1. /
  2. Security Response/
  3. TotalProtect2009

TotalProtect2009

Updated:
January 5, 2009 12:35:06 PM
Type:
Misleading Application
Name:
Total Protect 2009
Version:
1.02
Publisher:
Total Protect Inc.
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior
The program may be downloaded from the following location:
[http://]www.totalprotect2009.com

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Local Settings\Temp\~DFE340.tmp
  • C:\Documents and Settings\All Users\Desktop\Run Total Protect 2009.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Total Protect 2009\Remove Total Protect 2009.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Total Protect 2009\Run Total Protect 2009.lnk
  • %ProgramFiles%\Total Protect 2009\gfx.bin
  • %ProgramFiles%\Total Protect 2009\lang\english.lng
  • %ProgramFiles%\Total Protect 2009\options.ini
  • %ProgramFiles%\Total Protect 2009\TotalProtect2009.exe
  • %ProgramFiles%\Total Protect 2009\TotalProtect2009.exe.MANIFEST
  • %ProgramFiles%\Total Protect 2009\TotalProtect2009_start_setup.exe
  • %ProgramFiles%\Total Protect 2009\tp_starter.exe
  • %ProgramFiles%\Total Protect 2009\uninstall.exe
  • %ProgramFiles%\Total Protect 2009\uninstall.log
  • %ProgramFiles%\Total Protect 2009\vbase.ini
  • %System%\vbzlib2.dll


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Total Protect 2009" = "C:\Program Files\Total Protect 2009\tp_starter.exe"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\PROTOCOLS\Handler\totalprotect
  • HKEY_CLASSES_ROOT\totalprotect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\totalprotect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Protect 2009
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver