Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Total PC Defender 2010 Analysis and Removal

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

Total PC Defender 2010 is a fraudulent program that uses fake system warning messages to convince the users to purchase a subscription. This rogue security software uses a irritating audio alert in addition to other fake system alerts. Once installed on the system Total PC Defender 2010 initiates a system restart and hijacks the desktop with its phony interface and fake system messages that are designed to scare the victims.

The Task Manager is disabled and the message “Task Manager has been disabled by your administrator” is shown when the user tries to run it by pressing ctrl+alt+del keys. Trying to close the rogue software window results in a message “The operation is prohibited. Please check your settings“, the task bar and desktop icons are also hidden, thus making the computer unusable.

In Windows Vista and Windows 7 it disables User Access Control (UAC) by tampering with the following registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\system EnableLUA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center UACDisableNotify

Total pc defender 2010 01 590x469 Total PC Defender 2010 Analysis and Removal

A rogue security software such as Total PC Defender 2010 belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

Typical Total PC Defender 2010 Scare Messages

Security Warning! Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Clici here clean your PC immediately.

Possible loss of data! Too many privacy violation attempts on your computer! The details about your credit card, post address, phone numbers from submitted forms can be lost.

Warning! You computer in danger. Use a safe comupter with Total PC Defender you online guard.

The operation is prohibited. Please check your settings.

Warning! System Under Attack. Threat detected: Worm

The dropper file is named WinProtectionUpdateV_05000.exe (48640 bytes) and it is detected as a suspected generic trojan dropper by only 4/40 (10%) of the antivirus engines available at VirusTotal.

Total PC Defender 2010 Associated Files and Folders

  • C:\Documents and Settings\malwarehelp.org\Start Menu\Total PC Defender\Total PC Defender.lnk
  • C:\Documents and Settings\malwarehelp.org\Application Data\Microsoft\Internet Explorer\Quick Launch\Total PC Defender.lnk
  • C:\Documents and Settings\malwarehelp.org\Desktop\Total PC Defender.lnk
  • C:\Program Files\Total PC Defender\Total PC Defender.exe
  • C:\WINDOWS\Prefetch\TOTAL PC DEFENDER.EXE-205DA846.pf
  • C:\Program Files\Total PC Defender
  • C:\Documents and Settings\malwarehelp.org\Start Menu\Total PC Defender

Some of the file names may be randomly generated.

Total PC Defender 2010 Associated Registry Values and Keys

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\total pc defender
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Total PC Defender 2010 Associated Domains

This scareware was observed accessing the following domains during installation and operation:

  • http://spywaretender .com
  • http://thisprotectpc. com
  • http://antivirusprommx. com
  • http://updateantiviruscenter. com

Note: Visiting the domains mentioned above may harm your computer system.

Total PC Defender 2010 Removal (How to remove Total PC Defender 2010)

The free version of MalwareBytes’s Anti-Malware appear to remove AntiMalware Scareware.

  1. Boot in to Windows Safe Mode with networking.
  2. Use an alternate browser like Firefox or Chrome to download and Install MalwareBytes’s Anti-Malware from the link above.
  3. Also download CCleaner Slim version.
  4. Install Malwarebytes’ Anti-Malware, Open and choose a full-scan. Once the scan is completed, click “Show results“, confirm that all instances of the rogue security software are check-marked and then click “Remove Selected” to delete them. Restart to complete the removal process.
  5. Restart into normal mode.
  6. Turn System Restore off and on
  7. Install, scan and clean the temporary files with CCleaner.

You should now be clean of this rogue.

Total PC Defender 2010 Scareware — Screenshots

Total PC Defender 2010 Scareware — Video

Note: The Total PC Defender 2010 installation and removal was tested on a default installation of Windows XP SP3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

You may also like to read



{ 2 comments… read them below or add one }

Durdy February 24, 2010 at 2:05 AM

What do you do if attempting to boot into safe mode results in a BSOD?

Reply

Shanmuga February 24, 2010 at 8:17 AM

In normal mode itself, download and run HijackThis http://go.trendmicro.com/free-tools/hijackthis/HijackThis.exe – select and fix ONLY the following entry:

C:\Program Files\Total PC Defender\Total PC Defender.exe

Then continue from step IV above.

Reply

Leave a Comment

Previous post:

Next post: