In the last week I’ve come across two instances of a fake antispyware program based on the “System Security 2009″ series that was propagated several months ago. This new version carries the name “Total Security 2009″ and is far more aggressive. What’s more, it has been mutated to change the files it uses to implement its infection.

One of the things that makes this malware so insidious is that it will block any and every program from running, popping up with error boxes claiming every program you try to run is “infected”.

The only way to fix this kind of infection is to scan the infected HDD from another operating system, either by using a bootable antvirus & recovery tool (or BART), plugging the HDD into another computer with the right security software, or by destructive recovery (wipe the drive and re-install).

For those of you who use a drive encryption program like SecureDoc or Norton GoBack, this would be a very bad infection to contract as those types of programs inhibit the ability of any other system to read the data on that drive. Basically the only option you will have is to wipe the drive and reinstall because disinfection will be impossible.

Of the two instances I’ve come across so far, only one was successfully disinfected without destructive recovery. The other returned in full after about 3 days of incubation.

As always be mindful of what websites you visit, and dont click on popups or ads!