Home Malware Programs Rogue Anti-Spyware Programs Total Protect

Total Protect

Posted: July 21, 2011

ScreenshotTotal Protect is a rogue anti-spyware program that pretends to detect spyware and other infections on your PC as a cover for asking for your money. Since Total Protect's threat alerts aren't real, purchasing Total Protect's anti-spyware features is a self-destructive action that places your credit card and money in criminal hands. Total Protect is confirmed to launch itself without permission and may also attack your computer with browser hijacks or by blacklisting security software. You should consider Total Protect to be no better than a common virus and remove Total Protect with a good threat-removal program.

Total Protect - More of a Total Clone Than a Protector

Total Protect is from the same family of rogue applications as Total Protect 2009, Total Defender, Total Defender 2009, Total Secure and Total Secure 2009. Even though Total Protect pretends to be a completely independent software product, our SpywareRemove.com research team has found that all of Total Protect's functions and the majority of Total Protect's appearance are recycled from these older rogue programs.

Total Protect is also unlike real anti-spyware programs because of how Total Protect installs itself on your computer, typically with the help of a Trojan such as Zlob or Fake Microsoft Security Essentials Alert. These Trojans have been known to hide in the form of fake codec downloads and other false media updates, but can also infect your computer by exploiting Java or Flash-based drive-by-download scripts.

Once you do see Total Protect on your computer, you'll notice that Total Protect betrays its own raison d'ĂȘtre by only finding fake infections that aren't picked up by other types of anti-spyware or security products. Rather than spending any effort on trying to analyze your computer or cure infections, Total Protect goes straight to fake alerts without any extra steps beforehand, and then requests that you spend money to cure these infections.

Naturally, buying a fake anti-spyware program to fix fake anti-spyware infections isn't recommended by our malware analysts since such a mistake actually makes your credit card vulnerable to fraudulent charges. If you've used your credit on a Total Protect website or any affiliated site, don't waste any time before you cancel it.

Digging Down into the Bottom of Total Protect's Bag of Tricks

Our malware experts have determined that the Total Protect scheme to confuse you about your computer's health can also attack with other methods besides fake infection warnings. Some primary Total Protect attacks may include:

  • Using information that's embedded into the main Total Protect window that states that your PC is unprotected or flawed in security in some way.
  • Using fake system scans with unpleasant results that can't be corroborated by any independent and high-quality anti-virus program.
  • Blocking actual security programs that could detect or delete Total Protect. Total Protect may also create infection warnings, but you should disregard these just as you'd disregard all of Total Protect's other misdirection tactics.
  • Redirecting your web browser to Total Protect's website or away from websites that provide malware solutions. Total Protect's browser hijacks may take the form of changed homepage settings, redirecting you from search engines or creating fake error screens about unsafe websites.

Our SpywareRemove.com research team has found that Total Protect, like most rogue programs, will launch itself automatically when you start Windows. Safe Mode or, in the worst cases, booting from a thumb drive or CD will let you stop Total Protect from launching, so that you can use appropriate security software to remove Total Protect and any Trojans that may have installed Total Protect.


ScreenshotScreenshotScreenshotScreenshot

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\(RANDOM CHARACTERS).exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:8992'HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USER\Software(RANDOM CHARACTERS)

Related Posts

Loading...