When I attempt to read Hotmail in IE, I repeatedly get a message saying I have dangerous viruses, the program I am advised to install is Totalsecure2009.exe.
This also appears when going into my photo's and documents and then attempts to load a page via Mozilla.
Suggestions please?
Using Windows XP.

spybot search and destroy
avast / avg anti-virus

Run both of those with updates.

if it doesn't work in normal windows boot in safe mode (keep stabbing at f8 during boot up as its a bit hit and miss when you need to hit f8 :rolleyes:)

AVG and Norton haven't even noticed it's there.

This sounds like a new version of AntiVirus2008/9 that was doing the rounds a couple of months ago, so here's the removal instructions for that, see how much of tallies with this one you've got.
The 'intensity' of the virus varies, these removal instructions cover all the symptoms of it I've seen.

Boot in safe mode to disable the virus.

Typically, the virus has several components:

Most of the file names are abbreviations or randomly generated, so you'll need to work it out, but it's not rocket science. Look for radom strings of letters / numbers / up and lower case, and also TS09 and things like that.

Program Files- There's a Program folder in Program Files for the front end of the virus, and in Add/Remove programs. Delete the folder, and uninstall from Add/Remove to get rid of program files.
Delete all temporary and internet temp files- this is important, the original installer is usually in the temp files, they can be found in C:\docs and settings\username\local settings\temp
If you can't see local settings, switch on Hidden Files from Tools / Folder options. Delete ALL temp files manually so you know they're gone. Some cleaning utilities will miss files that are in use.

DLLs- These create the nag messages from the system tray, the DLLs have randomly generated names, you can find the RUNDLL commands in the registry startup folder (HKLM/software/microsoft/windows/currentversion/run). This will give you the name of the DLL(s), and you can delete them from the System32 folder.
You should also arrange files in System32 by modified date, and check for suspicious files that have changed in the past few days (since the virus first appeared), the contents of System32 should hardly ever change, so they should be easy to spot.

IE Hijack- Reset internet explorer (Internet Options, Advanced Tab) to kill the AV09 add on, and then go to Manage Add Ons. The Add on usually has a randomly generated name, so it's easy to spot. Get the name of it's DLL and delete it from System32.

GUI Hacks- The virus makes some registry hacks that disables the change background tabs and such like, Spybot can detect these hacks and fix them, as well as cleaning up any other misc stuff left behind from steps 1-3.
Note- spybot can't fix it on it's own, you have to cripple the virus with 1-3 first.

Finally, restart in normal mode again. With a bit of luck, things should be fixed, and then run another Spybot and Antivirus scan for good measure.
If you see any DLL errors, check for RUNDLLs in the registry startup folder again, and also try using "regsvr32 /u DLLNAME" from the command to unregister any hooked dlls.

Restart again, and you should find it's all gone.

For good measure, you should also download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.zip) (direct link), and run it from safe mode. There's a trojan that I've seen a few times with this virus that hijacks DNS traffic to spoof Google results and block removal attempts- SDFix can get rid of this one.


All of this might be useless, but the symptoms you're describing sound like a not-too-serious case of the old Antivirus2008/9 issue.
If any of this does actually match up on your machine, I'll be interested to know, so I can deal with it when I see it at work- if it's doing the rounds, I will ;)

I had Succeed, Thanks to Latency

for Additional Info, the add-on name on my PC is OSMA and the dll file is rgf.dll, I had search the web, I found many article about rgf.dll

After delete all file in Temp folder, I did not delete the rgf.dll in save mode but in Normal mode, I used Freeware unlocker.exe (http://ccollomb.free.fr/unlocker/unlocker1.8.7.exe) to unlock and delete it, then I used registry Crawler to find and delete OSMA & rgf.dll in my registry and all virus is gone

Latency u just saved my life TTTTTTTTThhhANKS

lol... sounds like I was totally wrong about it being to do with AV09, but these instructions do give the usual places to look for any virus... so glad they were helpful ;)