Total Vista Security

16 March 2010 Rogue 1 Comment

Total Vista Security is another computer security threat or commonly called as a rogue program. Total Vista Security is being promoted on scam websites as a needed tool to remove virus and other forms of threats on the computer. In the form of Trojan, it will infect a computer and modify Internet browser settings that will point search results to a predefined fake online virus scanner that will perform a virus scan on computer. It will generate fake results and advice users to download Total Vista Security unregistered program. Once inside the computer, it runs the same fake virus scan. By this time, it attempts to convince user to purchase the Total Vista Security registration and activation code. Failing to do so, Total Vista Security will display excessive warning and alert messages forcing users to acquire the licensed version of this rogue program.

Remove Total Vista Security and its virus with a trusted security program. On some computers that were not severely infected, System Restore will do, but we advise to scan thoroughly with an anti-virus program after this procedure. In this method, you can make sure that associated files with Total Vista Security are taken out from the infected computer.

Screen Shot Image:

Total Vista Security Image

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Show More Details

Characteristics (Analysis)
Total Vista Security is a rogue program. Unlike Trojans and viruses, rogues do not reproduce once it enters the system. They usually propagate by means of another Trojan infection, fake security web sites, bogus software updates and cracked programs. When executed, Total Vista Security instantly alters Windows registry to gain a spot on start-up process. Then, the rogue program will disable system tools like task manager, registry editor and folder options to avert own removal.

Added Registry Entries:
HKCU\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKCU\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKCU\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKCU\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKCR\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKCR\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
Associated Files and Folders:
C:\ProgramData\LPyhs9qsBT4
C:\Users\All Users\LPyhs9qsBT4
%UserProfile%\AppData\Local\av.exe
%UserProfile%\AppData\Local\ave.exe
%UserProfile%\AppData\Local\LPyhs9qsBT4
%UserProfile%\AppData\Local\WRblt8464P
%UserProfile%\AppData\Local\Temp\LPyhs9qsBT4
%UserProfile%\AppData\Roaming\Microsoft\Windows\Templates\LPyhs9qsBT4

How to Remove Total Vista Security

1. Stop Total Vista Security process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
av.exe and ave.exe
Highlight and delete the process. Click on End Process.

2. Connect to Internet and update your installed anti-virus program. This is necessary to identify newer variants of this virus.

3. Run a full virus scan and clean/delete all detected infected file(s).

4. Edit Windows registry and delete Total Vista Security entries (Refer to Technical Details). [how to edit registry]

5. When done with removal of registry entry, exit registry editor by closing the program. It automatically saves changes made.

6. Remove Total Vista Security start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Start-up item(s):
[random]tssd.exe

7. Click Apply and restart Windows.

Total Vista Security Removal Tool:
In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate anti-virus and security provider.