Total Security Trojan

  • Thread starter Thread starter timOleary
  • Start date Start date
timOleary said:
Any info on origins and how to get rid of this beast?
Click to expand...

The Real Truth MS MVP is not listed on the MVP list:




Check out “pcbutts” using your favorite search engine.


On his blog, he uses a picture of a woman, above “About Me”. You can
find the same picture here: http://www.frontpageagency.co.uk/ and
it’s not pcbutts.


Can you really trust someone like this?


May I suggest you not download his software?
 
The said:
Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://www.ms-mvp.org/
Click to expand...

The Real Truth MS MVP is not listed on the MVP list:




Check out “pcbutts” using your favorite search engine.


On his blog, he uses a picture of a woman, above “About Me”. You can
find the same picture here: http://www.frontpageagency.co.uk/ and
it’s not pcbutts.


Can you really trust someone like this?
 
timOleary said:
Any info on origins and how to get rid of this beast?
Click to expand...

Hello Tim:

The Total Security Rogue is an outgrowth of other rogues. It is not a
Trojan. You may remove it with legitimate and reputable free antimalware:

MBAM - <http://www.malwarebytes.org/> (Run in the Normal Mode)
SAS - <http://www.superantispyware.com/> (Run in the Safe Mode)

After running both, or if you have further trouble, please update this
thread with your progress.
 
Hello Tim,

I recommend downloading and installing MalwareBytes' Antimalware (MBAM) and
SUPERAntiSpywaÑe (SAS).

Do a full scan with MalwaÑeBytes' and SUPERAntiSpywaÑe.

<http://www.superantispyware.com/>

Reboot
-=-

<http://www.malwarebytes.org/mbam.php>

Reboot
-=-
The programs are free. (There is a paid version but you don't need to buy it
to remove malware.)
-=-



Good luck



Ǝиçεl
◕‿◕
-=-
 
Hello Tim,

I recommend downloading and installing MalwareBytes' Antimalware (MBAM) and
SUPERAntiSpywaÑe (SAS).

Do a full scan with MalwaÑeBytes' and SUPERAntiSpywaÑe.

<http://www.superantispyware.com/>

Reboot
-=-

<http://www.malwarebytes.org/mbam.php>

Reboot
-=-
The programs are free. (There is a paid version but you don't need to buyit
to remove malware.)
-=-

Good luck

Ǝиçεl
 ◕‿◕
 -=-
Click to expand...

Thankyou all for for replying

this program somehow got into one of the workstations at my place of
business. It placed a message which took over the desktop, produced a
pop up which looked like a process occurring, and lots of balloons
saving security monitor detected this or that. also occassional
bluescreens and shutdowns. I was unable to open task manager, a local
virus scan did not detect it, add-remove programs would not open,
what a mess. never saw anything like it b4. this is a company trying
to sell something?

I googled total security an saw several sites. One site described a
manual cleaning process and listed a number of files and a reg entry
which needed to be removed, along with an app download option; but was
wary of downloading anything unknown
so
I called Norton and complained.
They gave me a case #.
I handed the issue off to the user of the workstation at that point.
The fix involved remote log on by them. But they soon got frustrated
by the frequent interruptions caused by the malware.
the user says they logged onto the system in safe mode, and removed
files, and now it will be necessary to re-register certain apps.
now i got to figure out who is who.
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again
 
Thankyou all for for replying

this program somehow got into one of the workstations at my place of
business. It placed a message which took over the desktop, produced a
pop up which looked like a process occurring, and lots of balloons
saving security monitor detected this or that. also occassional
bluescreens and shutdowns. I was unable to open task manager, a local
virus scan did not detect it, add-remove programs would not open,
what a mess. never saw anything like it b4. this is a company trying
to sell something?

I googled total security an saw several sites. One site described a
manual cleaning process and listed a number of files and a reg entry
which needed to be removed, along with an app download option; but was
wary of downloading anything unknown
so
I called Norton and complained.
They gave me a case #.
I handed the issue off to the user of the workstation at that point.
The fix involved remote log on by them. But they soon got frustrated
by the frequent interruptions caused by the malware.
the user says they logged onto the system in safe mode, and removed
files, and now it will be necessary to re-register certain apps.
now i got to figure out who is who.
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again
Click to expand...

one more thing: real truth MVP emailed me privately with essentially
the same info as in the above posted reply. I replied to it and my
email went undeliverable with an unusual error report message and a
phone number to call. i didn't call it
 
timOleary said:
one more thing: real truth MVP emailed me privately with essentially
the same info as in the above posted reply. I replied to it and my
email went undeliverable with an unusual error report message and a
phone number to call. i didn't call it
Click to expand...

Try a Google search on PCBUTTS1. Make up your own mind about
reputation then.
 
timOleary said:
i want to have a defense for the next attack. I wonder how this thing
got in the
pc
thanks again
Click to expand...

Hello Tim:

In previous posts in this thread, you have hinted that you are running
some Norton product.

Usually we can't help you with specifics unless you give us a *good*
detailed rundown on your system. Please take a sentence or two to
describe in detail the following:

Your system's hardware.

Your operating system's full description.

Your browser(s) details.

Your antimalware application details.

Your security practices on the Internet.


Remember - the devil is in the details.
 
Hello Tim:

In previous posts in this thread, you have hinted that you are running
some Norton product.

Usually we can't help you with specifics unless you give us a *good*
detailed rundown on your system.  Please take a sentence or two to
describe in detail the following:

Your system's hardware.

Your operating system's full description.

Your browser(s) details.

Your antimalware application details.

Your security practices on the Internet.

Remember - the devil is in the details.
Click to expand...

It is a work computer. the sys admin was not reachable and the
workstation was essentially disabled and a critical team memeber. They
asked me to please help

I saw the norton icon and it said antivirus full version 10.0.0....
last virus profile update was the day earlier.
I did not know the license number, and Norton could not figure out who
we were based on the info I had.
the sys admin keeps lots of company details to himself.
he is the owner of the business.

but they (Semantec) were accommodating, even if it took better part of
an hour to finally get a tech.
but i had no choice, other than to start downloading unknowns,
purchasing another unknown product, say I couldn't help, wait until i
had some time to research, or call Semantec.

we have about 8 workstations, only one got hit, but my fear was this
was a harbinger, or the server was next.

i kept saying to Semantec why are we paying for protection if this
malware got in?
I'm pushy, but not unpleasant. it was obvious we were paying
customers.

i'm looking for product to install on all pcs to prevent a recurrance,
or at least a measure which is a reasonable effort towards prevention.
on my home office pc we subscribe to verizon security suite which is
available from our DSL supplier.
never got hit with anything like total security 'yet'
once i get some protection going, it would be interesting to
deliberately inject total security and see if the immunization works.
maybe create a sandbox, which I've never done, but would be worth
learning.
thanks
 
one more thing: real truth MVP emailed me privately with essentially
the same info as in the above posted reply. I replied to it and my
email went undeliverable with an unusual error report message and a
phone number to call. i didn't call it
Click to expand...

Hi Tim , can you post here the email contents ?
 
Hi Tim , can you post here the email contents ?
Click to expand...

Jim: is this what you wanted to see?

BEGIN CONTENT OF MY EMAIL TO REALTRUTH "Use my Remove-it software, it
will remove that malware from your system. Choose yes for all options
when prompted. Download it here http://www.ms-mvp.org/


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not
waste your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos."END
CONTENT OF MY EMAIL"
next
BEGIN CONTENT FO DELIVERY FAILURE REPORT"We're sorry. There's a
problem with the e-mail address(es) you're trying
to send to. Please verify the address(es) and try again. If you
continue
to have problems, please contact Customer Support at (480) 624-2500.

<[email protected]>:
child status 100...The e-mail message could not be delivered because
the user's mailfolder is full.

--- Below this line is a copy of the message."END CONTENT OF DELIVERY
FAILURE REPORT.
==========================
there was a lot of header stuff too.

BTW: I just upgraded my superspyware to professional lifetime, two
licenses, and a CD copy. It was about $10 per license, and another $10
for the CD

When I told my wife about the crisis at work, she told me that she had
an attack on her PC (here at home) that sounded remarkably similar. We
subscribe to Verizon Internet Security Suite, which is offered by our
DSL provider (obviously)
She called them and got them to remote logon and clean out the
malware. So now I'm getting in touch with the reality that virus
protection isn't enough. (DUH!)
 
timOleary said:
It is a work computer. the sys admin was not reachable and the
workstation was essentially disabled and a critical team memeber. They
asked me to please help

I saw the norton icon and it said antivirus full version 10.0.0....
last virus profile update was the day earlier.
I did not know the license number, and Norton could not figure out who
we were based on the info I had.
the sys admin keeps lots of company details to himself.
he is the owner of the business.

but they (Semantec) were accommodating, even if it took better part of
an hour to finally get a tech.
but i had no choice, other than to start downloading unknowns,
purchasing another unknown product, say I couldn't help, wait until i
had some time to research, or call Semantec.

we have about 8 workstations, only one got hit, but my fear was this
was a harbinger, or the server was next.

i kept saying to Semantec why are we paying for protection if this
malware got in?
I'm pushy, but not unpleasant. it was obvious we were paying
customers.

i'm looking for product to install on all pcs to prevent a recurrance,
or at least a measure which is a reasonable effort towards prevention.
on my home office pc we subscribe to verizon security suite which is
available from our DSL supplier.
never got hit with anything like total security 'yet'
once i get some protection going, it would be interesting to
deliberately inject total security and see if the immunization works.
maybe create a sandbox, which I've never done, but would be worth
learning.
thanks
Click to expand...

Without the previously requested information, all I can recommend is
the judicious application of MBAM (In normal mode) & SAS (in Safe Mode).

In the above remark you speak of immunization. Immunization does NOT
take place with either MBAM nor SAS. Deliberate infestation tests are
best left to experts on specially prepared disposable systems.

Sandboxing can be good. But it is only a small partial solution to an
overall huge undertaking. And yes - /antivirus/ protection alone is
only a bare bones beginning.
 
The said:
That email bounced because my mailbox is full. I use that email only for
newsgroups to capture spam messages which I then use to update my hosts
file and Remove-it definitions. If you need to email me then use the
email link at the bottom of my web page http://www.ms-mvp.org or use
this news group. Or wait a few weeks until I clean it out.
Click to expand...
The phone number 480-624-2500 appears to be the technical contact number
for GoDaddy.com. Wonder why that number is in the bounced e-mail, Chris?

Your HOSTS file? The one that blocks the real ms-mvp web page:
127.0.0.1 www.mvps.org
127.0.0.1 mvps.org
 
i kept saying to Semantec why are we paying for protection if this
malware got in?
Click to expand...

No anti-malware product will protect you from all malware, it's just not
possible.

If you were properly protected at the internet and by having limited
user accounts, and other methods - filtered email, filtered http,
blocking of most all ports and only approved sites...
 
My sister is having the same problem. I have her pc here with me. She let it
get so bad this Total Security will not allow me to boot up in safe mode or
safe mode with networking. I cannot access the task manager, run the
antivirus or spyware, and I cannot get to the add/remove programs. Nothing on
the desktop is accessible and will "lock up". Anyone have any suggestions?
Thank you in advance for your help.
 
Scarlet said:
My sister is having the same problem. I have her pc here with me. She let it
get so bad this Total Security will not allow me to boot up in safe mode or
safe mode with networking. I cannot access the task manager, run the
antivirus or spyware, and I cannot get to the add/remove programs. Nothing on
the desktop is accessible and will "lock up". Anyone have any suggestions?
Thank you in advance for your help.
Click to expand...

Hello Scarlet:

If nothing can be executed from a USB port or CD, then the only
possible last hope might be to remove the computer's HDD and operate
on it as a slave drive in another computer where antimalware
applications might help retrieve some documents and/or data.

Some bootable rescue CDs with antimalware might have some usefulness.

However, many will suggest the flatten and rebuild approach.
Hopefully your sister has learned a valuable lesson here.
 
Back
Top