Total Security 2009 also know as Total Security is a rogue antispyware program, new version of System Security scareware. This fake antispyware software uses fake security alerts, false positives, prevent execution of any programs in order to trick you into buying the software. Total Security 2009 is distributed through the use fake online malware scanners that tells you that your PC infected with a lot of infections and that you must install the program to clean your computer. Once installed, the program configures itself to run automatically every time, when you start your computer. Once running, Total Security 2009 starts scanning the computer and found a lot of trojans and spyware, but all these infections do not exist on your PC, so you can safely ignore them.
Total Security 2009 blocks the ability to run any programs, including Malwarebytes Anti-Malware. The following warning will be shown when you try to run any program:
WARNING!
Application cannot be executed. The file mbam.exe is
infected.
Please activate your antivirus software.
While Total Security is running your computer will show false security alerts and nag screens:
Total Security Warning
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with Total Security
Total Security
WARNING 38 infections found!!!
Ignore all fake security alerts and use the following Total Security removal instructions below in order to remove this infection and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [10530004] C:\Documents and Settings\All Users\Application Data\10530004\10530004.exe
Use the following instructions to remove Total Security (Uninstall instructions)
Download HijackThis from here, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.
Doubleclick on the explorer.exe icon on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
O4 – HKLM\..\Run: [10530004] C:\Documents and Settings\All Users\Application Data\10530004\10530004.exe
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Total Security infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Total Security removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Total Security 2009 creates the following files and folders
%UserProfile%\Start Menu\Programs\Total Security
C:\Documents and Settings\All Users\Application Data\10530004
%UserProfile%\Start Menu\Programs\Total Security\Total Security 2009.lnk
C:\Documents and Settings\All Users\Application Data\10530004\10530004
C:\Documents and Settings\All Users\Application Data\10530004\10530004.exe
C:\Documents and Settings\All Users\Application Data\10530004\pc10530004ins
%UserProfile%\Desktop\Total Security 2009.lnk
Total Security 2009 creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\systemsecurity2009
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\10530004
Rebooting in safe mode does not still doesn’t let me use the internet. I downloaded hijackthis on a thumb drive and opened it on the infected computer and it scanned for about 5 seconds, but then it closes completely. I don’t even have time to check any lines. Is this supposed to happen?
Ageel Shatry,looks like your computer also infected with a trojan that reinstalls the rogue. Ask for help at our Spyware removal forum.
Duckie, you have renamed HijackThis.exe to explorer.exe before running?
FYI to all. I believe that a lot of the confusion here is that there are multiple versions of this TS program out there, but in appearance they are very similar. Over the past few weeks, I have had the opportunity (unfortunately) to deal with 3 different versions. The first 2 versions are very similar and the recommendations here can truly help to resolve the issues. The primary difference between the first 2 is the Task Manager files being used differ between tsc.exe and a random string of numbers followed by .exe.
The newest version is extremely difficult to get rid of. I have been trying for a full day now and have not yet succeeded.
Renaming a file to iexplorer, or explorer does not work with the new version. The program renamed may run one time for a few seconds, then will shut down before enough time is needed to run any antivirus software mentioned above. It does not matter whether you are in SAFE MODE or not. Often, after running the program once, and the virus shutting it down (regardless of the name), the program will produce an error when trying to re-open it. The error is a statement that the drive, folder, or file is not accessible and may be due to insufficient user privileges.
The error is received regardless of the file location (c Drive, Desktop, etc…).
Also, this new version is affecting my computer IN SAFE MODE, as well as in standard. Including pop-ups, etc. And yes, I am very familiar with Safe Mode.
And is you do figure out a way to get the software running (I did get lucky once, but not sure how) the virus reinstalls itself after rebooting.
Complete manual instructions will likely be needed for this new version…
Probably the computer also infected with a trojan (braviax) that replaced ntfs.sys file. Ask for help at our Spyware removal forum. Also you can try to restore it (ntfs.sys) using Windows Recovery console.
Thanks!!! It really works!
I can’t get passed running the exporer.exe Total Security won’t let the next step pop up… help mee plzzz
Gorkem, try rename HijackThis.exe to iexplorer.exe. If it does not help you, then ask for help at our Spyware removal forum.
thanks a lot!
I think i successfully removed total security with this great guide, but i can still not use internet or the task manager.
What should I do?
Hey, I got this virus about three days ago and searched everywhere for a fix – heaps of sites selling stuff to fix it and many were in fact false. This site was the best and so easy to follow – thanks to the people who put this on – really appreaciated it – and I am no whiz on a computer. Fully recommend this guide for removal of TotalSecurity2009 – it really works!
Your program worked great! Thank you!!!! I will be purchasing your product when I have some change to throw your way, unless I can find a way to donate.
Thanks a lot!!
the guide is very clear and the pics really helps me a lot(as i’m not familiar with any software and setup steps).
Before I follow the instructions mentioned here,
,i did try lots of solution guides from the internet.Those solutons,however,did not work. And it just waste my time!
Finally , god bless me,,i find out this program and delete the #$%^&Total security!It saves me!!
=]
These instructions are great but please update them to include how to find and strangle the people responsible for Total Security
perfect, thank you, no more Total Security, the only thing appears on the add/remove programs menu no matter what.
Alucero, see Microsoft instructions to remove that item from the menu.
http://support.microsoft.com/kb/314481
ik heb t programma gedownload hihgjackthis om totale veiligheid te Kunnen uninstallen maar vind de lijn 04-hklm/../run: [105300004 ]…… niet.wat moet ik doen?? helpen!
I can’t understand the portion of the instruction “Look for lines that look like:
O4 – HKLM\..\Run: [10530004] C:\Documents and Settings\All Users\Application Data\10530004\10530004.exe
What precisely am I looking for? My machine is infected, but the scan revealed no lines that look like above.
Thanks. Second time I’ve tried to comment since I cant apparently copy the characters correctly.
Thank you! This worked perfectly for me! Now how can I prevent this from happening in the future? It seemed to happen after installing Spybot Search and Destroy and using the immunize feature.
Barbara, ask for help in our Spyware removal forum.
thank u. thank u.. thank u…
what happens to the explorer.exe file? I removed total security with no problem (thanks to these great instructions) but now I have a error message at shutdown related to explorer.exe and I am wondering if it is the masked hijackthis.exe causing me grief now. It is no longer on desktop and does not appear when I do a search either.
noazmom, make a new topic in our Spyware removal forum.
I managed to find total security files and deleted them but I am left with the personal security which I cannot remove from control panel and keeps popping up and shutting down my computer. How do I get rid of this please
Brid, follow the personal security removal instructions.