Total Virus Scanner
Total Virus Scanner is a malicious security application that was identified as another rogue Windows product being spread by means of the Internet. Victims may fall into downloading Total Virus Scanner by visiting web sites that will pretend as online virus scanner. These websites were developed to automatically scan visitors computer and provide fake scan results. But there are also sites that were contracted by a Trojan to promote rogue applications and designed to dropped a copy of Total Virus Scanner without visitor’s knowledge. Overall, this harmful application will disguise as a useful product that convince users to buy the registered version via deceptive means.
Once this fake AV have penetrated the computer, a bunch of fake alerts and warning messages can be observed. These warnings are trying to convince users that several Trojans, viruses and malware are present on the system. Once victims falls into this trick, it will begin to convince them to purchase the paid version of Total Virus Scanner, which in fact has no difference with the trial one’s. Annoyances still exists on the system and malfunction remains. The only way to bring back computer to its working state is to remove Total Virus Scanner itself. This approach can be carried out by scanning the computer with a real anti-malware or anti-virus application to remove everything that are related to Total Virus Scanner.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Total Virus Scanner Removal Procedures
Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Total Virus Scanner”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Total Virus Scanner Virus.
4. Registry entries created by Total Virus Scanner must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Total Virus Scanner start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
Total Virus Scanner Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.
Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.
Technical Details and Additional Information:
Malicious Files Added by Total Virus Scanner:
%UserProfile%\Local Settings\Application Data\[random] %UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\[random] %UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe Not
Total Virus Scanner Registry Entries:
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1? %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?
Comments and Suggestions
On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Total Virus Scanner payment refund or lost serial key, kindly check the FAQ for rogue program first.
Disclaimer:
Read our article disclaimer about Total Virus Scanner.