How do I get rid of ''Total Security'' ?

Somerset

I googled something, went into a wood flooring site that was one of the results and this 'Total Security' thing seemed to have installed itself on my computer. It's a virus protection program, told me I had loads of infected files and BUY it. Thing is I can't get rid of it ....... every few minutes it shimmies onto my screen asking if I want to buy ......... it's blocking web sites saying they are unsafe (even aol mail). I've gone to control panel, add/delete hardware and it's there, but when I tell the system to delete it can't, the program appears and says 'removal not allowed'. I'm going round in circles. Any suggestions ?

Btw I've already got anti-virus, and did a new scan and there's nothing amiss re infected files,trojans etc etc .... just this ***** Total Security.

Browntoa

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Browntoa

follow that with this

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Browntoa

if you get stuck then full instructions here

http://www.bleepingcomputer.com/virus-removal/remove-total-security

enigma52

how do you analyze combofix logs, no instructions anywhere on web seems to be some sort of "secret society, top secret" kind of thing. post your log on this site or that and wait for an "expert" to analyze for you. If like myself you would like to sort out your own problems, unfortunately you cannot with "combofix"

Browntoa

top bit is deletions , give you and idea of what was there

rest is running processes and whats been installed over the last 28 days (so you may spot the offender)

afraid its a case of getting used to reading them

Somerset

Browntoa and all

Many many thanks. I'm a bit of a numpty with all this stuff - started it last night & finished it this morning. I think I'm there and that it's been removed. The bleepingcomputer link was brilliant, printed it out and perfect step-by-step guide.

Just a thought, the Malwarebytes pointed out (for obvious reasons) that my existing protection allowed the Total Security to be installed. I'm currently using avast & sunbelt. Should I be using something else as well/instead ?

Edit : I just used the http://www.bleepingcomputer.com/viru...total-security link. I was going to use the second one suggested http://www.bleepingcomputer.com/comb...o-use-combofix but having looked at it, it looks a bit scary - should I go ahead and use it ?

Browntoa

combofix is worse than it looks but if you post the mawarebytes log I can see if its actually needed now

Somerset

Malwarebytes' Anti-Malware 1.41
Database version: 2825
Windows 5.1.2600 Service Pack 3
21/09/2009 09:54:43
mbam-log-2009-09-21 (09-54-43).txt
Scan type: Quick Scan
Objects scanned: 129451
Time elapsed: 30 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ijl11pro.DLL (Worm.Sohanad) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sound card driver (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)

The above was first 'go'. I still had Total Security, so did it again. Below is second 'go'.

Malwarebytes' Anti-Malware 1.41
Database version: 2825
Windows 5.1.2600 Service Pack 3
21/09/2009 10:24:12
mbam-log-2009-09-21 (10-24-12).txt
Scan type: Quick Scan
Objects scanned: 129352
Time elapsed: 22 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sound card driver (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

What do you think ?

Reggie_Rebel

See if you have a folder called TS in your program files.

If so delete it and then run Malware bytes again

Somerset

Reggie_Rebel wrote: »

See if you have a folder called TS in your program files.

If so delete it and then run Malware bytes again

No, I think I've got rid of everything :T