Home / Spyware Encyclopedia / Fake Anti Spyware.TotalSecure2009
 Fake Anti Spyware.TotalSecure2009 Technical Details
Category Fake Anti Spyware
Discovered 8/20/2005 12:00:00 AM
Modified 9/18/2009 4:51:48 PM
Threat Level Critical
Category Description

These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.
Notice
Summary

The following http urls were started:
•a1.mxlivemedia.com/bc/nsi_install.php?aff_id=default&inst_result=success&id=25f3f9a07...
•favoritetubeonline.com/inst/index.php?affid=169&subid=0&guid=3c8d1ce0-5bb6-4b91-b2db-...
•www.av-xp-2008.com/images/1218518112/2d90cceadcc6e73718880169f6530dd9/169/30106d2a-7d...
The hosts file was updated with the following url-to-ip mappings: NA
The following internet connection was established:
85.92.158.75 : 80
127.0.0.1 : 1516
207.46.225.221 : 80

The following Files were created:

NameVersionPublisherSignature (MD5)File Size (in KB)
..\QIP\IERCPT.DLL1.0.0.1WITABETT ENTERPRISES LTD74c463eae775b2a4ad312c33d82673dd110592
..\system doctor free \systemdoc.exe1.1.180.7SYSTEMDOCTOR, LTD.00bb47fac87974127de24e2bf06dbf243772416
..\system doctor free \insthelp.exe1.0.1.0systemdoctor, inc.db8fbbb4a1b1267d6a89889b3acaa425110592
..\system doctor free \systemdoc.exe1.1.180.3systemdoctor inc.00bb47fac87974127de24e2bf06dbf243792896
..\SISETUP.EXE1.0.0.0SPYWAREISO2008.COM92edb65deceec03a03d6ccdfb26afc6b1838290
..\QIP\IERCPT.DLL1.0.1.0PersonalAntiSpy Inc.74c463eae775b2a4ad312c33d82673dd110592
..\system doctor free \insthelp.exe1.0.1.0INSTHELPdb8fbbb4a1b1267d6a89889b3acaa425110592
..\QIP\IERCPT.DLL1.0.0.1CLEANER2009 INC.74c463eae775b2a4ad312c33d82673dd110592
..\A9INSTALLER_77027901.EXE  087e3ba4fc9bbb7967f78f9bb72370c1 
..\TS2009\SCAN.EXE1.2.0.0  7223808
..\IEEXPLORER32.EXE    
..\SYSGYCNAFEKB.EXE  c10a1158d50591181fe47a2972d2227b54306
..\SYSRAGFCHQSB.EXE  9db748dbeaa2e300d1af66567ee8d56f40994
..\SYSGYCNAFEKB.EXE   54306
..\XXYYOIXV.DLL  ffb9abe7484571d9c836daa659e2bf6b 
..\ULTIMATECLEANER_INSTALLER.EXE  28ffc7b681afb1fbf2dd06fe6f2bcefc147280
..\WMCODEC_UPDATE.EXE  39ab28cd98db92dc1a84306f01492a5c436640
..\SOFTWARESETUP_SB.EXE  fa15339bba136bbd6302acbc09d85737116774
..\TOTALSECURE2009.EXE  c9751a4ceffa4acac7a51cd2b11f1f301538563
..\PWXSETUP.EXE  1a8c1dc02c5e80bda949982981854f55646132
..\TOTALSECURE2009.EXE   1538563
..\SOFTWARESETUP_SB.EXE   116774
..\PWXSETUP.EXE   646132
..\1F357E0DADMINISTRATOR.DAT    
..\MGXFEBSQ.DLL   233472
..\DTSEQRXK.DLL   319488
..\MQGLDFVO.EXE  3d8c30f99663d210048c4be203bf1bf8 

The following Registry Entries were created:

..\System\CurrentControlSet\Services\tcpsr
..\System\CurrentControlSet\Services\cbevtsvc
..\Software\Classes\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91}
..\Software\Classes\Clsid\{18cb1a7b-94cd-4582-8022-ada16851e44b}
..\Software\Classes\Clsid\{037c7b8a-151a-49e6-baed-cc05fcb50328}
..\Software\Classes\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226}
..\Software\Classes\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481}
..\Software\Microsoft\Windows\CurrentVersion\Uninstall\usysd_is1
..\Software\Microsoft\Windows\CurrentVersion\Uninstall\altcompare
..\Software\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008
..\Software\Microsoft\Windows\CurrentVersion\Uninstall\spywareisolator_is1
..\Software\Microsoft\Windows\CurrentVersion\Uninstall\webvideo
..\Software\Classes\Appid\codecbho.dll
..\Software\Microsoft\Windows\CurrentVersion\Run\\"CPL32VER"\"%WIN.SYS32%\CPL32VER.EXE"
..\Software\Microsoft\Windows\CurrentVersion\Run\\"TOTALSECURE2009"\"%PF%\TOTALSECURE2009\SCAN.EXE"
..\Software\TOTALSECURE2009
..\Software\Microsoft\Windows\CurrentVersion\Uninstall\TOTAL SECURE 2009
..\Software\ANTIVIRUSDOC
..\Software\Classes\TOOLIE.BHO
..\Software\Microsoft\Windows NT\CurrentVersion\\"BAR23ID"\"128D11B974F0D736CB664573FB759C77"
..\System\CurrentControlSet\Services\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\AUTHORIZEDAPPLICATIONS\LIST\"%DAS.AU.APP DATA%\MCRUPDATE.EXE"\"%DAS.AU.APP DATA%\MCRUPDATE.EXE:*:ENABLED:@XPSP2RES.DLL,-22019"
..\Software\Microsoft\Windows\CurrentVersion\Run\\"GSCNS384"\"%DAS.AU.APP DATA%\PCPRIV.EXE"

Recommendation to remove Fake Anti Spyware.TotalSecure2009

Spyware Detector can remove Fake Anti Spyware.TotalSecure2009, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.
Download Spyware Detector and Scan for FREE
 
Search Threats
Customer Service Rating by LivePerson