Recently, I wrote an article on how to recognize and avoid Rogue software.
What the article did not cover, however, is how to remove a program should you accidentally get infected. Because there is a new and particularly nasty program infecting computers out there, this article explains how to remove Malware in general, and specifically, how to remove “Total Security 2009”.
The latest version of “Total Security 2009” can be classified as “Ransomware”. Earlier versions just indicated that your computer was infected and you should purchase the program to eliminate infections that were not really present. If you are unlucky enough to run across the new version, it will disable your PC until you activate it by purchasing a serial number from them.
The only program that is left functioning is a Web browser so that you can send them payment.
Figure 1: Example of the opening screen of “Total Security 2009”
The program disables your computer by popping up fake warnings that claim any file the user opens is infected and the only screen displayed says you must send payment.
Figure 2: Example of an infected file warning.
Users who choose to pay the ransom (as I write this the cost is $79.95) receive a serial number that releases all files and executables. The computer will appear to function normally, however the fake software will remain on their systems.
There are several ways to remove this threat and other malware.
A: Restore your computer to a prior state using “System Restore”
Here is a link to a WorldStart article that has System restore instructions for Windows XP
Please Note: Some malware erases restore points so this method may not be available.
B: Register the “Total Security 2009” software by submitting a serial number and then run an up to date anti-malware program to remove the Ransomware.
Fortunately, PandaLabs has a list of serial numbers on their Web Site that can be used to release your computer. The serial numbers and a video showing what happens on the screen of an infected computer are located here. The scammers frequently change how their programs work so the listed serial numbers may not work for long.
C: Start your computer in “Safe Mode” and then run an up to date anti-malware program.
To get to Safe mode, press the F8 key when Windows starts to boot. You have to do this Before you see the first “Windows” screen.