How To Remove Total Secure 2009 [Removal Guide]

How To Remove Total Secure 2009

This guide will give you easy instructions on how to remove Total Secure 2009


Total Secure 2009 Screenshot:




Symptom in HijackThis logs:

---

Follow these instructions to continue:

1. Please download Malwarebytes' Anti-Malware.



2. Install Malwarebytes' Anti-Malware by double clicking on mbam-setup.exe

3. Follow the prompts. Make sure that Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware are checked. Then click finish.

4. Malwarebytes' Anti-Malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

If you are having problems with the updater, you can use this link to manually update Malwarebytes' Anti-Malware with the latest database



5. Close ALL open Windows, Programs, File or Folders.

6. Make sure you are on the Scanner tab. Select Perform quick scan then click the Scan button as shown above.

7. Malwarebytes' Anti-Malware will now start scanning your computer for infected files as shown below.


8. When the scan is finished a message box will appear, click Ok to continue.

9. Click Show Results.


10. You will now be presented with a screen showing you the malware infections like shown below. Yours may look different depending on the infection you have.

11. Click on Remove seletced


12. When removing the files, Malwarebytes' Anti-Malware may require you to restart the computer in order to do a complete removal. If it displays a message stating that it needs to restart, please allow it to do so.

13. After that you can close the Malwarebytes' Anti-Malware window, your computer is now cleaned.

To protect your computer from future threats like this, you may want to consider purchasing the Pro version of Malwarebytes' Anti-Malware with real-time protection from this link.

---

If you are still experiencing problems or difficulties following this guide or require any assistance removing this software, please post your questions in our Virus, Spyware & Malware Removal forums for free help.

You have to be logged in to post questions. Registration is free. By registering you are privileged to other virus removal resources in future.

Last edited by Doctor Inferno on 25th June 2009, 8:08 am; edited 3 times in total (Reason for editing : Extra information added)

This is nice. Is that only for spyware ?

This removal guide works for Total Secure 2009.

Total Secure 2009 is a rouge anti spyware, in other words, it is a malware.

Program spyware. WoW. I wasn't know that. Ty for this tutorial.

Very nice guide!!!

Who distributes Total Secure 2009? I would like to be aware in case they create any kindof new programs to avoid instructions like this.


EDIT
Warning! Dont try this unless you have a safe environment!
I have found and downloaded a sample of the malware. I will test it and try to find some results for you guys.

Is it just me, or does this look like its got WinAntivirus Corp written all over it?
I will attempt to decompile it to asm and map its patterns. I might see if I can antigonize it into dropping its payload as well.

When it drops its payload, I will give you guys some removel instructions for its payload. I dont think that anyone has faced that yet.

If you find any other HijackThis variants do let me know, so I can add it to the post.

A safe way to emulate this virus would be to run it in a virtual machine like VMware. Which was how I got the screen shots etc, without getting infected on my PC.

Is there a free version of vmware?

I use Returnil Virtual Disk. It traps the windows session in memory so that all changes made to windows are reversed when you reboot.

After I turn it on, I can do anything. If a virus totaly trashed my system with that baby on, I could reboot and everything would be fine.

Ok, I have tested the malware.

It is farly harmless and can be removed using its default uninstaller without any complications.

It has no payload. I tried everything that I could think of to get it to drop on, but to no avail.

Even though it is harmless, I wouldnt trust it if I where you. It still detects so many false positives that I have no choice but to believe that it is a scam.

What do I do If i have Win Vista? I've tried lots and it just won't go away.

Hello Headspin.
I know it doesn't say in Docs post, but Smitfraudfix does work on Vista, in Vista you have to run Smitfraudfix as administrator.
If you need help, Read this thread and post a Hijack This log in Malware removal and I will help you.