Home Malware Programs Rogue Anti-Spyware Programs Total XP Security

Total XP Security

Posted: March 16, 2010

Total XP Security is just a new chip off of a very old block in terms of rogue security programs – Total XP Security is no more than a slight name and appearance tweak on a fluid and prolific malware threat. All of Total XP Security's underhanded tactics – fake infection warnings, crashing security programs, fake system scans and browsers hijacks – are uncreative but nonetheless, very serious threats to your computer's security. You should avoid purchasing Total XP Security; instead, try to delete Total XP Security by preventing its automatic launch and then running a real scan of your own that will detect and remove Total XP Security from your PC.

A Hideous Rainbow of Names and Attacks for a Single Rogue PC Threat

Total XP Security is part of a larger gang of threats that share almost all of the same characteristics but cover those traits up under varying names to evade easy detection. Some close relatives of Total XP Security include Total Win 7 XP Security, Live Security Platinum, Vista Antispyware 2011, Vista Home Security 2011 and Win 7 Vista Home Security. As you might have guessed, Total XP Security and rogue security programs related to Total XP Security will change their names so that their name fits well with your operating system, as well as semi-randomizing other parts, such as leaving on or taking off the '2011.'

Major attacks by Total XP Security may go undetected if you're paying more attention to its external and wholly fake security features, but you should be paying more attention to problems like these:

  • Your web browser can be hijacked to redirect your search results, change your homepage or create fake errors and advertisements to restrict website access. Be particularly suspicious if you see an error like this one for a website that you know is safe:

    Internet Explorer alert. Visiting this site may pose a security threat to your system!
    Possible reasons include:
    - Dangerous code found in this site's pages which installed unwanted software into your system.
    - Suspicious and potentially unsafe network activity detected.
    - Spyware infections in your system
    - Complaints from other users about this site.
    - Port and system scans performed by the site being visited.

    Things you can do:
    - Get a copy of Total XP Security to safeguard your PC while surfing the web (RECOMMENDED)
    - Run a spyware, virus and malware scan
    - Continue surfing without any security measures (DANGEROUS)

  • Total XP Security will scatter its components all over sensitive areas of your computer. Your Windows Registry will have startup entries and other components of Total XP Security placed into it while even the OS system folder may have files hidden inside under randomized names. You may not be able to see the latter unless you've changed your preferences to view System and Hidden files.
  • Applications may not work right while Total XP Security is active. Particularly in the case of anti-virus and security programs like Task Manager, Total XP Security will do its best to crash any process that could be a threat to its existence on your PC.

Wading Through Total XP Security's Scam to Get to the Bottom of It

Defeating Total XP Security will require a certain amount of patience, since Total XP Security will inundate you with fake alerts and warnings like the ones below while you try to work:

"Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue security software. Eliminate the infection safely, perform a security scan and deletion now."

"Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair."

"Total XP Security Firewall Alert!
Total XP Security has blocked a program from accessing the Internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords."

"Windows Security Center
Total XP Security reports that it is currently turned off. A firewall helps to protect your computer from potentially harmful content on the Internet. Click Recommendations to learn how to fix this problem."

"System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan."

"System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here."

"Security breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan."

These warnings are all frivolous and worthless for determining the real security of your computer, and so you shouldn't give any credibility to further communications from Total XP Security. Instead, reboot your computer into Safe Mode or another sterile environment that stops needless processes from automatically launching. This stops Total XP Security from attacking your use of applications.

Once you've solved that problem, find and use appropriate anti-malware software to scan for and delete Total XP Security and its many and varied pieces. You shouldn't stop the scan until your entire system has been cleansed, since Total XP Security is likely to come with Trojans and other related infections. If your scanner has trouble detecting Total XP Security, you may need a threat definition update.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Application Data\av.exe
    2 %Documents and Settings%\[UserName]\Application Data\WRblt8464P

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe /START "iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1" %*

17 Comments

  • Jerry says:

    I hope this works...

  • Chris says:

    This solution removed the malware but created a bigger problem. Now I cannot run any .exe programs. I have Microsoft XP Home Edition and I followed the instructions to the letter. When I was done, I closed the registry editor but then couldn't open any programs. When I try, a dialog box appears that says that Windows cannot open the file because it doesn't know what program was used to create it.

  • Alicia Olivieri says:

    i want the Total XP Security removed...ASAP ... April 29 2010 .Thank you A Olivieri

  • ghostrider01 says:

    Has it worked for you?

  • jim says:

    it would be nice to find the person who put this on my pc

  • Steph says:

    This is the solution and fixed all my problems with Total XP Security. Somehow it appeared on my computer..I only used step two and deleted all necessary registries..It is easy..Go to Start..Run..type "regedit" and follow all steps before you delete..It really works..Thanks

  • mrham100 says:

    thank you - I've been working on this for 2 days

  • Al says:

    Dear Chris:

    The reason why you cannot open any files is because the registry keys you deleted had also been used to support other files. You will have to reinstall the files that won\\\'t run or reinstall xp home operating system.

  • Alex Green says:

    luckily after an hour of opening it i managed to open Kaspersky internet security and it disinfected my whole computer.. thank [REMOVED WORD]

  • Mike says:

    The best way around this is to create a new user account, then delete the old account.

  • Drew says:

    What do I do if it will not let me run regedit?

  • Brad says:

    Okay, just cleaned this off kid's XP machine and, based on this forum, there is a variant to contend with that contradicts a few tips here (No offense intended, it looks like a new variant was just released based on last few posts)....

    Will address each issue by contributors' names

    Please note, had older version of Malwarebytes already installed, but database would not update...

    "Al Says"

    To "slow this trojan down" search for afo.exe in safe mode (DO NOT START A BROWSER SESSION!!) and delete 2 files (Both will state "afo" One will be a pf (Prefetch file), cannot recall what other is.... This is the point where you will lose file associations "temporarily". Reboot in safe mode with networking and try to update Malwarebytes; it should update. Run a full scan of Malwarebytes (If file association comes up, point to mbam.exe in the malwarebytes folder and hit "enter") and reboot.... File associations should return

    Mike:

    This variant will shut down the admin account as well, creating new account is just a temporary band-aid till someone accidently triggers =(

    Drew:

    Regedit should work from here on.....

    Please also note: I did not have to manually remove any reference to "av.exe" but did have to remove the afo files

    Hope this helps! =)

  • Violet says:

    Can someone please help me get rid of the Total XP using the step by step for dummies instructions?

  • Jonathan says:

    This is what I tried:
    - Dowload the recommended antispyware cleaners. Failed due to inability to access the internet (dont have other web browsers installed and didnt know how to get them with a near unresponsive PC).
    - Download the antispyware program on another PC and then copy it over. Failed due the afforementioned unresponsive PC not letting me open any programs such as a recently copied antispyware program.
    - Delete process through task manager. Failed due to not being able to find any of the processes that are listed( there were a few ones that looked slightly dodgy, however there were none that were listed as they are listed on the database).
    - Manually delete harmful registrys. Failed because no matter what I tried, regedit etc., I couldnt get to the registry editor to open.
    - Typed in the registration code in the Total security program in order for it step down its attacks on my PC. Failed because the program (fake) did not cease its grip on my antivirus software.
    - Logged in in a different account..... SUCCESS. The virus is apparently nonexistent in other accounts.

    Thankyou Mike!!!!!

  • Aj says:

    ok making a new account is deffinately the best way to go

  • David says:

    So, where do we find the people responsible for this, I mean an address or a way of talking to them in the real world to see if they are still gutsy enough to mess with people when they are not hiding behind a computer?

  • will says:

    I read and followed the instructions, but had to modify themslightly as the verion I had was now using the name "ICU.exe"

    If you load Task Manager, you can kill processes, then as I did find the offending file using the search facility in explorer (MyComputer)

    Onvce you've found it change the filename to .BAK (add this to the file name to change its effect, then follow instructions as for AV.exe (once you've re-booted get some decent Antivirus software... I'm sick of my wife visiting sites that are riddled with these virus programs. I seem to spend innordinate amounts of my precious time getting rid of them.

    W.

Loading...