Hello,

I wonder if anyone here can help me.

My home computer has been infected with 'XP Total Security 2011'. McAfee Security Center missed this. Its apparently part of a family of spyware that fakes a virus scanner and asks you to pay to fix the fake problems it identifies. It also blocks internet browsers, and other software.

I looked at numerous websites (in safe mode) for instructions on how to remove this, all of which included manual removal by killing processes, files, and registry entries. Because the processes to be removed have random names, and I wouldn't be able to look processes up to check they were legitimate while I was doing this, I wasn't confident about doing this manually - I also heed the warnings about editing your registry if you're not completely sure what you're doing.

So I was tempted by Spyware Doctor (SD), which all of the sites I saw said would remove this for me automatically. I also thought it would be good to be better defended in the future, as McAfee had missed the infection. I paid £30 and installed it.

But several things make me wonder about SD:
- on installation it said it was incompatible with McAfee, and asked me to remove this program. I went onto 'chat support' and was told that only applied if I was running SD + anti-virus, which isn't what I'd installed. So why check for this on the installation?;
- on running a full SD scan, it didn't find 'XP Total Security 2011', when I clearly have this infection;
- went back to 'chat support' and asked about this. After explaining the issue several times, I was finally sent an e mail with instructions for removal. I asked why this wasn't encompassed in SD yet, and was told the software continues to develop with the threat - fair enough, but I had already noticed they had (different) instructions for removal on their message board, so why not incorporate these into the tool?
- the instructions I was sent involved downloading and running a *.reg file, with terms like 'proxy' in it, and then downloading an executable 'threat removal tool'
- I didn't get as far as running the *.reg, because when I started this, I got a warning message about running the file as it was from an unknown publisher. This made me deeply suspicious. Wouldn't a genuine security software company be careful to ensure all their files had the appropriate digital signature etc? Again I queried with chat support, and they said this was being developed quickly etc. Even if they are legitimate, can I trust an 'on the fly' reg edit to do the right job?

So now I'm stuck with the initial infection, and with a 'tool' which I suspect could be dodgy too, which I've paid for. Have I fallen for a more complex scam than the obvious one?

I'm wondering if anyone has any views on SD and its maker PC Tools, if I can trust them (a) to not be a scam and (b) to be able to remove this threat with their instructions. Also if anyone has used a (clear!) step by step guide for manual removal of this infection successfully, or has a recommendation for a decent piece of software that will do this for me and that I can trust.

I'm posting here because I no longer trust the litany of websites with unclear manual removal instructions & recommendations for SD.

I really appreciate your time in reading this, and hopefully replying.
Thanks, Katie Davis