Total Security Malware Alert

BACKWOODS

I spent a good part of the weekend getting this crap off my PC.
No idea how or where it came from, my guess is my kids using Facebook.
It appears as a Anti-Virus program, warning of several virus problems on the machine. It has a few names, Total Security 2009, Total Security 4.52, etc.
Locks out most programs.
I did find a FREE fix instead of the 100's offering to repair for $$.
http://www.combofix.org/download.php

Do a Google search on this and you will see a lot of folks have been hit.
Download the program to a USB stick or CD. Once your machine is infected, you can't do anything online. When you boot up, Alt-Ctl-Del just as the icons appear, then you can kill the process with about 7 numbers running. Then run the fix.
Steve

gideond

Malwarebytes and SuperAntiSpyware are you friends. Best free scanner on the market right now. It's good to have them installed and frequently updated to get rid of stuff like this when you aren't prepared for it.

__________________
http://www.morrispaint.com

jgray152

I use these selected programs when cleaning machines.

CCleaner
Spybot Search and Destroy
BitDefender Antivirus
Auto-Runs (The best program ever. Look at everything running from programs to drivers loaded at startup and disable them from starting up next boot)
UnLocker- another great program to remove files that are "in use" or "locked" by another process or windows.
Process Explorer - Fantastic progam which helps you see what virus programs are running under specific windows process'

Mike Finley

Simplest fix is to use system restore built into your PC and restore to a day earlier then the infection.

jgray152

That is a easy way but if a virus has infected a system file, system restore won't be able to help unfortunately.

PMbrian

Had this same thing on my PC last year. Popped up and said Antivirus2000. Said I had all kinds of trojans, viruses etc. Wanted money to install the program to save my PC from intruders. My MacAfee figured it out in about 10 minutes as malware and opened, covered up the Antivirus2000 and got rid of it.

Mike Finley

Never seen it not work. Reboot, hit F5 to start up in safe mode, go to system restore.

Never seen it not work, but of course they keep coming up with new sh&t all the time.

I know a lot of these malwares will remove your system restore tab so you can't without rebooting in safe mode, they will block symantics website address and spybot search and destoys, macafees and others and do anything possible to prevent you from seaking aid.

gideond

I've run across several nasties that delete all your system restore points so there is no going back.

__________________
http://www.morrispaint.com

jgray152

The first thing I usually do is boot into safe mode and use the AutoRuns program to deactivate anything suspicious. Now sometimes the virus has a backup plan and it will reenable its self. Odd thing. I then find the file/drivers that is effecting the system and use unlocker to remove the file. Reboot and windows is usually ok minus some cleanup work. Thats if all else fails.

Otherwise I try to use Spybot or an antivirus software to remove the malware

Leo G

Total security 2009 is pretty easy to eradicate. Just remove the program by uninstalling it. Then run malwarebytes to clean things up.

ComboFix is a dangerous program to use if you are not careful. You need to know what you are doing, it is not a self running program. You can easily remove stuff that the system needs to function if you don't now what you are doing.

__________________
Sawdust Follows Me Everywhere

http://lrgwood.com
Custom Cabinets in Hartford County Connecticut

angus242

I can't believe people are still getting this kind of stuff on their computers. This is not something new. There are MANY ways to protect your PC from theses things.

*Have a working antivirus program running, make sure you get virus definition updates often. Avast and AVG are excellent and FREE.

*Windows has a built in mal/spyware detector, Windows Defender. Set it up to scan nightly and make sure it updates itself before running.

*Use a 3rd party maintenance utility. Advanced SystemCare is free and has built in protection as well as recommended settings to make sure your PC's settings won't allow unwanted software installations.

*For christ sake....STOP using Internet Explorer. Firefox works WAY better and won't allow ActiveX scripts to install chit on your PC. That is the number one way trojans get in.

Once you get to Vista or Windows 7, there are PLENTY of built in settings to keep this crap out. No one should be getting viruses, spyware, tojans or malware these days.

__________________
Angus
L+M+O+P=C
"Promise only what you can deliver. Then deliver more than you promise"

Mike Finley

Isn't the owner of malwarebytes the one who puts out the Total Security 2009 virus in order to sell you malwarebytes?

SelfContract

Yep, a "web-controversy" sell technique & a smart e-marketing deploy scheme (problem first, fix second). Don't worry, never a repeat invention.

Web customers are all smarter now...

Leo G

Malwarebytes is free.

Blows that theory to hell now, doesn't it.

__________________
Sawdust Follows Me Everywhere

http://lrgwood.com
Custom Cabinets in Hartford County Connecticut

KentWhitten

My daughter got this on her computer and I tell you, it is one PITA virus. I've tried F5 and safe mode, but it restarts the computer every time. Can't get into admin, task manager....nothing. It's locked it completely.

__________________
If you correct your mind, the rest of your life will fall into place ~Lao Tzu

Custom Cabinetry - Portland, Cape Elizabeth, Scarborough, Kennebunkport, Yarmouth, Falmouth, Cumberland, Ogunquit, Maine

Salmon Falls Cabinetry

BACKWOODS

Try getting into task manager by hitting Alt+Ctl+Del the instant the icons appear on the desktop!

Worked for me, then kill the process with about 7 digits running

KentWhitten

Nope....tried all that you said. It's like a tick I found a week too late. It's embedded real good.

__________________
If you correct your mind, the rest of your life will fall into place ~Lao Tzu

Custom Cabinetry - Portland, Cape Elizabeth, Scarborough, Kennebunkport, Yarmouth, Falmouth, Cumberland, Ogunquit, Maine

Salmon Falls Cabinetry

Leo G

Go here and ask your question. The guru's should be able to clean it up for you

__________________
Sawdust Follows Me Everywhere

http://lrgwood.com
Custom Cabinets in Hartford County Connecticut

jgray152

TS2009 is a tricky to remove virus.

There are removal tools available specifically for the Ts2009 Virus.

You can start here

http://remove-malware.net/how-to-rem...-anti-spyware/

Search for "Total Security 2009 Removal Tool"

Try this, go to start menu click run. Type in MSCONFIG and click on diagnostic startup then reboot the computer. This "might" help. After doing this you should be able to run any diagnostic program you would like to remove it.

JonM

Verbal contracts are legal...just harder to prove your point.