Saturday, September 13, 2008

Total Secure 2009 and Google search poisoning

Total Secure 2009 is one of the new batch rogue security applications. The installer of Total Secure 2009 generally masquerades itself as a fake codec (Zlob!) and gets registered as a BHO for Internet Explorer. Here's a HijackThis entry for one of such BHO:

O2 - BHO: Apaps - {EC748705-E0FD-4671-9AFF-890579E57450} - C:\WINDOWS\system32\gaspt.dll

This BHO poisons the Google search results, so that first few results are always redirected to Total Secure 2009 download links. Here's an example of search result poisoning by Total Secure 2009 dropper:

You can follow the steps given here to get rid of this malware.


Anonymous Anonymous said...

Its pc was infected with Total Secure 2009 the same day you wrote this post. So, yes. Its a new spyware program, and the first one (i hope)that managed to get me out of my nerves, as it was really annoying. Luckily, after hours of struggle i managed to delete it via smitfraudfix.exe, which worked greatly compared to all the anti-spyware programms that i ve downloaded. Keep the good work, people must know what threats are out there

11:41 PM  

Post a Comment

<< Home