Help me remove “Total XP Security”

Topic

New Reply

I have gotten the malware “Total XP Security” and cannot seem to get rid of it. I ran Adware which seemed to get rid of it, until I rebooted and there it was again.
I checked the registery for the av.exe, but the only one there was ave.exe. Is ave.exe the one I need to get rid of along with a few other settings? Or can someone suggest an inexpensive fix other than reformating the computer. This malware is on my other computer and it will not let me open any programs or go on the internet.

Reply | Quote

Replies

Free antimalware Tools:
MS
Malwarebytes
Malware net
Spyware removal

Use multiple tools and run then at least twice.

Reply | Quote

Personally I would run Malwarebytes’ AntiMalware (as Clint suggests):

[*]download,
[*]install,
[*]update – important to get latest definitions,
[*]perform quick scan (to see how big the problem is, and get rid of the worst stuff)
[*]then perform full scan.

I would also run SuperAntiSpyware (lower right button on this linked page)
and HitMan Pro (chose either 32-bit or 64-bit, depending on what variant of Windows you have).

Again, as Clint suggests, you probably want to run each at least twice, one after the other. The whole process will take several hours!

If you have any difficulty with downloading, installing or running (as you seem to have), you may have to start your PC up in “Safe Mode with Networking”. Or get someone else to download these programs onto a USB Flash Drive for you to use.

BATcher

Plethora means a lot to me.

Reply | Quote

There are several methods to manually remove this malware as well:

try this, or this, or this. A google search finds many similar posts.

All suggest to remove already installed anti malware apps and redownload and reinstall them since part of the deviousness of these type nasties is that they search for these anti malware apps and render them ineffective.

Reply | Quote

RoseMary,

I found several references in removing nefarious fake AV apps, etc in How to Geek.You will have to scroll down a ways through the tips and tweaks to find several items for removing these pesky apps. Hope this helps.

Reply | Quote

Hi Rosemary :

I saw an experienced, CERTIFIED, Volunteer “Malware Removal Specialist”
recommend starting by trying the following :

“Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.

[Version]
Signature=”$Chicago$”
Provider=Myantispyware.com

[DefaultInstall]
DelReg=regsec
AddReg=regsec1

[regsec]
HKCU, SoftwareClasses.exe
HKCU, SoftwareClassessecfile
HKCR, secfile
HKCR, .exeshellopencommand

[regsec1]
HKCR, exefileshellopencommand,,,”””%1″” %*”
HKCR, .exe,,,”exefile”
HKCR, .exe,”Content Type”,,”application/x-msdownload”

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer. ”

If this is successful, then try and use the excellent Malwarebytes
Anti-Malware program . This “procedure” is for the computer
that you are unable to get on the internet .

Reply | Quote

Hi Rosemary :

I saw an experienced, CERTIFIED, Volunteer “Malware Removal Specialist”
recommend starting by trying the following :

“Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.

[Version]
Signature=”$Chicago$”
Provider=Myantispyware.com

[DefaultInstall]
DelReg=regsec
AddReg=regsec1

[regsec]
HKCU, SoftwareClasses.exe
HKCU, SoftwareClassessecfile
HKCR, secfile
HKCR, .exeshellopencommand

[regsec1]
HKCR, exefileshellopencommand,,,”””%1″” %*”
HKCR, .exe,,,”exefile”
HKCR, .exe,”Content Type”,,”application/x-msdownload”

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer. ”

If this is successful, then try and use the excellent Malwarebytes
Anti-Malware program . This “procedure” is for the computer
that you are unable to get on the internet .

Reply | Quote

Thank you all for your quick responses. Total XP Security has taken over the computer. Whenever I try to get on the internet, it won’t let me. “it isn’t a safe site. It has gotten to the point that nothing will open. When ever I try to open a program, it asks open with what. It is almost like nothing is there. Would I be able to save a removal tool to a disc and then run it on the computer?

Reply | Quote

You might want to take a look at this site for detailed manual removal instructions. If you print them out and keep them next to you while you remove the problem step-by-step, it should go smoothly.

HTH

Reply | Quote

Was this helpful ?? Did your reply get dropped from the post ??

There are other options to try other than using software that is on the PC with the problem, but they require some hardware knowledge or a willingness to try. Not very difficult, really.

Reply | Quote

Was this helpful ?? Did your reply get dropped from the post ??

There are other options to try other than using software that is on the PC with the problem, but they require some hardware knowledge or a willingness to try. Not very difficult, really.

Thank you for your help. I am not sure enough in my ablity to to tackle extreme measures on a computer. I am going to take the comp in and let a pro fix it.

Reply | Quote

Hi Rosemary,

I would suggest to start your computer in Safe Mode with networking. Then download this program from the Microsoft website: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx It is called Autoruns which will detect all the programs that are starting up when you turn on your PC. When you find the one which looks suspicious…I can’t remember the one used by “Total XP Security”…just disable it by removing the checkmark. Then try restarting your PC in normal mode, if you disabled the right one your computer should be OK and you should be able to go online to download “Malwarebytes” . Then just follow the instructions posted by BATcher!

Reply | Quote

My friend just got hit with this and asked for help.Thanks to doc watson for link to website with manual instructions.
I printed it out and will go try to help her tomorrow.wish me luck,mosie

Reply | Quote

Don’t forget that doing a clean instal is an effective alternative for those who are not 100% sure
that their system has been effectively remedied.

Sometimes the fixes will fudge the software environment to such an extent that the time it takes to figure it all
out could have easily outdone that of a clean instal.

Reply | Quote

Don’t forget that doing a clean instal is an effective alternative for those who are not 100% sure
that their system has been effectively remedied.

Sometimes the fixes will fudge the software environment to such an extent that the time it takes to figure it all
out could have easily outdone that of a clean instal.

This is the best reason to do full image backups – EVERY week. That way, you can easily restore the entire PC and recover from any sort of malware.

Reply | Quote

Don’t forget that doing a clean instal is an effective alternative for those who are not 100% sure
that their system has been effectively remedied.

Sometimes the fixes will fudge the software environment to such an extent that the time it takes to figure it all
out could have easily outdone that of a clean instal.

I agree that a clean install is almost 100% certain to cure any issues, and can be a quicker way to go, if you don’t have many programs and/or utilities installed and have the latest SP already on a separate CD or slip streamed with the OS on the install CD.

Rebuilding a system can be as tedious as restoring one by manually removing the problem. It is a problem that the user must address on a case by case basis, and is never something to just start hacking away at with every recommended tool on the internet. Gettin good information from trusted sources and then seeking out experts to resolve the most persistent problems. I have gone both ways and was satisfied with both results, because they addressed the problem and fit the particular situation best.

Your level of experience, expertise and access to the right resources all need to be considered. And, I have seen “pros” who make the situation worse, or simply “lose” all your data.

Reply | Quote

Here is a great guide for removing this pest.

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

Reply | Quote

Here is a great guide for removing this pest.

http://www.bleepingc…irus-vista-2010

Looks to me as if this (Bleeping Computer procedure) should do the job. If this method fails, I would do a full reformat and reinstall. Image Backups which do not overwrite the MBR might not solve the problem. But an Acronis True Image backup would offer to overwrite the MBR as part of the restore process, especially if you run the Acronis program from the Rescue CD.

-- rc primak

Reply | Quote

One tool that I have found to be really handy to get started on the process of recovery is rkill.
Information is available here: http://www.technibble.com/rkill-repair-tool-of-the-week/
It has helped me with several systems where I was locked out of task manager, running MalwareBytes and Internet access.
Once you are able to kill all of the processes, then you will be able to install and run MalwareBytes.
One trick to getting malwarebytes to run on an infected machine is to rename the MalwareBytes executable that can be found under Program Files –>MalwareBytes.

Hope this helps.

Reply | Quote

I agree with most of the posts here, but I’ve solved several of these pesky “fake alerts” simply by running System Restore and picking a date when the client knows for sure everything was running well. So far, it’s worked on at least 3 occasions.

Unless I’m totally missing a caveat, I’m surprised others haven’t mentioned this.

Reply | Quote

I agree with most of the posts here, but I’ve solved several of these pesky “fake alerts” simply by running System Restore and picking a date when the client knows for sure everything was running well. So far, it’s worked on at least 3 occasions.

Unless I’m totally missing a caveat, I’m surprised others haven’t mentioned this.

My past experience with System Restore has been poor. I gave up as a result, and started getting diligent about doing backups instead.

Reply | Quote

I agree with most of the posts here, but I’ve solved several of these pesky “fake alerts” simply by running System Restore and picking a date when the client knows for sure everything was running well. So far, it’s worked on at least 3 occasions.

Unless I’m totally missing a caveat, I’m surprised others haven’t mentioned this.

The caveat would be that if the user has clicked on any of the alerts the malware is dumped on your system and the trouble starts. If they have not clicked on the alert or downloaded the program, then System Restore will remove the bug from the system before it infects anything.

Reply | Quote

I agree with most of the posts here, but I’ve solved several of these pesky “fake alerts” simply by running System Restore and picking a date when the client knows for sure everything was running well. So far, it’s worked on at least 3 occasions.

Unless I’m totally missing a caveat, I’m surprised others haven’t mentioned this.

This will probably work 95% of the time but I picked up a fake alert once that messed with system restore. When you ran system restore it would restore the current infected system no matter which restore point you selected. The original restore points were removed by the virus and system restore became useless.

I would say that system restore would always be my first option.

Reply | Quote

So far I have been lucky (knock on wood) and not been hit with any of this scareware. But, I have had to fix several of my friends computers that managed to get infected with this malware. Only one computer recently was unsuccessful in repairing. I used Process Explorer to stop the process first, used CCleaner to get it out of startup and ran Malwarebyte’s Anti Malware in Safe Mode. Personally if it were my computer, I would be throwing the windows disk in and starting over, that’s just me because I am paranoid when it comes to malware. I would not use System Restore, because the malware may have written in there and would only come back to life. My one unsuccessful attempt to clear a computer was very puzzling. I had to walk a friend through it over the phone, therefore I was not visually seeing it, but he has a degree in computers and knowledgeable. The problem was, and I still can’t believe it happened, while in Safe Mode he claimed this malware called XP Defender, was still running! How in the world can it run in safe mode? Malwarebyte’s would not run, nothing else worked at all, just this junk. Again, I could not see it first hand because it was done over the phone. He put the disk in and started over, but the computer after reloading was still not working right. I had him run Darik’s nuke disk and nuke the whole thing, reload, and now everything is good. A certified computer tech bought a computer from me recently, he said they have had problems with malware not being gone after formatting, they have to nuke a disk then format and install windows. He also stated that they had to stop backing up people’s files to an external drive because their drive’s were infected and formatting did not remove the infections. They now back up to DVD’s or CD’s.

I have not tested this yet, but AVG came out with a Rescue CD for infected computers, works even if the computer will not boot. Check it out here: http://www.avg.com/us-en/avg-rescue-cd

And F-Secure also has a Rescue CD here: http://www.f-secure.com/en_EMEA/security/tools/rescue-cd/

I did not know about these rescue disks at the time of my friends infection. Hope this helps.

Reply | Quote

Total XP security is a nasty. I use “hijack this” and then run Glary Utilities after. The pair have worked every time. It might be best to have a computer savy friend use Hijackthis as it is a very powerful tool that can kill windows if you rtemove registry entries that are part of windows. Best of luck. Hope this works for you.

Reply | Quote

I ran into this on a customer’s machine last night. My policy is that I will not clean a machine that has been infected as I cannot guarantee that nothing is left of the infection. This means a total rebuild which on Windows XP including a repartition and format of the drive, installing and updating all programs and restoring data can take 4-8hrs depending on the machine.

This was the first win7 machine I had this happen on. When I sold this machine we setup a 500gb usb hardrive with it and setup windows backup to run nightly and store a system image on this drive. I created the recovery cd also the first time backup ran. This machine has been in use for about 4 months and the backups have been faithfully running nightly.

I pulled the usb drive from the machine and plugged it into my laptop and scanned it with Norton, it came up clean. I then booted the infected machine from the recovery cd and plugged the usb drive back in. Windows recognized the backups on the usb drive and I selected the one from the night before. I selected the options to repartition and reformat the machine’s hard drive and hit the “go” button. 36 minutes later I had a working machine that was in precisely the state it was at 11:00pm the night before.

Windows 7 backup rocks!!!!

Reply | Quote