• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4179
  • Last Modified:

Total XP Security infection - "VMA.exe" - seems invincible

Hey all,

One of my machines has become infected with "Total XP Security" - the exe that runs is "vma.exe" and it's proving to be just about invincible.  Before I reformat the machine, I'd like to see if anyone can help me remove it instead.

I've run rkill and tdsskiller to try and break the process, I've run malware bytes (well, tried to), but the installer for it will not run because every time I try to run it, vma.exe pops up and kills the installer.  This happens both in safe mode and normal mode.  I've looked through hijackthis and autoruns but nothing appeared to be out of line.  The pop ups are driving me mad!  Anyone run into this little sucker before?
1 Solution
i ran into that sucker before. luckily i had another uninfected machine. installed anti virus on usb, and ran it. i think it was either avg or comodo. (just recently switched to comodo) if that doesnt work try repairing windows via windows installation cd/dvd
Preston55Author Commented:
This thing is a bastard, isn't it!

I am not onsite, so I cannot use a USB drive ATM.  Other ideas?
are you able to end it with task manager or is task manager getting locked down.  If so simply log off and as soon as you attempt to log in just mash ctrl, alt, and delete to get task manager to start before the virus does.

Also you stated its total xp security, double check to make sure vma.exe is tied to it.  Removing viruses is usually pretty easy but finding the actual file name is difficult.

I just end the process, use msconfig command to open startup menu, find the name of the culprit, open up the registry, do a search for that filename specifically and remove all keys that popup with its name.
Then do a search on the primary drive for files/folders (be sure to show hidden and windows files), when that is done download and install malwarebytes, also download cleanup which is a great program for cleaning up temp files where viruses/spyware like to sit.  Cleanup and be found here:

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

download trojanremover from http://www.simplysup.com/
you might want to download it on your pc and then send it over through a file share or whatever the remote access app youre using if your internet browsing is screwed up.
perform an update and let it scan.
do a few runs.
then use spybot with the latest definitions do remove additional junk.
I have run into this as well and it is less time consuming and less trouble to do a reload.  Hitman Pro and Malwarebytes both didn't get rid of it on my computer.
The first thing that I would suggest would be running msconfig and trying to stop any autostarting services or process created by the virus from there. Next if you know where the file for the main virus is you can use unlocker portable which i attached in a self extracting archive to get rid of it. Simply drag the file you want to delete on to unlocker.exe and if no locking handles are found selecting delete and then ok, or if there are locking handles selecting delete in the bottom left hand corner and then hitting unlock all. Try all of this in safe mode if you can then I have also attached a portable version of malwarebytes which you can download and run to extract the self-extracting archive. If you can do a full scan. After it is finished and you restart I would suggest still downloading the Malwarebytes installer and doing another full scan using that copy along with anyother anti-virus software you want to use.
I personally recommend Microsoft Security Essentials (MSE) at
These have free rescue boot discs as well:
Okay, here is the easiest way to remove XP total security: boot your computer into "safe mode with networking" install malwarebytes, you can download this from malwarebytes.org and load it on a thumb drive. install it and update it to teh newest version and get teh newest definitions. then run it, it should pick up the virus and completely remove it. If this doesn't work go to this link it has manual removal instructions and Malwarebytes instructions.

Preston55Author Commented:
You, my friend, are AWESOME.  Thank you so much for pointing that nifty little tool out to me, it worked like magic!  I'll be adding that one to my list of administrator utilities!
:) glad it worked out.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now