Hi, Where do I start! Recently uninstalled my anti-virus software and have since become invaded by something's. I then tried and tried to install some other anti virus, managed to get the free avg version. Performed a scan and was told I had the Win32/Heur virus, 8 times! It said it had put the viruses into the virus vault, I then re-started my laptop only for it to show a box from avg that I still had this threat, so I tried to remove it as prompted and as soon as I try I get the blue screen of death! I'm quite new to all this and am not sure where I am going wrong apart from stupidly uninstalling my anti virus, but I can't access the internet, every time I try I get the BSOD, I need to get rid of what ever is on this thing,

Please help!

Thanks x

How recently did you uninstall AV?

As opposed the virus vault, do you have the option to clean, disinfect, remove, reapir this virus?


Ok, start by going to start, run, type msconfig hit enter
-go to startup tab and look at the programs in the list
--do you recognize each one and what they are, if not you can search Google to find out what they are related to or post them here




I would download and run malwarebytes free version to see if it detects anything and help remove things it does find
Malwarebytes.org (http://www.malwarebytes.org/mbam.php)

Paid version offers:
Activating the full version unlocks realtime protection, scheduled scanning, and scheduled updating

So use it to scan manually and see what comes up

Start with this and post back

how recently did you uninstall AV?

As opposed the the virus vault, do you have the option to clean, disinfect, remove, reapir this virus?


Ok, start by going to start, run, type msconfig hit enter
-go to startup tab and look at the programs in the list
--do you recognize each one and what they are, if not you can search google to find out what they are related to or post them here




I would download and run malwarebytes free version to see if it detects anything and help remove things it does find
Malwarebytes.org (http://www.malwarebytes.org/mbam.php)

Paid version offers:
Activating the full version unlocks realtime protection, scheduled scanning, and scheduled updating

So use it to scan manually and see what comes up

start with this and post back


OK, I uninstalled av on the 15th nov 08. I'm running in safe mode with networking enabled because I cannot run in normal mode without getting the blue screen of death after about 5 minutes. Will not let me access the link Malwarebytes.org (http://www.malwarebytes.org) for some reason.

When I msconfig some of the files are: cmds, cognizance, msserver, indxstoresvr, napster shell, nbkeyscan, sm56helper win32 utility, totalsecure 2009, these are the 1s I'm not sure about.

Can you still help?

Thanks again x

it appears totalsecure is type of malware

Use info on this link first There are 2 things, here to try before manually removeing virus, malwarebytes and smitfraud
How to remove Total Secure 2009 (Uninstall Instructions) (http://www.bleepingcomputer.com/malware-removal/remove-total-secure-2009)


This is info on it, of course they would like you to download their program to remove this, but there is manual instruction here as well which I am also listing here:

Manual Removal of Total Secure 2009:

The guidelines provided below, in case of correct application, may be applied to perform immediate Total Secure 2009 removal. Important info: according to the experts’ observations, in more than 9 cases from 10 after user remove malware from infected computer such a single removal does not provide effects desired, because other malware remain to harm the machine.

Boot into Safe Mode Only


Delete these files one by one

Remove Total Secure 2009 files and dll’s:

Associated Total Secure 2009 Files:

c:\Program Files\TotalSecure2009
c:\Program Files\TotalSecure2009\scan.exe
c:\Program Files\TotalSecure2009\totalsecure.s1
c:\Program Files\TotalSecure2009\totalsecure.s2
c:\Program Files\TotalSecure2009\totalsecure.s3
c:\Program Files\TotalSecure2009\totalsecure.s4
c:\Program Files\TotalSecure2009\totalsecure.s5
c:\Program Files\TotalSecure2009\totalsecure.s6
c:\Program Files\TotalSecure2009\uninstall.exe
%UserProfile%\Desktop\Total Secure 2009.lnk
%UserProfile%\Start Menu\Programs\Total Secure 2009.lnk

Use regedit.exe to remove below items

Unregister Total Secure 2009 registry values:

HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Run\ ”TotalSecure2009″ = “C:\Program Files\TotalSecure2009\scan.exe”
HKEY_CURRENT_USER\Software\TotalSecure2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Total Secure 2009

How to remove Total Secure 2009 (Uninstall Instructions) (http://www.bleepingcomputer.com/malware-removal/remove-total-secure-2009)

Hi, deleted total secure in programme files, when I go to regedit to delete the numbers you gave me, they are different, these are the numbers listed under the users, which 1s do I delete:

.DEFAULT,
S-1-5-18,
S-1-5-19,
S-1-5-20,
S-1-5-21-2440453097-3527174129-752715309-1000

Deleted total secure out of current user.

In local machine didn't uninstall total secure cause it wasn't listed in there, is that right?

Really appreciate your ongoing help with this,

Thanks x

In regedit, click on edit and then click on find

Now in search box, type Total Secure and then click find next
-Delete any key that comes up as found

Now do the same for TotalSecure and TotalSecure2009

ONce you have all the items related to total secure out of registry, you should be OK

Once that is done, click start, run, and type msconfig and make sure nothing there is connceted to total secure and restart PC

Hope that does it

In regedit, click on edit and then click on find

Now in search box, type Total Secure and then click find next
-Delete any key that comes up as found

Now do the same for TotalSecure and TotalSecure2009

ONce you have all the items related to total secure out of registry, you should be ok

Once that is done, click start, run, and type msconfig and make sure nothing there is connceted to total secure and restart PC

Hope that does it


Hi, did what you asked me to do regarding typing in total secure and nothing came up, so I think its all gone. When I then go into system config its still there but when I go to the location of where it says, there's nothing in there apart from 2 other files that I know, is this OK?

Secondly I ran windows one care scanner yesterday as well and it found these :

Win32/zlob.gen
Win32/renos.du
Win32/chepdu.b
Win32delflob.I
Win32/small.zzb

It said it had cleaned and removed them, but I'm not so sure it has, how can I check?

When I reboot my laptop in normal mode, I still get avg saying threat alert and it lists the win32/heur 8 times, when I try to remove them it says forcing removal will cause crash of PC, so I went into the virus vault and deleted the 8 enteries of win32/heur in there, but I don't think its helped, because when I reboot the same thing keeps happening.

And I still get the blue screen of death every time I try and load windows normally, what is doing this?

Help!

So you did use the smitfraud and the malwarebytes apps also?

Here is another link with some more registry items to check for
Total Secure 2009 or TotalSecure2009 :: Total Secure 2009 Removal Instructions (http://www.spywareremove.com/removeTotalSecure2009.html)


Links below also name other files to search for and delete
SmitFraudFix: How to Use SmitFraudFix to Remove Zlob and Other Pests (http://antivirus.about.com/od/freeantivirussoftware/ht/smitfraudfix.htm)

http://webtoolsandtips.com/remove-spyware/how-to-remove-total-secure-2009-uninstall-free/

so you did use the smitfraud and the malwarebytes apps also?

here is another link with some more registry items to check for
Total Secure 2009 or TotalSecure2009 :: Total Secure 2009 Removal Instructions (http://www.spywareremove.com/removeTotalSecure2009.html)


Links below also name other files to search for and delete
SmitFraudFix: How to Use SmitFraudFix to Remove Zlob and Other Pests (http://antivirus.about.com/od/freeantivirussoftware/ht/smitfraudfix.htm)

How to Remove Total Secure 2009, Uninstall TotalSecure2009 free (http://webtoolsandtips.com/remove-spyware/how-to-remove-total-secure-2009-uninstall-free/)


Hi as I said in earlier posts I cannot access these sites it will not let me, some sites I can some I cant. To update total secure has gone from my laptop its just the rest and the blue screen that keeps re starting my laptop.

The 2 links just posted above give other things to search for and delete, both in the registry and through files on the computer

Go through the files and registry entries that is mentioned in the sites above and make sure that all are found and deleted

the 2 links just posted above give other things to search for and delete, both in the registry and through files on the computer

go through the files and registry entries that is mentioned in the sites above and make sure that all are found and deleted

The 2 links you posted to me, smitfraud; I downloaded this and every time I try and run it I get an error message saying "smitfraudfix.exe has stopped working, a problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available" so this doesn't help. Also tried to get onto malwarebytes site and it will not let me access this site just says " internet explorer cannot display the web page".

So I would try these things if I could, but I cant, is there anything else you can suggest?

The last 3 links I posted above have a manual way of doing this by deleting more files from computer and more things to remove from registry - nothing to do with downloading anything

Read the previous post that you quoted my previous statement and the 3 links that come with it


here is another link with some more registry items to check for


Links below also name other files to search for and delete