It seems to have installed itself somehow on my PC yesterday, despite Norton Internet Security, and I don't see it listed on the Norton/Symantec threat website.  I have found several sites on the Internet which claim to offer solutions, but I am suspicious that at least one of these sites is associated with the persons who originally created this annoying program.  This link is one such site, and shows what the program's popup screen looks like:

 http://remove-malware.net/how-to-remove-total-security-rogue-anti-spyware/

Any ideas how to get rid of this? 

Total Security is a clone of another fake Spyware remover called Antivirus 360. You can find it's information on the following Security Response Article:

http://www.symantec.com/norton/security_response/writeup.jsp?docid=2009-040811-0808-99&tabid=1

---

yogesh_mohan wrote:

Total Security is a clone of another fake Spyware remover called Antivirus 360. You can find it's information on the following Security Response Article:

http://www.symantec.com/norton/security_response/writeup.jsp?docid=2009-040811-0808-99&tabid=1

---

I would suggest following the Removal Instructions and then, once all of the Steps have been Completed, use Malwarebytes' Anti-Malware in the Administrator Account in Safe Mode, in Your Account in Safe, and then remain dis-connected upon Start-Up and do a Full Scan, of all Drivers, in Normal Mode.   I would suggest repeating this every week for the next few months to make sure all the Files are Removed, because Malwarebytes' Anti-Malware might not have all the Files when you do it, but, through Research, more Files could be Added to the Definitions' Database.

Please do not take any shortcuts with the Removal Instructions provided by me, Phil_D and yogesh_mohan as you have to make sure you get all the Files linked with this.

Phil, this appears to have worked; thanks.  Background:

1)  I had already tried to run a complete NAV virus scan from Safe Mode prior to posting, but it found nothing.  This was perhaps to be expected, since the #&%!! NAV program allowed "Total Security" to install in the first place. 

2)  Was running Windows XP, service pack 2, with all updates through last week (I have the exact SP2 version on my work PC, currently turned off, but since I have upgraded my home PC to SP3, the previous SP2 version information is no longer available on my home PC). 

3)  Was running Norton Internet Security 2006 (NAV version 12.8.0.4; NIS version 9.1.1.7), patched through 8/14 (assuming that "Total Security" wasn't interfering with the NIS popup display which gave me this information...). 

4)  "Total Security" interfered with practically every useful program on my PC, but I got around this by downloading, updating, and running the tools from Safe Mode.  When updating Malwarebytes in safe mode, I was apparently using Internet Explorer (which was corrupted by "Total Security"), but apparently running IE from safe mode made this corrupted version behave. 

5)  Malwarebytes detected 7 objects which it wanted to delete.  I let it delete them, ran it again with no new finds, and this seems to have killed/crippled "Total Security", such that it no longer seems to be present (at least the main executable doesn't seem to be running). 

6)  Yogesh, I also had previously read that "Total Security" was a "clone" of "Antivirus 360", but am not sure this is true.  The popup looked different, and I think the files were somewhat different as well.  Also, NAV wasn't able to detect "Total Security", so the procedure at the link given by you wouldn't have worked.  Unfortunately, Malwarebytes doesn't seem to save logs between sessions, so I don't have the exact file names which were removed (I can't see the Malwarebytes logs taken from Safe Mode when running Malwarebytes from normal mode). 

Hi hindsNOR,

I'm glad that things appear to have been cleared up.

Perhaps you could clarify the Norton Product you are using. Is it indeed NIS 2006?

If so, you should be eligible for a free update to the latest version of NIS 2009. This version is much lighter on system resources and utilizes more advanced detection features.

Let us know.

Yes; it is NIS 2006.  I had been avoiding the upgrade because the extra features appeared to make it more intrusive.  Perhaps I will reconsider. 

MH

Okay, let us know what you decide.

Here is the product page describing the benefits and system requirements.

If you choose to take advantage of the free update, just post back here and I or someone else will provide you the download link and installation instructions.

Best Wishes.

HindsNor,

if I may just have a quick say, the 2009 programs use much more advanced, effective and efficient detection methods, which, I believe, might very well have picked up the fake "total security" along with the several other 'threats' deteced by MBAM. The reason being is that as malware develops, so does preventative and removal software - thus the advancements. Unfortunately, such large changes in programming cannot be done through updates, which is why one would have to remove the 2006 version and replace it with the 2009. I can say from personal experience that it is a much more efficient, better program, that is infact LESS intrusive :-)

Also, I do not believe that the 2006 has any, or if it does, very advanced, behaviour-based detection (SONAR). as far as I know, that only really started in 2008. (or maybe even 07, my memory isn't that great ;-) )

I hope this helps

Regards,

Matt

---

mattsegers wrote:

HindsNor,

 

if I may just have a quick say, the 2009 programs use much more advanced, effective and efficient detection methods, which, I believe, might very well have picked up the fake "total security" along with the several other 'threats' deteced by MBAM. The reason being is that as malware develops, so does preventative and removal software - thus the advancements. Unfortunately, such large changes in programming cannot be done through updates, which is why one would have to remove the 2006 version and replace it with the 2009. I can say from personal experience that it is a much more efficient, better program, that is infact LESS intrusive :-)

 

Also, I do not believe that the 2006 has any, or if it does, very advanced, behaviour-based detection (SONAR). as far as I know, that only really started in 2008. (or maybe even 07, my memory isn't that great ;-) )

 

I hope this helps

 

Regards,

 

Matt

Message Edited by mattsegers on 08-15-2009 03:14 PM

---

This is all true.  It was Norton Internet Security 2008 that symantec first put in s.O.N.A.R., back then called "Crimeware Protection".

And it was in Norton Internet Security 2007 that symantec first put in Phishing Protection, which is now called "Anti-Phishing", which Detects Fake Web Sites and such.

These are two reasons why you should Upgrade to the Norton Internet Security 2009, along with all the improvements in Detection.

I recall being sent a NIS 2009 (?) free upgrade notification on a number of occasions. Anyone know if this is still an active offer, and what the link is?

MH

hindsNOR,

You are partly to blame for that Mis-Leading Application getting on your system for two reasons:

01. The Threat must be Manually installed on the computer by visiting a Fake Web Site.  Had you had N.I.S. 2009 on your computer, you would have been notified of this Fake Web Site and this whole problem could have been avoided.

02. For not Upgrading to the Latest N.I.S. Version.

If you do have any Files of this Threat, please do Send them to symantec Security Response, via this Web Link: https://submit.symantec.com/websubmit/retail.cgi.

And please be careful out there!

[Note: User hindsNOR Edited the whole Message 11 I was Replying to while I was typing this Message (above)]

http://www.symantec.com/home_homeoffice/support/special/upgrade2007/vista/select_product.jsp?site=nuc

Upgrading instructions for Norton 2006 Products and Later, and Norton 360 Version 01 and Newer:

01. Select your Product and Version, from the Web Link (above).

02. Save the Download on your Desktop.

04. Dis-connect from the Internet.

05. Go to Add/Remove.

06. Locate "Norton Internet Security (Symantec Corporation)" and click on "Remove".

07. Follow the instrctions and, when asked to, re-start your computer.

08. Locate to Add/Remove upon start-up.

09. Click on LiveUpdate and "Remove" and any other LiveUpdate.

10. If requested, re-start your computer.

11. Double-click on the Saved N.I.S./N.AV. File on your Desktop.

12. Follow the instructions.

13. Open Norton Internet Security or Norton AntiVirus and "Run [Norton] LiveUpdate" manually.

14. It is now Safe to Connect to the Internet again.

15. If you notice things not running right with N.I.S. 2009/N.AV. 2009, it may be a bug; please Post them here [in the Forum].

17. If you have problems un-installing/installing, then use the Norton Removal Tool.

Floating_Red,

I am ***certain*** I did not manually install anything on the day this occured.  I cannot prove this to you however. 

I am very close to being certain that I did not allow any ActiveX or Java applets to run.  I have the NIS firewall slider set on "high", and it prompts me when such entities want to run; I always say no.  I am very meticulous about this, although even the most careful sometimes make mistakes - hence the 1% chance of an error on this.

Because of the above, it may be the case that this is a ***new**** threat with an old name. 

Thanks for the other information.  I am seriously considering the NIS 2009 upgrade.

MH     :-)

Hi, hindsNOR,

Well, Mis-Leading Applcations do require User interaction, un-less you have a Threat on your computer which Downloads and Installs Mis-Leading Application, such as W32.Waledac does.

I would also Highly-Recommend letting the Firewall decide how it acts.  symantec's Smart Firewall for Norton Products is one of the best Firewalls out there, and rarely does it let a Threat through.

I would also Highly-Recommend N.I.S. 2009 as you will be more Protected, and have more Components to Protect you, as mentioned in this Thread. 

It will be Higly-Likely that your 2006 Products will be un-able to deal with Today's Threats as the Engines are not Advanced enough to cope with Today's Threats.

________________________________________

I should also mention that Norton 2010 Products will be Released very shortly, and you should consider waiting until these Norton 2010 Products are Released in September 2009; although, having mentioned that, I would still Upgrade to the 2009 Version just now to book your place for a free Upgrade to Norton 2010 Product upon Release.

Oh, and you're most welcome!  :)  Thank-you!

It seems to have installed itself somehow on my PC yesterday, despite Norton Internet Security, and I don't see it listed on the Norton/Symantec threat website.  I have found several sites on the Internet which claim to offer solutions, but I am suspicious that at least one of these sites is associated with the persons who originally created this annoying program.  This link is one such site, and shows what the program's popup screen looks like:

 http://remove-malware.net/how-to-remove-total-security-rogue-anti-spyware/

Any ideas how to get rid of this?