# Total Security Malware Alert



## BACKWOODS (Sep 10, 2007)

I spent a good part of the weekend getting this crap off my PC. 
No idea how or where it came from, my guess is my kids using Facebook. 
It appears as a Anti-Virus program, warning of several virus problems on the machine. It has a few names, Total Security 2009, Total Security 4.52, etc.
Locks out most programs. 
I did find a FREE fix instead of the 100's offering to repair for $$.
http://www.combofix.org/download.php

Do a Google search on this and you will see a lot of folks have been hit. 
Download the program to a USB stick or CD. Once your machine is infected, you can't do anything online. When you boot up, Alt-Ctl-Del just as the icons appear, then you can kill the process with about 7 numbers running. Then run the fix.
Steve


----------



## gideond (May 17, 2007)

Malwarebytes and SuperAntiSpyware are you friends. Best free scanner on the market right now. It's good to have them installed and frequently updated to get rid of stuff like this when you aren't prepared for it.


----------



## jgray152 (Oct 4, 2009)

I use these selected programs when cleaning machines.

*CCleaner
Spybot Search and Destroy
BitDefender Antivirus
Auto-Runs* (The best program ever. Look at everything running from programs to drivers loaded at startup and disable them from starting up next boot)
*UnLocker*- another great program to remove files that are "in use" or "locked" by another process or windows.
*Process Explorer *- Fantastic progam which helps you see what virus programs are running under specific windows process'


----------



## Mike Finley (Apr 28, 2004)

Simplest fix is to use system restore built into your PC and restore to a day earlier then the infection.


----------



## jgray152 (Oct 4, 2009)

That is a easy way but if a virus has infected a system file, system restore won't be able to help unfortunately.


----------



## PMbrian (Sep 25, 2009)

Had this same thing on my PC last year. Popped up and said Antivirus2000. Said I had all kinds of trojans, viruses etc. Wanted money to install the program to save my PC from intruders. My MacAfee figured it out in about 10 minutes as malware and opened, covered up the Antivirus2000 and got rid of it.:clap:
* 

*


----------



## Mike Finley (Apr 28, 2004)

jgray152 said:


> That is a easy way but if a virus has infected a system file, system restore won't be able to help unfortunately.


 
Never seen it not work. Reboot, hit F5 to start up in safe mode, go to system restore.

Never seen it not work, but of course they keep coming up with new sh&t all the time.

I know a lot of these malwares will remove your system restore tab so you can't without rebooting in safe mode, they will block symantics website address and spybot search and destoys, macafees and others and do anything possible to prevent you from seaking aid.


----------



## gideond (May 17, 2007)

I've run across several nasties that delete all your system restore points so there is no going back.


----------



## jgray152 (Oct 4, 2009)

> I know a lot of these malwares will remove your system restore tab so you can't without rebooting in safe mode, they will block symantics website address and spybot search and destoys, macafees and others and do anything possible to prevent you from seaking aid.


The first thing I usually do is boot into safe mode and use the AutoRuns program to deactivate anything suspicious. Now sometimes the virus has a backup plan and it will reenable its self. Odd thing. I then find the file/drivers that is effecting the system and use unlocker to remove the file. Reboot and windows is usually ok minus some cleanup work. Thats if all else fails.

Otherwise I try to use Spybot or an antivirus software to remove the malware


----------



## Leo G (May 12, 2005)

BACKWOODS said:


> It has a few names, Total Security 2009, Total Security 4.52, etc.
> Locks out most programs.
> I did find a FREE fix instead of the 100's offering to repair for $$.
> http://www.combofix.org/download.php
> ...


Total security 2009 is pretty easy to eradicate. Just remove the program by uninstalling it. Then run malwarebytes to clean things up.

ComboFix is a dangerous program to use if you are not careful. You need to know what you are doing, it is not a self running program. You can easily remove stuff that the system needs to function if you don't now what you are doing.


----------



## angus242 (Oct 20, 2007)

I can't believe people are still getting this kind of stuff on their computers. This is not something new. There are MANY ways to protect your PC from theses things. 

*Have a *working* antivirus program running, make sure you get virus definition *updates* often. Avast and AVG are excellent and _FREE_.

*Windows has a built in mal/spyware detector, *Windows Defender*. Set it up to scan nightly and make sure it *updates* itself before running.

*Use a 3rd party maintenance utility. Advanced SystemCare is _free_ and has built in protection as well as recommended settings to make sure your PC's settings won't allow unwanted software installations.

*For christ sake....STOP using Internet Explorer. Firefox works WAY better and won't allow ActiveX scripts to install chit on your PC. That is the number one way trojans get in. 

Once you get to Vista or Windows 7, there are PLENTY of built in settings to keep this crap out. No one should be getting viruses, spyware, tojans or malware these days. :no:


----------



## Mike Finley (Apr 28, 2004)

Leo G said:


> Total security 2009 is pretty easy to eradicate. Just remove the program by uninstalling it. Then run malwarebytes to clean things up.


Isn't the owner of malwarebytes the one who puts out the Total Security 2009 virus in order to sell you malwarebytes?


----------



## SelfContract (Dec 6, 2007)

Yep, a "web-controversy" sell technique & a smart e-marketing deploy scheme (problem first, fix second). Don't worry, never a repeat invention. 

Web customers are all smarter now... :whistling


----------



## Leo G (May 12, 2005)

Malwarebytes is free.

Blows that theory to hell now, doesn't it.


----------



## Kent Whitten (Mar 24, 2006)

Mike Finley said:


> Never seen it not work. Reboot, hit F5 to start up in safe mode, go to system restore.
> 
> Never seen it not work, but of course they keep coming up with new sh&t all the time.
> 
> I know a lot of these malwares will remove your system restore tab so you can't without rebooting in safe mode, they will block symantics website address and spybot search and destoys, macafees and others and do anything possible to prevent you from seaking aid.


My daughter got this on her computer and I tell you, it is one PITA virus. I've tried F5 and safe mode, but it restarts the computer every time. Can't get into admin, task manager....nothing. It's locked it completely.


----------



## BACKWOODS (Sep 10, 2007)

Try getting into task manager by hitting Alt+Ctl+Del the instant the icons appear on the desktop!

Worked for me, then kill the process with about 7 digits running:thumbsup:


----------



## Kent Whitten (Mar 24, 2006)

BACKWOODS said:


> Try getting into task manager by hitting Alt+Ctl+Del the instant the icons appear on the desktop!
> 
> Worked for me, the kill the process with about 7 digits running:thumbsup:


Nope....tried all that you said. It's like a tick I found a week too late. It's embedded real good.


----------



## Leo G (May 12, 2005)

Go here and ask your question. The guru's should be able to clean it up for you


----------



## jgray152 (Oct 4, 2009)

TS2009 is a tricky to remove virus.

There are removal tools available specifically for the Ts2009 Virus.

You can start here 

http://remove-malware.net/how-to-remove-total-security-2009-rogue-anti-spyware/

Search for "Total Security 2009 Removal Tool"

Try this, go to start menu click run. Type in MSCONFIG and click on diagnostic startup then reboot the computer. This "might" help. After doing this you should be able to run any diagnostic program you would like to remove it.


----------



## JonM (Nov 1, 2007)

jgray152 said:


> TS2009 is a tricky to remove virus.
> 
> There are removal tools available specifically for the Ts2009 Virus.
> 
> ...



Verbal contracts are legal...just harder to prove your point.


----------

