Encyclopedia

TotalSecurity2009

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

TotalSecurity2009 is an adware program that carries out the following actions:

  • When it is run, the following message is displayed:
  • Several fake security warnings like the following are displayed in the system bar:
  • Then, the program starts scanning the system in search for possible malware:


    The results of the scan are always false. Its aim is to alert users and sell their product.
  • Once finished, it displays a message, offering a solution to disinfect the system:

  • Its aim is to persuade users to activate the false antivirus program, after paying a certain sum of money.
  • If users attempt to remove these threats, they are redirected to a website where they can purchase the fake security solution:

  • Then, it displays a message reminding users that they need to register in order to disinfect the computer. If so, they are given a registration key that must be entered through the program:

  • If users are finally registered, malware will not be detected in the next scans and the annoying warning messages will not be displayed. However, it does not actually remove any malware.

Infection strategy 

TotalSecurity2009 creates a file consisting of random numbers in the folder Application Data of the Documents and Settings directory of all the users.

TotalSecurity2009 creates a shortcut in the Desktop:

Additionally, it creates a group of programs called Total Security in the Start menu and an entry in the option Add or Remove Programs:

    

 

TotalSecurity2009 creates the following entries in the Windows Registry:

  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ SystemSecurity2009
    By creating this entry, it adds itself to the option Add or Remove Programs.
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ SystemSecurity2009
    It creates this entry to store data of the program.

Means of transmission 

TotalSecurity2009 can be downloaded from the website belonging to the company that has developed it. The link can be received via spam messages, fraudulent websites, etc.

Additionally, it can also reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program.

Further Details  

TotalSecurity2009 is written in the programming language Visual C++ v6.0. This adware is 1,057,825 bytes in size.

Last updated:  04/11/2009 

Virus News

3/10/09.-More than 10 Million Worldwide Were Actively Exposed to Identity Theft in 2008

3/5/09.-Cyber-crooks manipulate Internet searches to sell fake antivirus products

3/2/09.-VideoPlay adware infections grew 400% in February through malicious use of Web 2.0 pages

[+ Noticias]