Total security VIRUS... cant do ANYTHING

Solved/Closed
jazz00 Posts 1 Registration date Friday August 14, 2009 Status Member Last seen August 14, 2009 - Aug 14, 2009 at 09:15 PM
 Xaeox - May 20, 2013 at 07:51 PM
Hello,
having a problem with a friends computer.. got total security virus and now cant do anything.. downloaded malwarebytes at an earlier date re named and installed it won run.. cant run task manager get a msg saying "task manager has been disabled by your administrator" , cant run regedit, cant do system restore cant start in safe mode cant copy files to cd to back up cant connect to internet.... HELP PLZZZZ
Related:

30 responses

I just recovered from this thing myself. While you can't run any programs, you CAN run windows explorer. (not internet explorer, but the file explorer). Using this, I searched for all exe programs created on today's date - this lead me to the following folder:

c:/documents and settings/all users/application data/10176254

which is where the offending exe file lived. I couldn't delete the exe program, because it was already running, but I was able to rename the folder. Then I rebooted, and apparently the bad startup item couldn't find the exe file anymore, and I was able to run Windows system restore.

Everything appears to be ok now.

Hope this helps,
Varjibedian
67
Thank you so much for putting your answer up here, it was the only one that worked for me, everything else I couldn't do...task manager, safe mode boot, loading anti-virus! A BIG THANK YOU.
0
It worked :-) :-) :-)
0
Eric stacy > Guzzi
Sep 23, 2009 at 09:36 PM
I am glad it worked for you.
Post an add on comment to this string so everyone can use this fix.
It was relatively easy to follow too.
Glad for you.

Eric Stacy
0
Excellent post. I've been fighting this virus for 3 days and I tihnk I'm finally out of the woods.

Another tip. For those of you who can boot into safe mode, do so and then follow the instructions above. Once you've renamed the folder, run a malware bytes scan. This should delete the registry entries that the virus creates. There will be one file it can't delete though. Look for it in the log, the one for me was c:\windows\system32\randomname.dll - once you've located this, rename it. You won't be able to delete it.

Now reboot. The system won't find the dll or folder where the virus resides. Go delete the renamed folder in the application data folder and the renamed dll in the system32 folder. Run another full system scan and you should be fine.

This may help people like me who don't have a system reset point that's recent.

Good luck!
0
LARGE~ SMILE~ Working on system again. What a PITA this one was... For those that cannot see the applications dir goto your tools and change to view hidden files,

Thaks Mate~
0
Hi guys,

Contracted this bugger earlier today and have now arrived at a SOLUTION which may be of interest to other flagging users in future.

If your problem is NO TASK MANAGER, NO FOLDERS FOLDER, NO MALWAREBYTES ACCESS, NO REGISTRY ACCESS....you have the same issue as I once had.

Solution: (surprisingly the key is blindingly obvious)

1. Firstly, whilst searching for a solution I tried many of the above suggestions and concluded with no success. However during this time I did clear my bin out, search for recently created files via explorer and deleted a few, but nothing changed in order for me to access the tools mentioned above. Thus I feel this stage can be skipped.

The answer. Simply right click malware bytes and run as administrator. Or at a letter to mbam.exe and run as administrator.
This program will freeze towards the end however so wait until around 10 viruses are detected then abort scan. delete viruses. In doing so Malware will re-enable regedit. Now go to regedit....find [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"and turn the 1 into a 0.

Task manager is open!

Keep deleting the pop up virus program in TM (comes in various aliases, in my instance 'ave.com') whilst running malware bytes in full. If the registry locks again abort the scans early until you have completed the removal.

I use a 'file association fixes' website to alter my registry during the last process which resets the registry to its true values, for eg .reg, .avi, .exe. A simple google search should find these.

I hope I have been helpful. Would love to hear some feedback.

All the best and good luck

Haich
34
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Apr 2, 2010 at 05:01 AM
Hello Haich,

I'm impressed! You sound like a pro in cyber gymnastics.

Thank you very much for your contribution.
0
I had the same problem and used windows defender when my F-secure antiviurs software failed to detect the total xp security virus

give window defender a try and hope this works for all
0
I just got rid of this thing myself. Restarted in SAFE MODE WITH NETWORKING option. Another optin then comes up, "DO YOU WANT TO CONTINUE IN SAFE MODE OR RESTORE TO A PREVIOUS POINT". Just chose to restore to 2 days ago and voile, everthing back to normal and perfect.
14
OMG!! IF YOU ARE A MAN I AM GOING TO FIND YOU AND GIVE YOU A HUGH KISS AND BUY YOU A BEER. IF YOUR A FEMALE I'LL JUST BUY YOU A BEER. THANK YOU SOOOO MUCH THIS WAS SO EASY, FAST AND IT WORKED. THANK YOU!!
0
ditto that!! thank you!
0
Hi people im 12 year old and I just found out how to take off Total Security Off ur computer k........
1.go to my documents
2.go to LOCAL DISK (C:)
3.Open WINDOWS folder
4.Open System32
5.Find TskMgr ( taskmanager)
6.Change its name from Tskmgr to iexplore
7.Open Total Security Program
8.Open iexplore(taskmanager) and right click on Total Security and you'll find (Go To Procces)
9.u find the name of the program (18332654.exe)
10.get a paper and note down its name Then End Process
11.Go to Search->Files and Folders->Down u find ( More Advanced options) click on them all exept last one
12.type the name u noted (18332654.exe) and Search
13. You'll Find it then go to it and Delete it
14.open recycle bin and Delete it Off your computer
15.download AVG 30 day trial its so strong then (Scan Whole Computer)
16.Have Fun <3 u all :)
12
Your so called help is much more complicated than other people on this site such as jamie He helped me lots and I I didn't need to use task manager at all
0
Hey SiLeNCeR,
You rock. Nothing else was working for me. But your little trick is finally letting me run few things.
Thanks a ton.
-R
0
I agree it "SEEMS" more confusing but actually makes sence, nice work especially for a 12 year old, 1 thing tho you forgot to tell them to rename tskmgr (iexplore) back to its original name (tskmgr.exe). Keep up the good work you'll surpass us all :)
0

Didn't find the answer you are looking for?

Ask a question
You guys are all missing the point here. Malwarebytes and others are not allowed to be run. Regedit, msconfig, even task manager will not open either. In order to do anything, we need to kill the process and there does not seem to be a way to do it.
4
okay think of it this way the virus blocks process tskmgr.exe (or task manager from running), the above says change the name of tskmgr.exe to another name so the virus doesn't pick up that its actually task manager running. Task Manager open, virus allows it then you end process associated with the virus and viola... There just different variations of doing basically the same thing. Just follow one and good luck :)
0
The folder rename procedure Varjibedian used is a great trick.
I just removed Total Security from a computer and that would have saved me lots of time. Here is what cleaned the computer for me. I think it is a good generic process to have in your toolbox.
1. On a clean computer, Create an anti-malware folder containing the following four programs and copy them to a USB drive.
+Norman_Malware_cleaner.exe (download from CNET)
+mbam-setup.exe (download from CNET)
+Firefox Setup 3.5.3.exe (download current version from mozilla)
+IE8-WindowsXP-x86-ENU.exe (download current version from microsoft)
2. On the infected computer, shut down and connect the USB drive
3. Start the computer in safe mode (tap F8 while starting up)
In my case this resulted in a clean desktop with no sign of the Total Security crap messages.
4. Run Norma_Malware_cleaner from the USB drive.
This was the roguebreaker. Its virus defs are self contained. It doesn't need Internet access. It found and deleted the rogue files. When it ended I was able to do a normal restart to a clean desktop.
5. (Optional, to clear up hijacked browsers) Uninstall IE and Firefox.
In my case both browsers had been hijacked. They changed the address of any anti-malware site I typed in.
6. Run mbam-setup.exe from the USB drive. It will find and delete ALL the malware. Its very impressive. It found what Ad-Aware and Spybot could not find or fix. When it finishes you have a clean machine.
7. Install IE and Firefox from the USB drive.
You are back to normal now. Take a checkpoint.
After this experience, I will carry this USB drive in my toolbag.
4
Thanks vardibejian !! Just followed your instructions.
2
Eric S. Stacy Posts 1 Registration date Monday September 21, 2009 Status Member Last seen September 22, 2009
Sep 22, 2009 at 03:59 PM
lsas.blaster.keylogger is a combination worm,trojan and virus.
This is the way to get rid of the problem completely.
Go to the internet and look for and download a file called
combofix.exe at http://combofix.org/download.php
Keylogger will ussually not block internet. Save the file to your desk top.
Rename the file combofix.com so that it will work at the dos level on your computer.
Reboot your computer. While it is starting hit the f8 key until a number of start
up options apear. You will have no mouse so use your arrow keys and click on Safe Mode.
Your computer will boot to a simple desk top without all the extra programs. Click on
the combofix.com file and follow the instructions. It will clean your system completely
free of the logger virus. Let the program do the work. Don't rush. It will take about
15-20 minutes, but no data will be lost. Just the virus.

Good Luck,

Eric stacy
2
David Smith 70
Aug 17, 2009 at 11:49 AM
It is not that easy, I am working on a friend's computer with the same infection and Task Manager is disabled, Safe Mode leads to a Blue Screen Of Death, Malwarebytes is blocked, all AV I have tried (smitfraudfix, MS Process Explorer, etc) are blocked. New incarnation I think.
1
FIXED!!!

Hi everyone,
I tried all the above instructions above and nothing worked for me. I tried another way and I was able to remove the darn thing.
You need two people in order to do this effectively, and my computer was NOT in safe mode. One person needs to hold down the ctr+alt+shift keys while the other person holds down the del+enter keys. When you hold down the ctr+alt+del keys, task manager comes up for a millisecond and you are not able to select total security and end the task.
What you need to do is be able to hold down and open task manager while at the same time pressing down the shift button in order to select “end task” and also press down the “enter” key in order to select and stop total security.
We did this about 20+ times and finally we were able to end total security.
Hope it helps.
1
i read all of the above comments and none worked. although, I did use some help from varjibedian. I went to the folder c:/documents and settings/all users like he said but couldnt find any folders called "application data" so I went to tools then folder options and allowed myself to see all of the hidden folders. one of which was a random 8 digit number just like Samuelle says. so I went into task manager and saw the exact same number running already so I removed that process then tryed opening some programs to see if it would stop the annoying random pop ups and it had so I deleted the folder.
if it helps, the folder and process name was "17784534".
1
total remover
Aug 23, 2009 at 11:36 PM
I had this same stupid virus.. looks like its even nastier than total antivirus.

i wasn't able to run anything (mbam, super anti-spyware etc) but I was able to run hijackthis v1.99 after I renamed it.

you can download version 1.99 from:

https://www.majorgeeks.com/files/details/hijackthis.html

You can then analyse the results on:

http://www.hijackthis.de/

This will tell you what to remove.

If you are still having troubles after all this or it is all too hard, then the best option is

http://www.fixedlikemagic.com/

definitely the easiest and most convenient form of professional help available.
1
Total security is a fake antivirus application. I have searched in google by typing "Remove fake antivirus" and there is lot of solution there. I also searched "Total Security Removal guide", there is a lot of manual guide.
1
thanks vardibejian - it worked!
1
Renaming the 8-digit number's folder worked when nothing else would. Even after showing hidden folders the Application Data folder was not visible, but I had seen the strange 8 digit process running in the task manager before all hell broke loose and was able to search that name and find the folder and files. The number seems to be randomly generated on each person's computer. Thank-you so much, this advice saved my mom's computer!
1
I just recovered from this virus. I read all you blogs and some more also. This is what worked for me. I have XP sp3 by the way. The virus blocks task manager but for about 10 seconds immediatly after start up you can run it. once you open task manager watch for the virus to run. as soon as it pops up hit end task. You have to be fast because as soon as it appears it blocks the task manager and you will have to try again. I got it on my third try. Here is how I got it step by step.
1- Turn on or reboot the computer.
2- Once it gets to the screen with your desktop Icons etc, I start hitting ctrl alt del every two seconds until the task manager pops up.
3- keep your hand on the mouse ready to catch this F*cker. As soon as it pops up hit "End Task"
4- In my case , it did shut down my Task Manager but 10 seconds later the message "this program is not responding" from windows popped up so I new I had it.
5- Hit "End program".
6- Do a System Restore to an earlier date. (the day before you got the virus).
7- Update your virus software (real Virus software) Norton, Mcafee, etc.

Good Luck, hope this helps.
1
cracksinthewall
Sep 20, 2009 at 02:56 PM
I had this problem and am not at all good with the technical aspects of how a computer/operating system works, but followed above advice and located/renamed the file and restarted. This worked to a certain extent, but after that, EVERYTHING I tried to run was opening with quicktime picture viewer. Therefore, I couldn't run mbam, couldn't restore system from start menu, NOTHING!! If you have this problem, restart-F8-start windows in system restore mode (which will automatically put you in safe mode! Haha, tricky virus! You can be defeated), choose a few days back as also stated above. Find something to do for a couple of hours and let malwarebytes run a complete scan. Worked great, everything is back to normal. Thanks, guys!
1
After reading the posts and seeing that the application was listed as an 8 digit number under processes when using task manager I was able to delete it. If you open task manager right away and delete it as soon as it shows up you should be able to end the process before it locks up your computer then you can take your time to remove the virus properly.
1
Jamie is correct, I couldn't find application data either so I did what he said and it popped up. I found the 8 digit folder renamed it then restarted my computer, it now works perfectly. You can also delete the renamed folder. I decided to delete and system restore and it works perfect. THANKS FOR THE HELP!
0
Hi All,
I am an CompTIA A+ Certified IT Technician.
This is a very common problem on many systems, the task manager disabled is a very common virus/malware trick to stop you killing it. The solution for renaming the file is an interesting one, good call. If you want to 'regain' control of your computer, i.e task manager, the quickest way is to reset the registry key that the virus/malware has changed with a .reg file;

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

If you copy the above few lines into notepad and most virus or malware don't think anything of this so it is usually possible, then save it to desktop with and ext of .reg - in notepad you will have to save it as type 'all files', then type a 'name.reg' in the box. Once you have saved this file click on it, explorer will ask if you want to add it to the registry, click yes at the prompt and this will 'reset' this key and allow you to access task manager and kill the process(es) and then nuke it with a good anti virus/malware killer. As for preventing re-infection, I always have this reg file on my desktop and scattered around a few places in the computer just in case - And a great FREE anti virus/spyware/firewall/system monitoring software is COMODO Internet Security. Google for it, it is superior to many 'bought' solutions and you can't beat the price.
Hope this helps many people,
fearlessfred
0
  • 1
  • 2