Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Friday, July 22, 2011

How to Remove Total Protect (Uninstall Guide)

Tell your friends:
Total Protect is a fake antivirus program that generate misleading pop-up warnings, reports non-existent security threats on your computer and attempts to trick you in to buying software to remove viruses and other malicious software. This rogue anti-virus product can also slow your computer's performance significantly and block legitimate programs or Windows tools. There are literally hundreds of fake AVs on the Internet meant to scare people into installing additional malware on their computers and giving their credit card numbers to cyber criminals. Total Protect is made to look like Microsoft Security Essentials, but it's not legitimate. If your computer does become infected by this fake anti-virus program, please scan your computer with anti-malware software. To remove Total Protect from the computer, please follow the removal instructions below.

Total Protect - Professional Antivirus Solution typically appears when you visit a fake online virus scanner or infected website. However, scam artists use social engineering to trick users into installing malicious software as well. If you have stumbled onto a fake security scanner or fake pop-up alert saying that your computer is infected – don't click anything and close your web browsers. Unfortunately, cyber criminals also use drive-by downloads and software exploits to install Total Protect malware and other viruses on the computer even without user's knowledge and consent. That's why you should always enable your anti-virus software and keep it up to date and active.

Fake Total Protect security alerts:

The official website of this rogue antivirus software is It's a mixed up website, some parts are clearly taken from legitimate antivirus vendors' websites. For example, they use Bit Defender logo and they also claim that Kaspersky, Panda, Avira and some others are their partners. That's a complete lie.

Important: never enter your credit card or personal information into a program like Total Protect. If you have already bought this rogue anti-virus program, please contact your credit card company and dispute the charges. Then do a full scan with an up-to-date reputable antivirus software. Coming across such fake antivirus software as Total Protect can be scary, but it actually can't delete your files or spy on your computer unless it comes bundled with other malware but it's really uncommon. If your computer is infected with Total Protect, please follow the steps in the removal guide below to remove it from your computer. If you have any questions or need help removing this fraudware, please leave a comment below. Good luck and be safe online!

Total Protect removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here:

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Associated Total Protect files and registry values:


Windows XP
  • C:\Documents and Settings\[UserName]\Application Data\RtlDriver32.exe
Windows Vista/7
  • C:\Users\[UserName]\AppData\Roaming\RtlDriver32.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
Share this information with other people: