|
Post by Neko Bazu on Aug 22, 2009 20:22:42 GMT -1
My dad got this on his computer recently, so I figured I may as well make a permanent record of the fix while I can remember what I did - might be useful to someone, someday Initial ProblemFurther InfoTotal Security is a type of malware ('bad software') called Scareware. The idea is that the unsuspecting individual will click through to the website indicated, and send money to the programmers who created the malware. At the very least, you'll be left out of pocket if you do this; at worst, they'll have your bank details and won't even remove the software. It is worth noting that scareware is designed to do what the name suggests - scare people into handing money/details over. It is not, in and of itself, a malicious piece of software - it won't delete files, log details, sell your passwords or anything of the like. If you get it, don't panic - despite the threat it makes, you're not in danger. I'm supplying this fix because, despite the above assurances, Total Security is a particularly stubborn piece of scareware. For a start, it will prevent anything security-related from running on your machine. Your anti-virus software won't run; whenever it tries, it'll get blocked and the above pop-up (or some variant) will appear. Security/anti-virus database websites will be blocked in Internet Explorer (though some versions of Firefox, Opera etc will be unaffected). Independent anti-malware packages such as Malwarebytes or SuperAntiSpyware will get blocked. Task Manager (the window you get when you press Ctrl+Alt+Del) will be blocked. Add/Remove Hardware will be blocked. Get the idea? Further to the above, Total Security will also display a window suggesting your machine isn't fully protected, such as the image below. This is more of its scareware approach: Worry not, though. Help is at hand!
|
|
|
Post by Neko Bazu on Aug 22, 2009 20:22:57 GMT -1
The FixThe first thing we have to do is to close the Total Security program. While it's running, it'll block all the programs listed above, and it can't be deleted while it's open anyway. Normally, we'd use Task Manager, but as said above, it gets blocked. Instead, we're going to use a piece of software called Process Explorer, which can be found here. - Click the link, and when prompted, save the file to your desktop. - Once it's downloaded, we need to rename the file - this is to trick Total Security into thinking it's not security-related software. Rename the file procexp to iexplore (or iexplore.exe if the original filename has .exe after it) - you can do this by right-clicking on the file and selecting 'rename'. - After this is done, double-click on the file to launch it (saying 'Yes/I Agree' to their terms of use screen). Once the program is running, you should be presented with a screen similar to the one below: - Scroll through the list of programs until you come across one called tsc.exe. If this isn't available, there may be one with a long string of apparently random numbers and letters, which is likely to be the problem instead. Note how, in the above picture, tsc.exe has nothing in the 'description' or 'company name' columns - that's a hint too. - Select tsc.exe (or whatever it's called itself) and then click the red X on the toolbar at the top of the window to kill the process. When prompted, select 'Yes' to kill it. After this, you'll need the anti-virus program MalwareBytes' Anti-Malware (MBAM) - this is the most effective at removing Total Security, and it can be downloaded here. Again, click the link, then save the file to your desktop. - Once you've downloaded mbam-setup.exe, close all other programs (including IE/Firefox/whatever you're viewing this in) and double-click it to run it. If you're not confident about doing the following on your own, take this opportunity to write down/print out the remaining instructions. - When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings, and when the program has finished installing, make sure you leave both the "Update Malwarebytes' Anti-Malware" and "Launch Malwarebytes' Anti-Malware" checked. Then click on the Finish button. - MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program. - Select the 'Scanner' tab, select the 'Perform full scan' option, and then click Scan. This will take about an hour, but it'll be well worth it - you might be surprised at how much stuff it'll dig out! - Once the scan is completed, MBAM will display a pop-up telling you it is done - select 'OK'. After this, it will display a screen showing all the viruses it found - click 'remove selected' to remove all malware from your machine. MBAM may need you to reboot the computer; if it asks you to, do so, as it will be necessary to remove certain malware. All things going to plan, you will now have a system that is totally free of Total Security's presence
|
|
|
Post by Neko Bazu on Aug 22, 2009 20:26:05 GMT -1
Incidentally, MBAM is a useful piece of kit to have anyway, and is well worth installing and running once a week/fortnight/month just to keep your machine tidy. The pro version of MBAM is the one many PC stores will use to remove malware from your system if you take it in to them, so you can rest assured it's a good bit of kit
|
|
|
Post by CHOPPER READ on Aug 22, 2009 20:28:22 GMT -1
Prevention is better than cure.
Tell him to stop viewing porn.
|
|
|
Post by Neko Bazu on Aug 22, 2009 20:32:02 GMT -1
I did contemplate that, but in all fairness, the viruses that come with porn are usually a lot worse than the above!
My suspicion is that my not-so-techy-literate brother, who lives with Dad, may have fallen for a pop-up/internet banner...
|
|
|
Post by officergroyman on Aug 23, 2009 7:24:00 GMT -1
|
|
gt
Non League Player (someone crap, like Boston)
Posts: 51
|
Post by gt on Aug 28, 2009 16:43:16 GMT -1
I'm glad that's fixed
|
|
|
Post by El Morto La Hoja! on Aug 28, 2009 17:36:31 GMT -1
i need my fix
|
|
|
Post by officergroyman on Sept 13, 2009 2:30:26 GMT -1
i need my fix did you just say you wanted Deez' Nutz ;D
|
|
|
Post by ovechkin8 on Sept 23, 2009 16:01:14 GMT -1
Excellent work around neko not that I needed it . You should work for a software magazine.
|
|
|
Post by Neko Bazu on Sept 23, 2009 16:45:48 GMT -1
Am starting a Computer Science degree in a couple of weeks; once that's done, I'm probably well set for a lot of stuff I'm thinking a good bet would be to open my own repair shop - I could run an online 'bible' of sorts for each repair through this website! ;D
|
|
|
Post by ovechkin8 on Sept 24, 2009 17:13:12 GMT -1
Am starting a Computer Science degree in a couple of weeks; once that's done, I'm probably well set for a lot of stuff I'm thinking a good bet would be to open my own repair shop - I could run an online 'bible' of sorts for each repair through this website! ;D Good luck with that. Didn't know that Luton had entered the Age of the Computer though. Question: Is my nVIDIA 9800GT GPU running too hot at 66 celsius under full load ? Should I need to add another intake fan ? etc etc etc
|
|
|
Post by Neko Bazu on Sept 24, 2009 18:43:43 GMT -1
According to the product spec, the 9800GT can run at up to 105°C, so at 66 you really shouldn't have too much of a problem on that component, at least. It does make me wonder what your CPU etc are running at though! Doesn't look like you need another fan, but my personal opinion in that general field is that it never hurts to have one more, just to be safe
|
|
|
Post by Neko Bazu on Oct 9, 2009 15:02:24 GMT -1
My dad got this on his computer recently, so I figured I may as well make a permanent record of the fix while I can remember what I did - might be useful to someone, someday So, my younger sister - who lives with my dad - came and visited at the weekend. Guess what ended up on the PC? Not that I'm suggesting there's a connection between the events or anything, mind... But I'm glad I documented this now! ;D
|
|
keanosbeard
Non League Player (someone crap, like Boston)
Posts: 63
|
Post by keanosbeard on Oct 9, 2009 18:50:22 GMT -1
Ah, very good, but friend Neko, what do you know about that superior piece of kit known as Apple Mac, the iMac in particular.
That's is what I operate, far superior to any PC, methinks!
|
|
|
Post by Neko Bazu on Oct 9, 2009 19:15:31 GMT -1
Not an Apple fan, myself I realise it has its benefits, but then every OS does. Not a Windows fanboy by any stretch either, mind. I'm looking to buy a netbook for uni, and to have a Linux OS on that - that's the way forward, IMO.
|
|
|
Post by ogsdog on Oct 16, 2009 15:10:16 GMT -1
Not an Apple fan, myself I realise it has its benefits, but then every OS does. Not a Windows fanboy by any stretch either, mind. I'm looking to buy a netbook for uni, and to have a Linux OS on that - that's the way forward, IMO. LOL !!!! ;D ;D
|
|
|
Post by Neko Bazu on Oct 16, 2009 15:56:39 GMT -1
Not an Apple fan, myself I realise it has its benefits, but then every OS does. Not a Windows fanboy by any stretch either, mind. I'm looking to buy a netbook for uni, and to have a Linux OS on that - that's the way forward, IMO. LOL !!!! ;D ;D Care to explain that?
|
|
|
Post by ogsdog on Oct 16, 2009 16:18:31 GMT -1
Care to explain that? Linus Torvalds Linux will only become the OS going forward "if" Bill Gates allows it....... he rules the world, or haven't you heard. ;D
|
|
|
Post by Neko Bazu on Oct 16, 2009 16:53:04 GMT -1
Pfft - Mr Gates hasn't been able to stop it so far Ubuntu alone is the fastest-growing OS in the world, and has 13m users. Open-source OS account for about 10% of the world's PC userbase, IIRC, and big organisations are starting to realise the benefits too - you might have heard of the Large Hadron Collider and the US National Nuclear Security Administration, for instance? Linux users ;D (That said, I wouldn't feel comfortable if one of the world's biggest nuclear powers was using Windows to run its arsenal! )
|
|