7pnvfncsjk2e86abfbj5h
%Temp%u3f7pnvfncsjk2e86abfbj5h
%UserProfile%Templatesu3f7pnvfncsjk2e86abfbj5h

Reboot your computer and everything should be gone.

Again, if you’re not comfortable editing registry files, please take the computer to someone who is.

Digital Protection Malware virus

Digital Protection Malware virus

There is a new major malware virus going around right now. This one is “Digital Protection” and infects computers after the user gets one of those pop-ups that says “You have a virus!”

The odd thing about this one is that it’s also taking over the Windows Updater program, so it can’t be used to download new security patches and fixes from Microsoft.

It’s also loading itself multiple times into the Windows registry. Below are step by step instructions on how to remove it. http://www.geekstogo.com/forum/Removal-instructions-Digital-Protection-t274218.html

This is a nasty removal process so if you’re not familiar with editing the Windows registry, I highly suggest you take this somewhere professional.