I swear by Spybot - Search and Destroy, but it doesn't remove the newest problem that I've found. It's a really extensive bit of malware called "XP Total Security 2011".

I run the administrator account on several public computers, and the guest accounts on two of them have been over run by this fake security system. It mimics Microsoft's Security Center by using the shield logo, and it floods the interface with warnings that are answerable only by registering their program.

At first, I ran Spybot on one of the computers, and it went away ~ Microsoft Security Center lit up green, and I thought it was all over. Then, it came back. It not only evades S&D, but wrecked RegScrubXP altogether. Plus, it calls any site (including Google) a potential threat, triggering it's search system and plaguing me with icon-tray messages, one after another, saying that the system is infected.

I know it's only infected by XP Total Security itself.


---------


Having searched for a method to remove the problem, I found thread after thread about the registry entries you remove, the registry entries that weren't removed, the updates to Total Security that haven't been sited, and the problems people have caused themselves removing some of the entries. In one thread, the poster said he couldn't run EXE files after removing the suggested registry entries.

So my question is this:

Is Spybot S&D going to have a fix for the problem soon?

Hello VeniVidi,


I run the administrator account on several public computers, and the guest accounts on two of them have been over run by this fake security system.
Could you provide more details please and are the machines networked?

Best regards. :)

We have six Dell Optiplex 360 computers running Windows XP Professional, and they are not networked. Although the computers have a common Internet connection, they became infected as a result of users visiting similar sites.

Since my last post, the file Windows root>\\system32\hal.dll became missing or corrupt on one of the infected computers, so Windows will not load. We are probably going to reformat all of them this week.

I updated Spybot S&D, reimmunized, and ran a new check, but it still has not found XP Total Security. Are you anticipating adding it to your list of definitions soon?

Hi VeniVidi,

Hello VeniVidi,

Originally Posted by VeniVidi http://forums.spybot.info/images/buttons/viewpost.gif (http://forums.spybot.info/showthread.php?p=401597#post401597)
I run the administrator account on several public computers, and the guest accounts on two of them have been over run by this fake security system.
Could you provide more details please and are the machines networked?

Best regards. :)


We have six Dell Optiplex 360 computers running Windows XP Professional, and they are not networked. Although the computers have a common Internet connection, they became infected as a result of users visiting similar sites.

Since my last post, the file Windows root>\\system32\hal.dll became missing or corrupt on one of the infected computers, so Windows will not load. We are probably going to reformat all of them this week.

Clarification please as to these being public computers. :)

Corporate-Small Business Editions (http://forums.spybot.info/showthread.php?t=16402)

Best regards.