Total Security
From Jonsdocswiki
This piece of malware runs on logon for the infected user and purports to have run a full scan of the user's system finding malware (or spyware) and viruses. Total Security will attempt to lure the user into purchasing this fake product.
To further try to convince the user Total Security is genuine, the user will be shown the Total Security Protection Centre which has been clearly modelled on the Windows XP Security Center.
Contents |
Symptoms
- After the user logs in the Total Security program runs (see screenshot top image, top right). The user may also be presented with the Total Security Protection Center (bottom image, top right).
- Users will also find the TS program group in their Windows Start Menu..
- In the Windows Task Manager, on the processes tab, the process name shown is TSC.exe
Files
Total Security installs itself in a directory (folder) called TS in Program Files (often found at c:\Program Files)
How it runs
A registry key found at HKey_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run causes the program to run on startup.
Removal
| Warning |
|
These instructions appear to work but the malware may have infected other parts of the system. Be sure to run a malware removal program (Ad-Aware, Microsoft Malicious Software Removal Tool) to confirm your system is clean.
|
- Delete the executables from C:\program files\TS .
- Delete the registry key in HKCU\Software\Microsoft\Windows\Current Version\Run that was causing the program to start (tsc.exe).
| Warning |
|
Do not simply remove all registry keys that contain the phrase tsc.exe - doing so will render remote desktop connections problematic (the remote desktop client is named mstsc.exe)
|
- Delete the Start Menu group TS
- Run anti-malware scans.
What doesn't work
If you attempt to remove this malware via Add/Remove Programs (or Programs and Features on Vista) you will only be offered the option of "registering" not of uninstallation.
