total security

Total Security is a rogue computer security application and a mimic of previously released Antivirus 360. This program is usually dropped on computers via another malware or manually downloaded by visiting a website that promotes the product. Total Security will perform system scanning and will generate false results intended to mislead victims and asked them to purchase the registered version of the software before any virus removal is process.
Type Rogue
Sub-Type FakeAV
Aliases
OS Affected Windows
Detected By SuperAntiSpyware


What Total Security Does?
A GUI window will launched and perform security scan on computer.



It will modify Windows Registry and add the following entries:

◦HKEY_CURRENT_USER\Software\1FD92E3F7C34799BFB075C41DA05D1FE
◦HKEY_CLASSES_ROOT\CLSID\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
◦HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
◦HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “1FD92E3F7C34799BFB075C41DA05D1FE”
◦HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
◦HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″
The threat will drop the following malicious files and folders:

◦c:\Program Files\TSC
◦%UserProfile%\Start Menu\TSC
◦c:\Program Files\Common Files\System\Uninstall
◦winsource.dll
◦tsc.exe
◦Sc2C21UvvM.exe
◦winsource.dll
◦TSC.lnk
◦Help.lnk
◦Registration.lnk
◦Uninstall TSC.lnk

How to Remove Total Security Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.


Automatic Removal of Total Security
1. All running application may need to be close prior to running these procedure. You may want to Print this instructions as your reference later.
2. Download SuperAntiSpyware and save it to your Desktop.
3. Close all running programs.
4. Double-Click on the downloaded SuperAntiSpyware application to start the installation.

Note:Some malware on the system may prevent execution of SuperAntiSpyware. In this case you have to rename the file to something as long as it still has .exe extention (ex: myfile.exe)

5. Install SAS using the default settings. Just click Accept or Next after each window.
6. It will prompt you for an Update, please click Yes

7. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

8. Double-click on the SAS icon to begin scanning your computer.
9. Click on the Preferences button.
10. Click Scanning Control tab
11. Under Scanner Options make sure the following are marked checked:
- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quarantining
- Please leave the others unchecked.
- Click the Close button to leave the control center screen.

12. Close the Preferences and proceed to main window
13. Click Scan your Computer.
14. On the left pane, select which drive to scan, we suggest to select all drives including USB devices, but NOT CD/DVD drives
15. On the right pane, please select Perform Complete Scan
16. Click Next to start the scan
17. A Summary window will appear after the scan. Click OK
18. Make sure that you have marked checked all the detected Total Security files, click Next
19. It will quarantine all detected threats and prompts for reboot, click Yes
20. To protect your computer from threats such as Total Security, we suggest you to install a full version of SuperAntiSpyware.

source : http://www.im-infected.com/rogue/total-security.html