Does anyone know how to remove the rogue Total Security Anti-Spyware Application

[john]

A friend is having difficulty removing Total Security which falsely reports that the sites he goes to are blocked.

There is some information about it here

Although the above gives manual instructions it says to delete a list of registry entries,stop processes and remove files but non of them appear to exist on my friends machine.

I've left Windows Defender running to see if it manages to pick it up but I'm not hopeful.

PCTOOLS Spyware Doctor detected it but they want £30 to enable the removal of it.

Does anyone know of any free utilities that are known to remove this application ?

[Ray]

Try the free version of MalwareBytes Anti Malware, John, download from here that should remove it.

[Simon]

Super anti spyware may also be worth a try.  In safe mode if it doesn't remove it first time.

[john]

Thanks Ray and Simon, I'll be going back there later so I'll give them a try 

[zappaDPJ]

My daughter's laptop was recently infected with this after it sailed passed an up to date McAfee. I was highly sceptical of pctools Spyware Doctor as it was the only software I could find that claimed it could remove it. As far as I can see after a quick google it still is and although pctools looks legitimate there's something about them that doesn't sit right with me.

I removed the virus manually by killing its processes, deleting the files it was continually creating at boot up and finally by editing the registry. I have no idea if I removed all traces of it but it hasn't reappeared. Hopefully you'll find something that will deal with it but if not I can probably retrace the steps I took as I still have the pages bookmarked that help me identify the processes, files and registry entries.

[Rik]

Thanks, Zap. Like you, something about PC Tools makes me wary.

[john]

Thanks Zappa 

We downloaded and rean the free version of PC Tools and it did detect the virus and many others as well but you have to buy the proper version before it will delete them.

Since downloading and running the free version I'm a bit wary of using the full version of PC Tools too.

Although there are several sites which give instructions for manual deletion the files and registry entries it says to delete cannot be found.

[Dangerjunkie]

Hi,

The last thing I had to remove stopped Malwarebytes from installing or running. The following worked for me:

I tried the free version of A2 which removed a load of stuff. I renamed the Malwarebytes setup to a random name then it installed. I renamed the main Malwarebytes program, booted into safe mode then got Malwarebytes to run and clean up the mess.

Cheers,
Paul.

[john]

Thanks Paul,

I've e-mailed my friend links to AntiMalaware, Super Anti-Spyware and Malawarebytes and offered to help further if he needs it.

[Gary]

If you use something like Geswall or Prevx it will block these anyway, there is a free version of prevx that does remove mild adware but will show you where the nasties are or you can buy it for total coverage and removal, it runs happily with other security apps and uses very few resources about 16mb, its cloud based behavioural detection and is a good supplement to any layered security approach, it will co exist with Threatfire, defender etc as well. Long video here, but it gives you the idea http://www.youtube.com/watch?v=AAx6Y2MW_uA&feature=PlayList&p=261E0EFC24AAD88B&playnext=1&playnext_from=PL&index=19

[john]

Thanks Gary, it sounds good, I'll look into it  

My friend telephoned last night to say malware bytes appears to have removed it. He read that you had to re-name malawarebytes before running it though as 'total security' is apparently able to detect that it is running by it's name. Whether this was necessary I don't know.

[DarkStar]

Further to Garys info about Prevx and renaming MBAM, when you install Prevx you can opt to install with a randomised file name if you have a malware infection that recognises the software so that it will run, see screenshot.
There is a new version of Prevx now in Beta testing that has Secure Browsing incorporated into it that *should* stop this kind of rouge malware from downloading. They are looking to release this in the next few weeks when we can no longer break it at Wilders 


[attachment deleted by admin]

[john]

Thanks for the update to Gary's post Ian 

[DarkStar]

NP glad to help.

[Gary]

Further to Garys info about Prevx and renaming MBAM, when you install Prevx you can opt to install with a randomised file name if you have a malware infection that recognises the software so that it will run, see screenshot.
There is a new version of Prevx now in Beta testing that has Secure Browsing incorporated into it that *should* stop this kind of rouge malware from downloading. They are looking to release this in the next few weeks when we can no longer break it at Wilders 

Update update  after removing all malware its useful to reinstall Prevx with the original file name so you dont have a random file name on your system, that's a recommendation from Prevx. As DarkStar says the new version is out soon, it will be an auto update from the current version of Prevx as well 

[Captain K]

Glad I stumbled on this thread.  This particular critter has been causing me a headache.  My Dad has it on his machine, and my instructions so far have been over the phone to him.  Despite D/L MWB, turning off system restore and running MWB in safe mode, it didn't get rid.  However, he did indicate that a box had appeared which suggested that MWB had installed with errors.  I'm going over to his place shortly and I'll try Paul's re-naming trick.

Whilst there, I will also buy him, and forcibly install, a copy of the latest Kaspersky IS product.  Despite me screaming and shouting at him, he has always insisted that Symantec 360, which the shop installed for him, is great.  Even now, he's sure it will only be a matter of time before Symantec issue an update which will clean his system!   

[Gary]

Glad I stumbled on this thread.  This particular critter has been causing me a headache.  My Dad has it on his machine, and my instructions so far have been over the phone to him.  Despite D/L MWB, turning off system restore and running MWB in safe mode, it didn't get rid.  However, he did indicate that a box had appeared which suggested that MWB had installed with errors.  I'm going over to his place shortly and I'll try Paul's re-naming trick.

Whilst there, I will also buy him, and forcibly install, a copy of the latest Kaspersky IS product.  Despite me screaming and shouting at him, he has always insisted that Symantec 360, which the shop installed for him, is great.  Even now, he's sure it will only be a matter of time before Symantec issue an update which will clean his system!   

Kaspersky did not so well in August's AV comparatives it only got an advanced and came below Eset, Symantec, McAfee, Avira and Avast but to name a few, it scored 94% thats bad for them.

[Captain K]

Interesting Gary, thanks.  I've just looked at the AV Comparatives for August.  I wonder if its time to re-evaluate?

That said, I'm not attracted to the hold that Symantec has over the system resources of any machine its installed on.  Hopefully Kaspersky will move up the table at next assessment! 

[Gary]

Interesting Gary, thanks.  I've just looked at the AV Comparatives for August.  I wonder if its time to re-evaluate?

That said, I'm not attracted to the hold that Symantec has over the system resources of any machine its installed on.  Hopefully Kaspersky will move up the table at next assessment! 

I would try Avast out when you balence up false positives against detection it does well, Avira has to many FP's, I have to admit my pc is running much better since I swapped not Nod 32 and Prevx, not so many odd glitches