I know the title sounds weird but I only added so many of those words to make it easier for people to find this post on the internet.  Total security or protection center is a malware infection that acts just like many other infections such antivirus 2008, antivirus 2009 or personal antivirus.  These are all varitions of the same type of infection that sends you trojans and adds a fake progeam that will claim to get rid of infections on your computer.

You will see a fake windows security center window that pops up and says your computer is infected and needs to be cleaned.  These virisues are smart and can disable other antivirus programs, hijack your web browsers, block any .exe files from running, alter your desktop backround image and even disable your ability to change these things back.

The instructions for removal in this post are for the specific variation that is called total security and pops up two windows.  There will be tray icons for a fake antivirus program called total security and a fake windows security center window called protection center.  These steps may also help to remove other infections as well.

Step 1

Download and install the latest version of Malware Bytes.  Install the program and update it if possible.  The total security virus may not allow you to run the program and may crash it before you can scan.  That is ok, just go to step 2.

Step 2

Reboot the computer into safe mode with networking.  The way you do it is be rebooting and as soon as you pass the initial BIOS screen start pressing the F8 key.  You will get a menu of options.  Select “Safe mode with networking”.  The reason you do “with networking” is because you may be on a domain and not know the local admin password for the PC.  Also you will be able to update the malware bytes program.

Step 3

Launch malware bytes and select the update tab and click on “update”.  Do it over and over until it tells you the program is totally updated.  Now run a “Full scan” of the PC and delete any infections found.  It will ask you to reboot the PC.  Reboot and operate your PC as normal.  After a few minutes if you don’t notice the popups coming anymore you should be ok.

This procedure should be able to remove other infections on your computer but I cannot guarantee that it will work.  I know it worked for the total security version of the virus but may not work for antivirus 2008, 2009, etc.

Remember, always keep your antivirus programs updated and run scans often.

If you haven’t noticed yet there has been this new virus that has been showing up recently on pc’s throughout the world.  It is the latest evil in the unstoppable world of trojans, viruses, spyware, malware, rootkits, phishing, etc. that infect the world daily.

It will send you pop-ups that will tell you that there are viruses on your computer and you should purchase Antivirus 2009 or 2008 to get rid of the infections.  It is a very intelligent trojan that will give you fake Windows Security Windows, fake program ads to buy a program, fake virus scan windows, etc. 

It seems obvious that the idea of the virus is to get you to fill out a form with your credit card infomation.  Once you do it sends the information to someone else for identity theft.

I work in the IT department and troubleshoot pc’s daily and found 3 pc’s already with this virus.

This infection is tricky.  It uses multiple fake windows system files and registry entries to operate.  It can disable some services on your system as well.  It took some time and research but I found a great set of manual instructions that truly will get rid of the virus if done correctly.

Basically you need to get rid of the following 3 registry entries and files.

ieupdates.exe
scui.cpl
winsrc.dll

You must remove the registry entires, then folders and files.  You should also remove any shortcuts in your start menu or desktop that point to the the antivirus 2009 executable.  Remove the antivirus 2009 folder from your programs folder as well.

I found the correct steps from Miguel Campos blog.  I tried them on one users computer weeks ago and the virus has not returned.  Follow the exact steps on his blog and it will